[ansible-project] script module show job successed but the job is failed or not work

2016-12-12 Thread Ray Tan 
Hi Everybody,

I want to startup tomcat by script module . The running output show the 
script is successful at target machine but actually tomcat do not startup. 
I try same script by command module. I meet same issue. If I directly run 
the script at target machine, the tomcat can startup. 
My ansible is 2.1.1.0, I want to know whether or not this is a bug?

Please see below for detail test steps. Thanks.


   1. Create a shell script for startuping tomat at ansible machine. File 
   name is mytest.script

#! /usr/bin/bash
sh /opt/apache-tomcat-9.0.0.M11/bin/startup.sh


   1. Use script module to run the script. The output show "Tomcat 
   started", but the tomcat do not start actually.

[root@localhost ~]# ansible 192.168.1.162 -m script -a "/root/mytest.script" -k
SSH password: 
192.168.1.162 | SUCCESS => {
"changed": true, 
"rc": 0, 
"stderr": "", 
"stdout": "Using CATALINA_BASE:   /opt/apache-tomcat-9.0.0.M11\r\nUsing 
CATALINA_HOME:   /opt/apache-tomcat-9.0.0.M11\r\nUsing CATALINA_TMPDIR: 
/opt/apache-tomcat-9.0.0.M11/temp\r\nUsing JRE_HOME:/usr\r\nUsing 
CLASSPATH:   
/opt/apache-tomcat-9.0.0.M11/bin/bootstrap.jar:/opt/apache-tomcat-9.0.0.M11/bin/tomcat-juli.jar\r\nTomcat
 started.\r\n", 
"stdout_lines": [
"Using CATALINA_BASE:   /opt/apache-tomcat-9.0.0.M11", 
"Using CATALINA_HOME:   /opt/apache-tomcat-9.0.0.M11", 
"Using CATALINA_TMPDIR: /opt/apache-tomcat-9.0.0.M11/temp", 
"Using JRE_HOME:/usr", 
"Using CLASSPATH:   
/opt/apache-tomcat-9.0.0.M11/bin/bootstrap.jar:/opt/apache-tomcat-9.0.0.M11/bin/tomcat-juli.jar",
 
"Tomcat started."
]
}

In target machine, check the tomcat processer. not found.

[root@client ~]# ps aux | grep tomcat
root  5924  0.0  0.0 112648   976 pts/0R+   11:27   0:00 grep 
--color=auto tomcat


   1. scp the script to the 192.168.1.162. Run it by command module and 
   have same issue.

[root@localhost ~]# ansible 192.168.1.162 -m command -a "/usr/bin/bash 
/root/mytest.script" -k
SSH password: 
192.168.1.162 | SUCCESS | rc=0 >>
Tomcat started.

[root@client bin]# ps aux |grep tomcat
root  5980  0.0  0.0 112648   976 pts/1R+   11:35   0:00 grep 
--color=auto tomcat


   1. Direclty run the mytest.script. Tomcat is startup.

[root@client ~]# /usr/bin/bash /root/mytest.script 
Using CATALINA_BASE:   /opt/apache-tomcat-9.0.0.M11
Using CATALINA_HOME:   /opt/apache-tomcat-9.0.0.M11
Using CATALINA_TMPDIR: /opt/apache-tomcat-9.0.0.M11/temp
Using JRE_HOME:/usr
Using CLASSPATH:   
/opt/apache-tomcat-9.0.0.M11/bin/bootstrap.jar:/opt/apache-tomcat-9.0.0.M11/bin/tomcat-juli.jar
Tomcat started.

[root@client ~]# ps aux |grep tomcat
root  5998  7.7  5.9 3154888 112408 pts/1  Sl   11:37   0:02 /usr/bin/java 
-Djava.util.logging.config.file=/opt/apache-tomcat-9.0.0.M11/conf/logging.properties
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djdk.tls.ephemeralDHKeySize=2048 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Xms1024m 
-Xmx1024m -XX:+UseG1GC -Datlassian.plugins.enable.wait=300 
-Djava.awt.headless=true -Xloggc:/logs/gc-2016-12-05_11-37-34.log 
-XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M 
-XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution 
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port= 
-Djava.rmi.server.hostname=192.168.1.162 
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.ssl=false 
-Djava.class.path=/usr/share/collectd/java/collectd-api.jar:/usr/share/collectd/java/generic-jmx.jar
 -classpath 
/opt/apache-tomcat-9.0.0.M11/bin/bootstrap.jar:/opt/apache-tomcat-9.0.0.M11/bin/tomcat-juli.jar
 -Dcatalina.base=/opt/apache-tomcat-9.0.0.M11 
-Dcatalina.home=/opt/apache-tomcat-9.0.0.M11 
-Djava.io.tmpdir=/opt/apache-tomcat-9.0.0.M11/temp 
org.apache.catalina.startup.Bootstrap start
root  6032  0.0  0.0 112648   976 pts/1R+   11:38   0:00 grep 
--color=auto tomcat


Thanks
Ray

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fc85aace-26bc-4331-a0b6-f9150b2a91ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Modify ansible default system facts

2016-12-12 Thread Kai Stian Olstad 

On 08.12.2016 04:06, colynn@chinanetcloud.com wrote:

As titile,
Could we redefined ansible default system facts.

eg:  default "ansible_env.PWD" is "/root"
But I want to change it to specific directory. shall I do ?


Why would you do that?
Why not create your own facts/variables instead?

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fb8270e4fe26baa7ffc0abf8c157bfc6%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Tasks are not executed in the order defined in With_dict

2016-12-12 Thread 'Felix Fontein' via Ansible Project 
Hi,

you can have a list of dicts:

patches:
- name: patch1
  patch_name:
  patch_md5:
  engine:
  Services:
- name: patch2
  patch_name:
  patch_md5:
  engine:
  Services:

Then instead of item.key and item.value.xxx, use item.name and item.xxx
when using "with_items: {{patches}}".

Cheers,
Felix



On Mon, 12 Dec 2016 22:27:54 -0800 (PST)
Deepa Yr  wrote:

> Thanks. I have many more fields defined for patch other than
> patch_name. In that case, it would be difficult to use with_items
> right.. or Is there a solution with list and with_items ?
> patches:
> patch1:
> patch_name:
> patch_md5:
> engine:
> Services:
>patch2:
> patch_name:
> patch_md5:
> engine:
> services:
>patch3:
> patch_name:
> patch_md5:
> engine:
> services:
> 
> 
> 
> On Tuesday, December 13, 2016 at 12:28:51 AM UTC+5:30, Anand Buddhdev
> wrote:
> >
> > Hello Deepa,
> >
> > Dictionaries are *not* ordered collections. You should never rely
> > on items in a dictionary to be returned in order. You'd be better
> > off using a list.
> >
> > patches:
> > - patchdata1
> > - patchdata2
> >
> > A list preserves order.
> >
> > On Monday, 12 December 2016 15:37:22 UTC+1, Deepa Yr wrote:  
> >>
> >> Hi
> >>
> >>   I have a dict where I need to install patches in the
> >> order
> >>
> >> patches:
> >> patch1:
> >> patch_name:
> >>patch2:
> >> patch_name:
> >>patch3:
> >> patch_name:
> >>   and so on
> >>patch8:
> >> patch_name:
> >>
> >>
> >> - name: install patches
> >>   include: install_patch.yml
> >>   with_dict: {{patches}}
> >>
> >> When I run above playbook, the order is not as I have defined. It
> >> is taking patch8,patch1,patch2.. patch7.
> >>
> >> Can you please suggest how I can run in the order.
> >>
> >> Thanks
> >> Deepa
> >>  
> >  
> 


-- 
Felix Fontein -- fe...@fontein.de -- https://felix.fontein.de/

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20161213073655.35e70415%40fontein.de.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Tasks are not executed in the order defined in With_dict

2016-12-12 Thread Kai Stian Olstad 

On 13.12.2016 07:27, Deepa Yr wrote:
Thanks. I have many more fields defined for patch other than 
patch_name. In
that case, it would be difficult to use with_items right.. or Is there 
a

solution with list and with_items ?
patches:
patch1:
patch_name:
patch_md5:
engine:
Services:
   patch2:
patch_name:
patch_md5:
engine:
services:
   patch3:
patch_name:
patch_md5:
engine:
services:


patches:
  - patch_name:
patch_md5:
engine:
Services:
  - patch_name:
patch_md5:
engine:
services:
  - patch_name:
patch_md5:
engine:
services:

- debug: msg="Name {{ item.patch_name}}, MD5 {{ item.patch_md5 }}"
  with_items: "{{ patches }}"

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/edaa1eaef7ae6b016283006810ec80dd%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Tasks are not executed in the order defined in With_dict

2016-12-12 Thread Deepa Yr 
Thanks. I have many more fields defined for patch other than patch_name. In 
that case, it would be difficult to use with_items right.. or Is there a 
solution with list and with_items ?
patches:
patch1:
patch_name:
patch_md5:
engine:
Services:
   patch2:
patch_name:
patch_md5:
engine:
services:
   patch3:
patch_name:
patch_md5:
engine:
services:



On Tuesday, December 13, 2016 at 12:28:51 AM UTC+5:30, Anand Buddhdev wrote:
>
> Hello Deepa,
>
> Dictionaries are *not* ordered collections. You should never rely on items 
> in a dictionary to be returned in order. You'd be better off using a list.
>
> patches:
> - patchdata1
> - patchdata2
>
> A list preserves order.
>
> On Monday, 12 December 2016 15:37:22 UTC+1, Deepa Yr wrote:
>>
>> Hi
>>
>>   I have a dict where I need to install patches in the order
>>
>> patches:
>> patch1:
>> patch_name:
>>patch2:
>> patch_name:
>>patch3:
>> patch_name:
>>   and so on
>>patch8:
>> patch_name:
>>
>>
>> - name: install patches
>>   include: install_patch.yml
>>   with_dict: {{patches}}
>>
>> When I run above playbook, the order is not as I have defined. It is 
>> taking patch8,patch1,patch2.. patch7.
>>
>> Can you please suggest how I can run in the order.
>>
>> Thanks
>> Deepa
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6f426023-e58f-4c30-8af6-2d2fe6430286%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] IAM Roles with Ansible

2016-12-12 Thread Vincent Van der Kussen 
Hi,

I believe it is 'tasks:'

Vincent

On 12 Dec 2016 11:45 p.m., "Dan"  wrote:

> # Example of role with custom trust policy for Lambda service
> ---
> task:
> - name: Assign a policy called Admin to the administrators group
>   iam_policy:
> region: us-east-1
> profile: dev
> iam_type: role
> iam_name: test
> policy_name: Admin
> state: present
> policy_document: hhc-dev-ops-LV2.json
>
> Everytime I run this as
>
> `ansible-playbook -i /etc/ansible/local Dev-Test-IAM-pwr.yaml`
>
> It fails and barks at
>
> The offending line appears to be:
>
> ---
> task:
> ^ here
>
> Is it tasks or task?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/4437ca4b-fefc-4022-9717-b78f217bba5c%40googlegroups.
> com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAO3_%2BAHDy%3DBLqS03w6d5-VZ6xWXM3izJZMjrbt%2Bpe9_K%3Du%2BFiA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Conditional skipped?

2016-12-12 Thread Kai Stian Olstad 

On 12.12.2016 20:50, John Oliver wrote:

My little playbook:

- hosts: all
  become: true
  become_user: root
  become_method: sudo

  tasks:

  - name: Update McAfee virus definitions
shell: /opt/McAfee/LinuxShield/bin/nails task --run 1
register: result

  - name: Update McAfee virus definitions 2
shell: /opt/NAI/LinuxShield/bin/nails task --run 1
when: result|failed


I did this because one of my hosts doesn't have nails installed where 
the
rest do.  Why?  Dunno.  But when I run this, all of the hosts that have 
the

first command run successfully are skipped, as I expected, but the one
isn't mentioned at all, other than the failure in the first case.  That 
one

host was completely skipped for the second command.  Any ideas why?


When the a task fails for a host, Ansible will stop the play for that 
host and no subsequent task will be executed if ignore_errors is not set 
to true.


--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3ad0c5711263b0f1383bf9a672d20bdf%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Tower 3.0.2 and Boto

2016-12-12 Thread Girish Khadke 
Hi,

 I am running following stack for ansible :

Ansible Tower 3.0.2
Ansible 2.1.1.0 (that comes default on Tower 3.0.2)

Below is the output of pip freeze on Ansible Tower CentOS 6.8 machine which 
shows any python packages that are there on my Ansible Tower image : 

ansible==2.1.1.0
anyjson==0.3.3
apache-libcloud==0.20.1
appdirs==1.4.0
argparse==1.4.0
awacs==0.6.0
azure==2.0.0rc2
azure-common==1.1.2
azure-graphrbac==0.30.0rc2
azure-mgmt==0.30.0rc2
azure-mgmt-authorization==0.30.0rc2
azure-mgmt-cdn==0.30.0rc2
azure-mgmt-compute==0.30.0rc2
azure-mgmt-logic==0.30.0rc2
azure-mgmt-network==0.30.0rc2
azure-mgmt-notificationhubs==0.30.0rc2
azure-mgmt-nspkg==1.0.0
azure-mgmt-redis==0.30.0rc2
azure-mgmt-resource==0.30.0rc2
azure-mgmt-scheduler==0.30.0rc2
azure-mgmt-storage==0.30.0rc2
azure-mgmt-web==0.30.0rc2
azure-nspkg==1.0.0
azure-servicebus==0.20.1
azure-servicemanagement-legacy==0.20.2
azure-storage==0.30.0
Babel==2.2.0
backports.ssl-match-hostname==3.5.0.1
begins==0.9
boto==2.43.0
certifi==2016.8.31
cffi==1.7.0
chardet==2.3.0
cliff==1.15.0
cmd2==0.6.8
cryptography==1.3.2
debtcollector==1.2.0
decorator==4.0.6
dogpile.cache==0.5.7
dogpile.core==0.4.1
enum34==1.1.6
ethtool==0.6
funcsigs==0.4
functools-total-ordering-monkeypatch==1.0
futures==3.0.4
httplib2==0.9.2
idna==2.0
importlib==1.0.3
iniparse==0.3.1
ip-associations-python-novaclient-ext==0.1
ipaddress==1.0.16
iso8601==0.1.11
isodate==0.5.1
Jinja2==2.8
jsonpatch==1.12
jsonpointer==1.10
jsonschema==2.5.1
keyring==4.1
keystoneauth1==2.12.1
lxml==3.4.4
M2Crypto==0.20.2
MarkupSafe==0.23
meld3==0.6.7
mercurial==1.4
mock==1.0.1
monotonic==0.6
msgpack-python==0.4.7
msrest==0.2.0
msrestazure==0.2.1
munch==2.0.4
netaddr==0.7.18
netifaces==0.10.4
oauthlib==1.1.2
ordereddict==1.2
os-client-config==1.14.0
os-diskconfig-python-novaclient-ext==0.1.3
os-networksv2-python-novaclient-ext==0.25
os-virtual-interfacesv2-python-novaclient-ext==0.19
oslo.config==3.3.0
oslo.i18n==3.2.0
oslo.serialization==2.2.0
oslo.utils==3.4.0
paramiko==1.7.5
pbr==1.8.1
pciutils==1.7.3
policycoreutils-default-encoding==0.1
positional==1.1.1
prettytable==0.7.2
psphere==0.5.2
psutil==3.1.1
psycopg2==2.6.2
pyasn1==0.1.9
pycparser==2.14
pycrypto==2.6.1
pycurl==7.19.0
pygpgme==0.1
pykerberos==1.1.13
pyOpenSSL==0.15.1
pyparsing==2.0.7
pyrax==1.9.7
python-cinderclient==1.5.0
python-dateutil==2.4.0
python-dmidecode==3.10.13
python-glanceclient==1.1.0
python-heatclient==0.8.1
python-ironicclient==1.0.0
python-keyczar==0.71rc0
python-keystoneclient==2.1.1
python-neutronclient==4.0.0
python-novaclient==3.2.0
python-ntlm3==1.0.2
python-openstackclient==2.0.0
python-swiftclient==2.7.0
python-troveclient==1.4.0
pytz==2015.7
pywinrm==0.2.0
PyYAML==3.11
pyzmq==14.5.0
rackspace-auth-openstack==1.3
rackspace-novaclient==1.5
rax-default-network-flags-python-novaclient-ext==0.3.2
rax-scheduled-images-python-novaclient-ext==0.3.1
repoze.lru==0.6
requests==2.5.1
requests-kerberos==0.10.0
requests-ntlm==0.3.0
requests-oauthlib==0.6.2
requestsexceptions==1.1.1
rhnlib==2.5.55
setools==1.0
shade==1.4.0
simplejson==3.8.1
six==1.9.0
stevedore==1.10.0
suds==0.4
supervisor==3.0
total-ordering==0.1.0
troposphere==1.9.0
unicodecsv==0.14.1
urlgrabber==3.9.1
virtualenv==1.10.1
warlock==1.2.0
wrapt==1.10.6
xmltodict==0.9.2
yum-metadata-parser==1.1.2


Problem :

I have some ansible playbook that depend on ansible module 
"cloudformation_stack_facts" which is not a standard core module from 
Ansible 2.1.1.0 that comes with Ansible Tower.
Now since I wanted to use unreleased module, I followed steps from 
: 
https://support.ansible.com/hc/en-us/articles/204229188-Use-an-unreleased-module-from-Ansible-source-with-Tower
 
to use that with my ansible tower project.
However when I run my ansible playbook using Tower, I run into error with 
Boto during Job run:

TASK [aws_groups : get vpc stack outputs] 
** task path: 
/var/lib/awx/projects/_1399__hydra_playbooks/hydra_deploy/ansible/roles/aws_groups/tasks/vpc_output.yml:2
 <127.0.0.1> 
ESTABLISH LOCAL CONNECTION FOR USER: awx <127.0.0.1> EXEC /bin/sh -c '( 
umask 77 && mkdir -p "` echo 
$HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062 `" && echo 
ansible-tmp-1481245531.53-96929779053062="` echo 
$HOME/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062 `" ) && sleep 0' 
<127.0.0.1> 
PUT /tmp/tmpaBil6N TO 
/var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts
 <127.0.0.1> 
EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 
LC_MESSAGES=en_US.UTF-8 /usr/bin/python2.6 
/var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/cloudformation_stack_facts;
 
rm -rf 
"/var/lib/awx/.ansible/tmp/ansible-tmp-1481245531.53-96929779053062/" > 
/dev/null 2>&1 && sleep 0' An exception occurred during task execution. The 
full traceback is: Traceback (most recent call last): File 
"/tmp/ansible_QEgMLD/ansible_module_cloudformation_stack_facts.py", line 
96, in  main() File 
"/tmp/ansible_QEgML

Re: [ansible-project] trouble using sros modules to log in with a specific user

2016-12-12 Thread Peter Sprygada 
Hi Nick,

Not sure if you figure this out yet or not but you need to add connection:
local to your playbook. Your updated playbook should look like this:

https://gist.github.com/privateip/2482751b36b30eb60151e94e16c905ea

Peter

On Tue, Nov 29, 2016 at 7:47 PM, Nick Keeling  wrote:

> First of all, I am still learning Ansible, so there is a very real
> possibility this is user error, but here is my issue:
>
> When I try to log in using the sros module, regardless of the username I
> am using in the yml file, it is using my username from the ansible host
> machine
>
> Here is the yml:
>
> ---
> - name: Test SROS in lab
>   hosts: lab-12e
>   vars:
> cli:
>   host: "{{ inventory_hostname }}"
>   username: ansible
>   ssh_keyfile: /home/nkeeling/ansible/rsa-keys/ansible_rsa.pub
>   transport: cli
>   tasks:
> - name: run show version on remote devices
>   sros_command:
> commands: show version
> provider: "{{ cli }}"
>
> This was taken directly from the examples for the module. When I run the
> module, I get a failure:
>
> nkeeling@eng-tools:~/ansible$ ansible-playbook sros_test.yml
>
>
> PLAY [Test SROS in lab] **
> **
>
>
> TASK [setup] 
> ***
> fatal: [192.168.253.137]: UNREACHABLE! => {"changed": false, "msg": "Failed
> to connect to the host via ssh: TiMOS-C-13.0.R4 cpm/hops64 ALCATEL SR 7750
> Copyright (c) 2000-2015 Alcatel-Lucent.\r\nAll rights reserved. All use
> subject to applicable license agreements.\r\nBuilt on Wed Jul 29 16:27:26
> PDT 2015 by builder in /rel13.0/b1/R4/panos/main\r\nThis computer system
> is the property of x Networks. It is for authorized use only. Users
> (authorized or unauthorized) have no explicit or implicit expectation of
> privacy. Unauthorized or improper use of this system may result in
> administrative disciplinary action and civil and criminal penalties. 
> \r\nPermission
> denied (publickey,password).\r\n", "unreachable": true}
> to retry, use: --limit @/home/nkeeling/ansible/sros_test.retry
>
>
> PLAY RECAP 
> *
> 192.168.253.137: ok=0changed=0unreachable=1failed=
> 0
>
> When I look at the security log on my SR-OS device, I see:
>
> 64 2001/02/23 22:41:40.17 PST MINOR: SECURITY #2011 Base nkeeling
> "User nkeeling from 172.17.25.236 failed authentication"
>
> I have tried setting the username in multiple places in the yml file, with
> no change in the result. If anyone is able to steer me in the right
> direction, it would be VERY much appreciated!
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/7a2fb8ea-c77c-4b8d-a2aa-7caed9ced2ae%40googlegroups.
> com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEkdrMjN9f62WodRzonWadssn9m6Ynd8uvY9oL%3D%2BvM9N2_5gSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Variable not defined error

2016-12-12 Thread Elliott Barrere 
Hi there —

I have a variable called pbis_require_membership_of defined in 
group_vars/all.yaml, and it is overridden for a particular host under 
role/vars/hostname, however neither of the values are being used at runtime 
and the module errors with pbis_require_membership_of' is undefined

(ansible)[ansible@ansible-server code]$ grep -R pbis_require_membership_of 
group_vars/

group_vars/all/all.yaml:pbis_require_membership_of: '"DOMAIN\\teaminfra" 
"DOMAIN\\LinuxAdmins"'

(ansible)[ansible@ansible-server code]$ grep -R pbis_require_membership_of 
roles/linux-pbis/vars/hostname

pbis_require_membership_of: '"DOMAIN\\teaminfra" "DOMAIN\\LinuxAdmins" 
"DOMAIN\\StorageAdmins"'


However, the following occurs when I try to reference it at runtime:

TASK [linux-pbis : debug pbis_require_membership_of] 
**

task path: roles/linux-pbis/tasks/main.yaml:62

ok: [hostname] => {

"pbis_require_membership_of": "VARIABLE IS NOT DEFINED!"

}
...

TASK [linux-pbis : copy temp config file] 
**

task path: roles/linux-pbis/tasks/reconfig_pbis.yaml:1

fatal: [hostname]: FAILED! => {"failed": true, "msg": "The conditional 
check 'require_membership_of.stdout != pbis_require_membership_of' failed. 
The error was: error while evaluating conditional 
(require_membership_of.stdout != pbis_require_membership_of): 
'pbis_require_membership_of' is undefined\n\nThe error appears to have been 
in 'roles/linux-pbis/tasks/reconfig_pbis.yaml': line 1, column 3, but 
may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe 
offending line appears to be:\n\n\n- name: copy temp config file\n  ^ 
here\n"}

to retry, use: --limit @playbooks/linux/linux_pbis.retry



I've recently updated from Ansible 2.1 to the latest (using git pull), which 
may or may not have been when this issue started.

Any thoughts on why this variable is not getting set correctly?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1392fcd1-0623-4195-9407-1ed3a818ddf0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] IAM Roles with Ansible

2016-12-12 Thread Dan 
# Example of role with custom trust policy for Lambda service
---
task:
- name: Assign a policy called Admin to the administrators group
  iam_policy:
region: us-east-1
profile: dev
iam_type: role
iam_name: test
policy_name: Admin
state: present
policy_document: hhc-dev-ops-LV2.json

Everytime I run this as 

`ansible-playbook -i /etc/ansible/local Dev-Test-IAM-pwr.yaml`

It fails and barks at 

The offending line appears to be:

---
task:
^ here

Is it tasks or task?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4437ca4b-fefc-4022-9717-b78f217bba5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Getting lost in nesting

2016-12-12 Thread John Oliver 
N/M, after re-reading sections on syntax and playbooks, I got it all ironed 
out :-)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/89bf329d-90d1-47a4-9e24-8dfbfabb8558%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Getting lost in nesting

2016-12-12 Thread John Oliver 
I have a master playlist, global.yml, in which I specified hosts, become, 
and includes for different OSes  That worked fine until I went to add 
handlers.  In my included playbooks, I did something like:

- handlers

  - name: handler 1
etc etc

- tasks:

  - name: Task 1
etc etc

At that point, I'm getting complaints about "ERROR! the field 'hosts' is 
required but was not set"  Moving hosts statements to the included 
playbooks hasn't helped.  I'm certain I've gotten lost in dashes and no 
dashes and indentation.  Or am i just going about this the wrong way?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/692e157e-43d5-4008-9413-e23d1e5b5cc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Conditional when any of several tasks has been done

2016-12-12 Thread John Oliver 
Darn it, I forgot all about handlers!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d7bd863-cdde-492f-bec0-264704b5bea7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Conditional when any of several tasks has been done

2016-12-12 Thread Kai Stian Olstad 

On 12. des. 2016 20:06, John Oliver wrote:

Let's say I have a playbook that looks for and changes lines in sshd_config
if necessary.  Then I want the sshd service to be restarted only if at
least one of those actions has taken place.  Is there a way to evaluate for
that without registering a variable for the completion of each and every
play?


Check out handlers and notify.
https://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b652a10f-9897-139e-d105-d3e03da5eb2a%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Conditional when any of several tasks has been done

2016-12-12 Thread John Oliver 
Thanks, Spike.  That's what I'll do.  That, or a hash.

On Monday, December 12, 2016 at 11:15:37 AM UTC-8, Spike Robinson wrote:
>
> In the specific case of modifying one file only, multiple times, you could 
> get away with one register for the original modification timestamp, and 
> then compare that timestamp with the current timestamp as your last 
> operation. 
> In the general case, I think you need to use a register with a boolean for 
> each operation that can trigger your final action. 
>
> On Monday, 12 December 2016 19:06:18 UTC, John Oliver wrote:
>>
>> Let's say I have a playbook that looks for and changes lines in 
>> sshd_config if necessary.  Then I want the sshd service to be restarted 
>> only if at least one of those actions has taken place.  Is there a way to 
>> evaluate for that without registering a variable for the completion of each 
>> and every play?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/21c7e249-c661-46ed-b2c1-b515353fd1ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Conditional skipped?

2016-12-12 Thread John Oliver 
My little playbook:

- hosts: all
  become: true
  become_user: root
  become_method: sudo

  tasks:

  - name: Update McAfee virus definitions
shell: /opt/McAfee/LinuxShield/bin/nails task --run 1
register: result

  - name: Update McAfee virus definitions 2
shell: /opt/NAI/LinuxShield/bin/nails task --run 1
when: result|failed


I did this because one of my hosts doesn't have nails installed where the 
rest do.  Why?  Dunno.  But when I run this, all of the hosts that have the 
first command run successfully are skipped, as I expected, but the one 
isn't mentioned at all, other than the failure in the first case.  That one 
host was completely skipped for the second command.  Any ideas why?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f01a6c9-c8b3-4d61-94c2-ecb25ad37e83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Reza ISSANY 
i have add the vvv to ansible and to ssh command. The log provided comes
from this run. I don't have more logs. I will try tomorrow to make a new
run just with the wait task.

reza

Le 12 déc. 2016 20:12, "Guilherme Ueno"  a écrit :

> Reza,
>
> You have to put the parameter at the end of command, like:
> ansible-playbook -i inventory... -vvv
>
> Guilherme.
>
> On Monday, December 12, 2016 at 4:28:48 PM UTC-2, Reza ISSANY wrote:
>>
>> I can't reproduce the same run. Actually, ansible ask me to provide a
>> password to connect. I don't know why.
>> Ansible has to wait until he can connect using the command I provide no ?
>>
>> 2016-12-12 19:23:31,939 p=12608 u=deploy |  Using ansible.cfg as config
>> file
>> 2016-12-12 19:23:32,048 p=12608 u=deploy |  PLAYBOOK: main.yml
>> *
>> 2016-12-12 19:23:32,048 p=12608 u=deploy |  1 plays in main.yml
>> 2016-12-12 19:23:32,051 p=12608 u=deploy |  PLAY [all]
>> *
>> 2016-12-12 19:23:32,095 p=12608 u=deploy |  TASK [wait-for-available :
>> waiting for host to start] **
>> 2016-12-12 19:23:32,095 p=12608 u=deploy |  task path:
>> /ansible/roles/wait-for-available/tasks/main.yml:1
>> 2016-12-12 19:23:32,265 p=12608 u=deploy |  Using module file
>> /ansible/modules/utilities/logic/wait_for.py
>> 2016-12-12 19:23:57,413 p=12608 u=deploy |  ok: [192.168.0.57 ->
>> localhost] => {
>> "changed": false,
>> "elapsed": 25,
>> "invocation": {
>> "module_args": {
>> "connect_timeout": 5,
>> "delay": 10,
>> "exclude_hosts": null,
>> "host": "192.168.0.57",
>> "path": null,
>> "port": 22,
>> "search_regex": null,
>> "sleep": 1,
>> "state": "started",
>> "timeout": 300
>> },
>> "module_name": "wait_for"
>> },
>> "path": null,
>> "port": 22,
>> "search_regex": null,
>> "state": "started"
>> }
>> 2016-12-12 19:23:57,415 p=12608 u=deploy |  TASK [wait-for-available :
>> waiting to connect to ansible user] *
>> 2016-12-12 19:23:57,415 p=12608 u=deploy |  task path:
>> /ansible/roles/wait-for-available/tasks/main.yml:10
>> 2016-12-12 19:23:57,567 p=12608 u=deploy |  Using module file
>> /ansible/modules/commands/command.py
>> 2016-12-12 19:25:03,496 p=12608 u=deploy |   [ERROR]: User interrupted
>> execution
>>
>> - name: "waiting for host to start"
>>   local_action: wait_for
>> host={{ inventory_hostname }}
>> state=started
>> port=22
>> delay=10
>>   become: false
>>   when: ostype == 'Linux'
>>
>> - name: "waiting to connect to ansible user"
>>   local_action: command ssh -vvv -i ~/.ssh/deploy -o ConnectTimeout=5 -o
>> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o
>> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no
>> -l ansible {{inventory_hostname}} exit
>>   register: result
>>   until: result.rc == 0
>>   retries: 20
>>   delay: 5
>>   when: ostype == 'Linux'
>>
>> - name: "waiting the uname"
>>   command: uname -a
>>   register: result
>>   when: ostype == 'Linux'
>>
>> - name: "uname"
>>   debug:
>> var: result.stdout
>>   when: ostype == 'Linux'
>>
>>
>> *reza.*
>>
>> 2016-12-12 17:18 GMT+01:00 Guilherme Ueno :
>>
>>> Reza,
>>>
>>> Could you run with -vvv at the end?
>>>
>>> Thanks,
>>> Guilherme.
>>>
>>> On Monday, December 12, 2016 at 1:25:56 PM UTC-2, Reza ISSANY wrote:

 yess I've already tried shell butsame issue. If I try to connect
 manually, it works. The problem is that ansible doesn't release the
 first connection attemps while the server isn't ready. I don't know
 why ...

 2016-12-12 13:58 UTC+01:00, Guilherme Ueno :
 > Hi,
 >
 > Did you already try to use "shell" instead "command"? When you try to
 > execute that command from another machine it works?
 >
 > thanks,
 > Guilherme.
 >
 > On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net
 wrote:
 >>
 >> Hi, forgive me for my bad english.
 >>
 >> I'm trying to find a way to test an ssh connection to a specific
 user on a
 >>
 >> new server.
 >>
 >> When I create a new virtual server, an ansible playbook is executed
 to
 >> finish the soft deployments:
 >> 1 Check if ssh is available (port 22)
 >> 2 Chekc if the ansible user is available
 >> 3 Get the uname
 >> 4 Install packages
 >>
 >>
 >> I have no problem for 1, 3 and 4:
 >>
 >> - name: "waiting for host to start"
 >>   local_action: wait_for
 >> host={{ inventory_hostname }}
 >> state=started
 >> port=22
 >> delay=10
 >>   become: false
 >>
 >> - name: "waiting to connect to  user"
 >>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o

[ansible-project] Re: Conditional when any of several tasks has been done

2016-12-12 Thread Spike Robinson 
In the specific case of modifying one file only, multiple times, you could 
get away with one register for the original modification timestamp, and 
then compare that timestamp with the current timestamp as your last 
operation. 
In the general case, I think you need to use a register with a boolean for 
each operation that can trigger your final action. 

On Monday, 12 December 2016 19:06:18 UTC, John Oliver wrote:
>
> Let's say I have a playbook that looks for and changes lines in 
> sshd_config if necessary.  Then I want the sshd service to be restarted 
> only if at least one of those actions has taken place.  Is there a way to 
> evaluate for that without registering a variable for the completion of each 
> and every play?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/be98237b-5ea8-4b2e-a335-32d18f261c71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Guilherme Ueno 
Reza,

You have to put the parameter at the end of command, like: ansible-playbook 
-i inventory... -vvv

Guilherme.

On Monday, December 12, 2016 at 4:28:48 PM UTC-2, Reza ISSANY wrote:
>
> I can't reproduce the same run. Actually, ansible ask me to provide a 
> password to connect. I don't know why.
> Ansible has to wait until he can connect using the command I provide no ?
>
> 2016-12-12 19:23:31,939 p=12608 u=deploy |  Using ansible.cfg as config 
> file
> 2016-12-12 19:23:32,048 p=12608 u=deploy |  PLAYBOOK: main.yml 
> *
> 2016-12-12 19:23:32,048 p=12608 u=deploy |  1 plays in main.yml
> 2016-12-12 19:23:32,051 p=12608 u=deploy |  PLAY [all] 
> *
> 2016-12-12 19:23:32,095 p=12608 u=deploy |  TASK [wait-for-available : 
> waiting for host to start] **
> 2016-12-12 19:23:32,095 p=12608 u=deploy |  task path: 
> /ansible/roles/wait-for-available/tasks/main.yml:1
> 2016-12-12 19:23:32,265 p=12608 u=deploy |  Using module file 
> /ansible/modules/utilities/logic/wait_for.py
> 2016-12-12 19:23:57,413 p=12608 u=deploy |  ok: [192.168.0.57 -> 
> localhost] => {
> "changed": false, 
> "elapsed": 25, 
> "invocation": {
> "module_args": {
> "connect_timeout": 5, 
> "delay": 10, 
> "exclude_hosts": null, 
> "host": "192.168.0.57", 
> "path": null, 
> "port": 22, 
> "search_regex": null, 
> "sleep": 1, 
> "state": "started", 
> "timeout": 300
> }, 
> "module_name": "wait_for"
> }, 
> "path": null, 
> "port": 22, 
> "search_regex": null, 
> "state": "started"
> }
> 2016-12-12 19:23:57,415 p=12608 u=deploy |  TASK [wait-for-available : 
> waiting to connect to ansible user] *
> 2016-12-12 19:23:57,415 p=12608 u=deploy |  task path: 
> /ansible/roles/wait-for-available/tasks/main.yml:10
> 2016-12-12 19:23:57,567 p=12608 u=deploy |  Using module file 
> /ansible/modules/commands/command.py
> 2016-12-12 19:25:03,496 p=12608 u=deploy |   [ERROR]: User interrupted 
> execution
>
> - name: "waiting for host to start"
>   local_action: wait_for
> host={{ inventory_hostname }}
> state=started
> port=22
> delay=10
>   become: false
>   when: ostype == 'Linux'
>
> - name: "waiting to connect to ansible user"
>   local_action: command ssh -vvv -i ~/.ssh/deploy -o ConnectTimeout=5 -o 
> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o 
> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no 
> -l ansible {{inventory_hostname}} exit
>   register: result
>   until: result.rc == 0
>   retries: 20
>   delay: 5
>   when: ostype == 'Linux'
>
> - name: "waiting the uname"
>   command: uname -a
>   register: result
>   when: ostype == 'Linux'
>
> - name: "uname"
>   debug:
> var: result.stdout
>   when: ostype == 'Linux'
>
>
> *reza.*
>
> 2016-12-12 17:18 GMT+01:00 Guilherme Ueno  >:
>
>> Reza,
>>
>> Could you run with -vvv at the end?
>>
>> Thanks,
>> Guilherme. 
>>
>> On Monday, December 12, 2016 at 1:25:56 PM UTC-2, Reza ISSANY wrote:
>>>
>>> yess I've already tried shell butsame issue. If I try to connect 
>>> manually, it works. The problem is that ansible doesn't release the 
>>> first connection attemps while the server isn't ready. I don't know 
>>> why ... 
>>>
>>> 2016-12-12 13:58 UTC+01:00, Guilherme Ueno : 
>>> > Hi, 
>>> > 
>>> > Did you already try to use "shell" instead "command"? When you try to 
>>> > execute that command from another machine it works? 
>>> > 
>>> > thanks, 
>>> > Guilherme. 
>>> > 
>>> > On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net 
>>> wrote: 
>>> >> 
>>> >> Hi, forgive me for my bad english. 
>>> >> 
>>> >> I'm trying to find a way to test an ssh connection to a specific user 
>>> on a 
>>> >> 
>>> >> new server. 
>>> >> 
>>> >> When I create a new virtual server, an ansible playbook is executed 
>>> to 
>>> >> finish the soft deployments: 
>>> >> 1 Check if ssh is available (port 22) 
>>> >> 2 Chekc if the ansible user is available 
>>> >> 3 Get the uname 
>>> >> 4 Install packages 
>>> >> 
>>> >> 
>>> >> I have no problem for 1, 3 and 4: 
>>> >> 
>>> >> - name: "waiting for host to start" 
>>> >>   local_action: wait_for 
>>> >> host={{ inventory_hostname }} 
>>> >> state=started 
>>> >> port=22 
>>> >> delay=10 
>>> >>   become: false 
>>> >> 
>>> >> - name: "waiting to connect to  user" 
>>> >>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o 
>>> >> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o 
>>> >> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o 
>>> >> GSSAPIKeyExchange=no 
>>> >> -l x {{inventory_hostname}} exit 
>>> >>   register: result 
>>> >>   until: result.rc == 0 
>>> >>   retries: 20 
>>> >>   delay: 5 
>>> >>

[ansible-project] Conditional when any of several tasks has been done

2016-12-12 Thread John Oliver 
Let's say I have a playbook that looks for and changes lines in sshd_config 
if necessary.  Then I want the sshd service to be restarted only if at 
least one of those actions has taken place.  Is there a way to evaluate for 
that without registering a variable for the completion of each and every 
play?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b4e60da4-d279-4e70-9974-3dcb9bdbb316%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Tasks are not executed in the order defined in With_dict

2016-12-12 Thread Anand Buddhdev 
Hello Deepa,

Dictionaries are *not* ordered collections. You should never rely on items 
in a dictionary to be returned in order. You'd be better off using a list.

patches:
- patchdata1
- patchdata2

A list preserves order.

On Monday, 12 December 2016 15:37:22 UTC+1, Deepa Yr wrote:
>
> Hi
>
>   I have a dict where I need to install patches in the order
>
> patches:
> patch1:
> patch_name:
>patch2:
> patch_name:
>patch3:
> patch_name:
>   and so on
>patch8:
> patch_name:
>
>
> - name: install patches
>   include: install_patch.yml
>   with_dict: {{patches}}
>
> When I run above playbook, the order is not as I have defined. It is 
> taking patch8,patch1,patch2.. patch7.
>
> Can you please suggest how I can run in the order.
>
> Thanks
> Deepa
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3aafa540-634d-400e-bf7b-7d35e5e30cb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Reza ISSANY 
I can't reproduce the same run. Actually, ansible ask me to provide a
password to connect. I don't know why.
Ansible has to wait until he can connect using the command I provide no ?

2016-12-12 19:23:31,939 p=12608 u=deploy |  Using ansible.cfg as config file
2016-12-12 19:23:32,048 p=12608 u=deploy |  PLAYBOOK: main.yml
*
2016-12-12 19:23:32,048 p=12608 u=deploy |  1 plays in main.yml
2016-12-12 19:23:32,051 p=12608 u=deploy |  PLAY [all]
*
2016-12-12 19:23:32,095 p=12608 u=deploy |  TASK [wait-for-available :
waiting for host to start] **
2016-12-12 19:23:32,095 p=12608 u=deploy |  task path:
/ansible/roles/wait-for-available/tasks/main.yml:1
2016-12-12 19:23:32,265 p=12608 u=deploy |  Using module file
/ansible/modules/utilities/logic/wait_for.py
2016-12-12 19:23:57,413 p=12608 u=deploy |  ok: [192.168.0.57 -> localhost]
=> {
"changed": false,
"elapsed": 25,
"invocation": {
"module_args": {
"connect_timeout": 5,
"delay": 10,
"exclude_hosts": null,
"host": "192.168.0.57",
"path": null,
"port": 22,
"search_regex": null,
"sleep": 1,
"state": "started",
"timeout": 300
},
"module_name": "wait_for"
},
"path": null,
"port": 22,
"search_regex": null,
"state": "started"
}
2016-12-12 19:23:57,415 p=12608 u=deploy |  TASK [wait-for-available :
waiting to connect to ansible user] *
2016-12-12 19:23:57,415 p=12608 u=deploy |  task path:
/ansible/roles/wait-for-available/tasks/main.yml:10
2016-12-12 19:23:57,567 p=12608 u=deploy |  Using module file
/ansible/modules/commands/command.py
2016-12-12 19:25:03,496 p=12608 u=deploy |   [ERROR]: User interrupted
execution

- name: "waiting for host to start"
  local_action: wait_for
host={{ inventory_hostname }}
state=started
port=22
delay=10
  become: false
  when: ostype == 'Linux'

- name: "waiting to connect to ansible user"
  local_action: command ssh -vvv -i ~/.ssh/deploy -o ConnectTimeout=5 -o
ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o
StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no
-l ansible {{inventory_hostname}} exit
  register: result
  until: result.rc == 0
  retries: 20
  delay: 5
  when: ostype == 'Linux'

- name: "waiting the uname"
  command: uname -a
  register: result
  when: ostype == 'Linux'

- name: "uname"
  debug:
var: result.stdout
  when: ostype == 'Linux'


*reza.*

2016-12-12 17:18 GMT+01:00 Guilherme Ueno :

> Reza,
>
> Could you run with -vvv at the end?
>
> Thanks,
> Guilherme.
>
> On Monday, December 12, 2016 at 1:25:56 PM UTC-2, Reza ISSANY wrote:
>>
>> yess I've already tried shell butsame issue. If I try to connect
>> manually, it works. The problem is that ansible doesn't release the
>> first connection attemps while the server isn't ready. I don't know
>> why ...
>>
>> 2016-12-12 13:58 UTC+01:00, Guilherme Ueno :
>> > Hi,
>> >
>> > Did you already try to use "shell" instead "command"? When you try to
>> > execute that command from another machine it works?
>> >
>> > thanks,
>> > Guilherme.
>> >
>> > On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net
>> wrote:
>> >>
>> >> Hi, forgive me for my bad english.
>> >>
>> >> I'm trying to find a way to test an ssh connection to a specific user
>> on a
>> >>
>> >> new server.
>> >>
>> >> When I create a new virtual server, an ansible playbook is executed to
>> >> finish the soft deployments:
>> >> 1 Check if ssh is available (port 22)
>> >> 2 Chekc if the ansible user is available
>> >> 3 Get the uname
>> >> 4 Install packages
>> >>
>> >>
>> >> I have no problem for 1, 3 and 4:
>> >>
>> >> - name: "waiting for host to start"
>> >>   local_action: wait_for
>> >> host={{ inventory_hostname }}
>> >> state=started
>> >> port=22
>> >> delay=10
>> >>   become: false
>> >>
>> >> - name: "waiting to connect to  user"
>> >>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o
>> >> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o
>> >> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o
>> >> GSSAPIKeyExchange=no
>> >> -l x {{inventory_hostname}} exit
>> >>   register: result
>> >>   until: result.rc == 0
>> >>   retries: 20
>> >>   delay: 5
>> >>
>> >> - name: "waiting the uname"
>> >>   command: uname -a
>> >>   register: result
>> >>
>> >> - name: "uname"
>> >>   debug:
>> >> var: result.stdout
>> >>
>> >> but the second step is never OK. When the playbook execute this step,
>> >> ansible execute the command, but never exit from this command. I have
>> to
>> >> kill the process of this command to force ansible to re-run a new
>> test.
>> >> Finally when the server and user is available, after a new kill,
>> ansible
>> >> can continue with s

[ansible-project] SVN module: In check_mode also check svn.has_local_mods()

2016-12-12 Thread vj . calvo 
Hello,

For our deployment purposes using Ansible and SVN we would need to test 
(check mode, dry-run) before run the deployment playbook. If there is some 
missing file in the destination it will pass the check-mode but not the 
definitive one.

I looked at the code and I think it will do the job to add in current line 
286:


if module.check_mode or not update:

if (svn.has_local_mods() && !force)
module.fail_json(msg="ERROR: modified files exist in the repository.")
check, before, after = svn.needs_update()
module.exit_json(changed=check, before=before, after=after) 


I am far from an expert on this, so I prefer to post it here so maybe 
someone can help and implement it! :)

Thanks and regards,

Victor.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/66769713-cf2f-432c-ac0e-2295609df305%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ElastiCache error in Ec2.py while running playbooks

2016-12-12 Thread Abhilash Panickar 
Hi,

For the past few days I am getting the following error when running ansible 
playbooks using the AWS cloud modules or when directly running the ec2.py 
file with the --refresh-cache command from my local machine:

ap:~ ap$ /ansible/inventory/ec2.py --refresh-cache
Traceback (most recent call last):
  File "/ansible/inventory/ec2.py", line 1510, in 
Ec2Inventory()
  File "/ansible/inventory/ec2.py", line 186, in __init__
self.do_api_calls_update_cache()
  File "/ansible/inventory/ec2.py", line 492, in do_api_calls_update_cache
self.get_elasticache_replication_groups_by_region(region)
  File "/ansible/inventory/ec2.py", line 722, in 
get_elasticache_replication_groups_by_region
self.add_elasticache_replication_group(replication_group, region)
  File "/ansible/inventory/ec2.py", line 1198, in 
add_elasticache_replication_group
dest = replication_group['NodeGroups'][0]['PrimaryEndpoint']['Address']
TypeError: 'NoneType' object has no attribute '__getitem__'

This issue seems to be go away when running from an Ec2 instance in the AWS 
account.

I have the latest EC2.py and EC2.ini files, ansible version is 2.2.0.0 and 
boto3 is installed and I do set the valid AWS credentials before running 
the playbook,

Any ideas on what's going on?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d9cda1a-8873-4938-9cee-3b43ab4daa1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How can I change the path for specific host

2016-12-12 Thread Guilherme Ueno 
Hi Dick,

Thank you for your attention, but what you mean when you says "host var"?

INVENTORY:
[webserver] 
hosta
hostb


TASK1:
- name: copy script to server A
  copy: src=jboss.sh dest=/usr/app/abc/dir mode=u+rwx

TASK2:
- name: copy script to server B
  copy: src=jboss.sh dest=/usr/app/def/dir mode=u+rwx


COMMAND:
ansible-playbook -i inventory environment --limit webserver


The destination is different on both hosts and I can't reduce those tasks 
to only one, because of subdirectories "abc" and "def".

Thank you again,
Guilherme.

On Monday, December 12, 2016 at 2:22:23 PM UTC-2, Dick Davies wrote:
>
> If they're in different groups, make the path a group var. 
> If they're in the same groups, make the path a host var. 
>
> On 12 December 2016 at 14:29, Guilherme Ueno  > wrote: 
> > Hi all, 
> > 
> > I have to copy a file into a directory to specific hosts, but the path 
> > changes for specific hosts. 
> > 
> > Ex.: 
> > 
> > Inventory: 
> > 
> > [webserver] 
> > hosta 
> > hostb 
> > 
> > 
> > 
> > task: Copy a file into: 
> > 
> > hosta: /usr/app/abc/dir 
> > hostb: /usr/app/def/dir 
> > 
> > 
> > But, I don't know how to use those variables in the "same task" using 
> > "webserver" as target. 
> > 
> > thank you, 
> > Guilherme. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ansible-proje...@googlegroups.com . 
> > To post to this group, send email to ansible...@googlegroups.com 
> . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/a4ec4ad0-6432-40a1-a45b-6e908b506e77%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1daaf38f-f39e-4995-92a7-20752a86f398%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] unarchive remote_src not working, no effect

2016-12-12 Thread Spike Robinson 
the *copy *option in the *unarchive *module is deprecated and we are 
advised to use *remote_src* instead

However, in an otherwise identical script, having staged the source file to 
the target machine successfully in a previous play,  if I use *copy = no* the 
play succeeds, but if instead of that I use *remote_src = yes* or *remote_src 
= no*, the play fails, in both cases saying the file source does not exist. 

So in summary remote_src either has no effect or perhaps expects some of 
the other parameters to unarchive to be different than what the copy option 
expects them to be. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bc4b9325-3417-4eb3-a123-17c1c7f337bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Manipulating EC2 instance storage

2016-12-12 Thread BostonMoto 

I discovered volume_size is also optional when using ephemeral option here, 
it will default to the maximum size of the instance type spec.

On Thursday, August 21, 2014 at 9:01:49 AM UTC-4, Mike Buzzetti wrote:
>
> I just came across this. 
>
> I did something like this for a c3.xlarge. Setting the ephemeral number is 
> the trick (The ssds are considered ephemeral when part of the instance 
> store)
>
>
> volumes:
>   - device_name: /dev/xvdb
> volume_size: 40
> device_type: gp2
> ephemeral: ephemeral0
>   - device_name: /dev/xvdc
> volume_size: 40
> device_type: gp2
> ephemeral: ephemeral1
>
>
>
> On Tuesday, June 17, 2014 4:09:01 PM UTC-4, Dan Vaida wrote:
>>
>> Hello again,
>>
>> I managed to resize the root device by adjusting the volumes parameter 
>> like so:
>> volumes:
>>   - device_name: /dev/sda
>> volume_size: 20
>> device_type: gp2
>>
>> Hint was found here: New SSD-Backed Elastic Block Storage 
>> 
>>
>> Now the only question that remains is: how to add those two SSD drives as 
>> well?
>>
>> Cheers!
>>
>> On Tuesday, 17 June 2014 12:44:54 UTC+2, Dan Vaida wrote:
>>>
>>> Hello everyone!
>>>
>>> Here goes my first post in the wonderful Ansible project :)
>>>
>>> Here's the problem that I am facing: I am trying to launch an EC2 
>>> instance (c3.2xlarge) and, in the process, I want to resize the root 
>>> partition from 8GB to something bigger. Also while in the process of 
>>> launching the instance, I'd like to add those two extra disks (2x80GB SSD) 
>>> that come with this instance.
>>>
>>> I do not know if this is even achievable via Ansible.
>>>
>>> So far, I looked at these two modules:
>>> - http://docs.ansible.com/ec2_module.html
>>> - http://docs.ansible.com/ec2_vol_module.html
>>>
>>> I played with them in different ways, with no avail. Here is what I have 
>>> now to successfully launch the instance. Playbook: provision.yml
>>> ---
>>> # http://docs.ansible.com/ec2_module.html
>>> - name: spin up the all in one instance
>>>   hosts: localhost
>>>   connection: local
>>>   gather_facts: False
>>>   tasks:
>>>
>>>   - name: create security group
>>> local_action:
>>>   module: ec2_group
>>>   name: "{{ security_group }}"
>>>   description: security group for the all in one server
>>>   region: "{{ region }}"
>>>   vpc_id: "{{ vpc_id }}"
>>>   rules:
>>> - proto: all
>>>   from_port: 0
>>>   to_port: 65535
>>>   cidr_ip: 87.193.177.242/32
>>>   rules_egress:
>>> - proto: all
>>>   from_port: 0
>>>   to_port: 65535
>>>   cidr_ip: 0.0.0.0/0
>>> register: ec2_group
>>> tags: provisioning
>>>
>>>   - name: launch instance
>>> local_action:
>>>   module: ec2
>>>   aws_access_key: "{{ ec2_access_key }}"
>>>   aws_secret_key: "{{ ec2_secret_key }}"
>>>   count: 1
>>>   region: "{{ region }}"
>>>   zone: "{{ zone }}"
>>>   instance_type: "{{ instance_type }}"
>>>   image: "{{ ami }}"
>>>   ebs_optimized: yes
>>>   state: present
>>>   group: "{{ security_group }}"
>>>   vpc_subnet_id: "{{ subnet }}"
>>>   key_name: "{{ keypair }}"
>>>   monitoring: yes
>>>   assign_public_ip: yes
>>>   wait: yes
>>>   wait_timeout: 300
>>>   volumes:
>>>   - device_name: /dev/xvda
>>> volume_size: 20
>>> register: ec2
>>>  # - name: adding remaining disks #(c3.2xlarge has 2x80GB SSD)
>>>  #   local_action: ec2_vol instance={{ item.id }} volume_size=80 count=2
>>>  #   with_items: ec2.instances
>>>  #   register: ec2_vol
>>>
>>> And for what it's worth, here are my variables host_vars/localhost:
>>> #AWS wheezy AMI IDs => 
>>> https://wiki.debian.org/Cloud/AmazonEC2Image/Wheezy
>>> #(EU-West-1, PVM, EBS-backed, x86_64)region: eu-west-1
>>> zone: eu-west-1a
>>> instance_type: c3.2xlarge
>>> ami: ami-630fcb14
>>>
>>> #network & security
>>> security_group: allinone
>>> subnet: subnet-ddca27aa
>>> vpc_id: vpc-9037d9f5
>>> keypair: ansible-ec2
>>>
>>> You can see how I tried and shamefully failed to add those two SSDs 
>>> (count parameter is not even supported by module ec2_vol) :)
>>> Curiously enough, if I use the volumes parameter of the module ec2 as 
>>> above, I get two EBS volumes showing up in the AWS console: /dev/sda and of 
>>> course /dev/xvda (this one being the root device). I cannot even see 
>>> /dev/sda in the EC2 instance.
>>> FYI, this AMI launches with a 8GB root partition by default. Would be 
>>> great if I could make that bigger with an Ansible module/parameter. I am 
>>> very much aware on how to do this "outside" of Ansible, but it's not 
>>> desired.
>>> Second issue would be attaching those two disks that come with this 
>>> instance type...
>>>
>>> Any help/hint would be greatly appreciated.
>>>
>>> See attached screenshot to better understand what I'm trying to achieve 
>>> with

[ansible-project] Re: Manipulating EC2 instance storage

2016-12-12 Thread BostonMoto 
I discovered you volume_size is also optional when using ephemeral option 
here, it will default to the maximum size of the instance type spec.

On Thursday, August 21, 2014 at 9:01:49 AM UTC-4, Mike Buzzetti wrote:
>
> I just came across this. 
>
> I did something like this for a c3.xlarge. Setting the ephemeral number is 
> the trick (The ssds are considered ephemeral when part of the instance 
> store)
>
>
> volumes:
>   - device_name: /dev/xvdb
> volume_size: 40
> device_type: gp2
> ephemeral: ephemeral0
>   - device_name: /dev/xvdc
> volume_size: 40
> device_type: gp2
> ephemeral: ephemeral1
>
>
>
> On Tuesday, June 17, 2014 4:09:01 PM UTC-4, Dan Vaida wrote:
>>
>> Hello again,
>>
>> I managed to resize the root device by adjusting the volumes parameter 
>> like so:
>> volumes:
>>   - device_name: /dev/sda
>> volume_size: 20
>> device_type: gp2
>>
>> Hint was found here: New SSD-Backed Elastic Block Storage 
>> 
>>
>> Now the only question that remains is: how to add those two SSD drives as 
>> well?
>>
>> Cheers!
>>
>> On Tuesday, 17 June 2014 12:44:54 UTC+2, Dan Vaida wrote:
>>>
>>> Hello everyone!
>>>
>>> Here goes my first post in the wonderful Ansible project :)
>>>
>>> Here's the problem that I am facing: I am trying to launch an EC2 
>>> instance (c3.2xlarge) and, in the process, I want to resize the root 
>>> partition from 8GB to something bigger. Also while in the process of 
>>> launching the instance, I'd like to add those two extra disks (2x80GB SSD) 
>>> that come with this instance.
>>>
>>> I do not know if this is even achievable via Ansible.
>>>
>>> So far, I looked at these two modules:
>>> - http://docs.ansible.com/ec2_module.html
>>> - http://docs.ansible.com/ec2_vol_module.html
>>>
>>> I played with them in different ways, with no avail. Here is what I have 
>>> now to successfully launch the instance. Playbook: provision.yml
>>> ---
>>> # http://docs.ansible.com/ec2_module.html
>>> - name: spin up the all in one instance
>>>   hosts: localhost
>>>   connection: local
>>>   gather_facts: False
>>>   tasks:
>>>
>>>   - name: create security group
>>> local_action:
>>>   module: ec2_group
>>>   name: "{{ security_group }}"
>>>   description: security group for the all in one server
>>>   region: "{{ region }}"
>>>   vpc_id: "{{ vpc_id }}"
>>>   rules:
>>> - proto: all
>>>   from_port: 0
>>>   to_port: 65535
>>>   cidr_ip: 87.193.177.242/32
>>>   rules_egress:
>>> - proto: all
>>>   from_port: 0
>>>   to_port: 65535
>>>   cidr_ip: 0.0.0.0/0
>>> register: ec2_group
>>> tags: provisioning
>>>
>>>   - name: launch instance
>>> local_action:
>>>   module: ec2
>>>   aws_access_key: "{{ ec2_access_key }}"
>>>   aws_secret_key: "{{ ec2_secret_key }}"
>>>   count: 1
>>>   region: "{{ region }}"
>>>   zone: "{{ zone }}"
>>>   instance_type: "{{ instance_type }}"
>>>   image: "{{ ami }}"
>>>   ebs_optimized: yes
>>>   state: present
>>>   group: "{{ security_group }}"
>>>   vpc_subnet_id: "{{ subnet }}"
>>>   key_name: "{{ keypair }}"
>>>   monitoring: yes
>>>   assign_public_ip: yes
>>>   wait: yes
>>>   wait_timeout: 300
>>>   volumes:
>>>   - device_name: /dev/xvda
>>> volume_size: 20
>>> register: ec2
>>>  # - name: adding remaining disks #(c3.2xlarge has 2x80GB SSD)
>>>  #   local_action: ec2_vol instance={{ item.id }} volume_size=80 count=2
>>>  #   with_items: ec2.instances
>>>  #   register: ec2_vol
>>>
>>> And for what it's worth, here are my variables host_vars/localhost:
>>> #AWS wheezy AMI IDs => 
>>> https://wiki.debian.org/Cloud/AmazonEC2Image/Wheezy
>>> #(EU-West-1, PVM, EBS-backed, x86_64)region: eu-west-1
>>> zone: eu-west-1a
>>> instance_type: c3.2xlarge
>>> ami: ami-630fcb14
>>>
>>> #network & security
>>> security_group: allinone
>>> subnet: subnet-ddca27aa
>>> vpc_id: vpc-9037d9f5
>>> keypair: ansible-ec2
>>>
>>> You can see how I tried and shamefully failed to add those two SSDs 
>>> (count parameter is not even supported by module ec2_vol) :)
>>> Curiously enough, if I use the volumes parameter of the module ec2 as 
>>> above, I get two EBS volumes showing up in the AWS console: /dev/sda and of 
>>> course /dev/xvda (this one being the root device). I cannot even see 
>>> /dev/sda in the EC2 instance.
>>> FYI, this AMI launches with a 8GB root partition by default. Would be 
>>> great if I could make that bigger with an Ansible module/parameter. I am 
>>> very much aware on how to do this "outside" of Ansible, but it's not 
>>> desired.
>>> Second issue would be attaching those two disks that come with this 
>>> instance type...
>>>
>>> Any help/hint would be greatly appreciated.
>>>
>>> See attached screenshot to better understand what I'm trying to achieve 
>>> wi

[ansible-project] ansible ssh error Unreachable.

2016-12-12 Thread Spike Robinson 
Basically, debug this using the ping module and an adhoc command eg

ansible -m ping xx.whatever

and only go back to your playbook once that's working OK. 

(Apologies for the multiple posts.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c582b91c-77fe-4ac1-87f5-b94ad6c4e954%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible ssh error Unreachable.

2016-12-12 Thread Spike Robinson 
I'm assuming you have set xx. to the name of a real server and "myname" to 
a real account on that server, right? :-) 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c9e27d25-ba34-44c1-b6e3-a850992b49e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible ssh error Unreachable.

2016-12-12 Thread Spike Robinson 
Often a credentials failure or naming failure rather than connectivity. 

Check you can manually ssh to the target machine with the host name and 
username exactly as stated in your hosts file. And remove ssh pipelining to 
test if that's the issue.  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ce66714a-c65f-4d18-8e1f-1d3043b78fce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How can I change the path for specific host

2016-12-12 Thread Dick Davies 
If they're in different groups, make the path a group var.
If they're in the same groups, make the path a host var.

On 12 December 2016 at 14:29, Guilherme Ueno  wrote:
> Hi all,
>
> I have to copy a file into a directory to specific hosts, but the path
> changes for specific hosts.
>
> Ex.:
>
> Inventory:
>
> [webserver]
> hosta
> hostb
>
>
>
> task: Copy a file into:
>
> hosta: /usr/app/abc/dir
> hostb: /usr/app/def/dir
>
>
> But, I don't know how to use those variables in the "same task" using
> "webserver" as target.
>
> thank you,
> Guilherme.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a4ec4ad0-6432-40a1-a45b-6e908b506e77%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQa12ugC0pm3AjMkys3Rmequ6Aw2Ef9zcZ%2Bmy00NUtoHw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Guilherme Ueno 
Reza,

Could you run with -vvv at the end?

Thanks,
Guilherme. 

On Monday, December 12, 2016 at 1:25:56 PM UTC-2, Reza ISSANY wrote:
>
> yess I've already tried shell butsame issue. If I try to connect 
> manually, it works. The problem is that ansible doesn't release the 
> first connection attemps while the server isn't ready. I don't know 
> why ... 
>
> 2016-12-12 13:58 UTC+01:00, Guilherme Ueno  >: 
> > Hi, 
> > 
> > Did you already try to use "shell" instead "command"? When you try to 
> > execute that command from another machine it works? 
> > 
> > thanks, 
> > Guilherme. 
> > 
> > On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net 
> wrote: 
> >> 
> >> Hi, forgive me for my bad english. 
> >> 
> >> I'm trying to find a way to test an ssh connection to a specific user 
> on a 
> >> 
> >> new server. 
> >> 
> >> When I create a new virtual server, an ansible playbook is executed to 
> >> finish the soft deployments: 
> >> 1 Check if ssh is available (port 22) 
> >> 2 Chekc if the ansible user is available 
> >> 3 Get the uname 
> >> 4 Install packages 
> >> 
> >> 
> >> I have no problem for 1, 3 and 4: 
> >> 
> >> - name: "waiting for host to start" 
> >>   local_action: wait_for 
> >> host={{ inventory_hostname }} 
> >> state=started 
> >> port=22 
> >> delay=10 
> >>   become: false 
> >> 
> >> - name: "waiting to connect to  user" 
> >>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o 
> >> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o 
> >> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o 
> >> GSSAPIKeyExchange=no 
> >> -l x {{inventory_hostname}} exit 
> >>   register: result 
> >>   until: result.rc == 0 
> >>   retries: 20 
> >>   delay: 5 
> >> 
> >> - name: "waiting the uname" 
> >>   command: uname -a 
> >>   register: result 
> >> 
> >> - name: "uname" 
> >>   debug: 
> >> var: result.stdout 
> >> 
> >> but the second step is never OK. When the playbook execute this step, 
> >> ansible execute the command, but never exit from this command. I have 
> to 
> >> kill the process of this command to force ansible to re-run a new test. 
> >> Finally when the server and user is available, after a new kill, 
> ansible 
> >> can continue with step 3. 
> >> 
> >> How can I resolve this problem. I can add a sleep before the step 2, 
> but 
> >> it is not a good solution. Thanks in advance for your helps. 
> >> 
> > 
> > -- 
> > You received this message because you are subscribed to a topic in the 
> > Google Groups "Ansible Project" group. 
> > To unsubscribe from this topic, visit 
> > 
> https://groups.google.com/d/topic/ansible-project/cyOQIh3lPHM/unsubscribe. 
>
> > To unsubscribe from this group and all its topics, send an email to 
> > ansible-proje...@googlegroups.com . 
> > To post to this group, send email to ansible...@googlegroups.com 
> . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/04b175df-ec92-4579-a17c-d4efc100d23f%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
> > 
>
>
> -- 
> *reza.* 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/057c7d89-7462-4216-bf10-ddaa27f9c447%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Creating Security Groups with EC2_group mod

2016-12-12 Thread DG 
I was thinking about possibly using vars in the yaml to deduce what the
prefix list actually is.

Like, if it's possible to do a  var where pl-123456 can be deduced by
describing it in AWS cli, then substituting it in. Thanks for the response,
now I don't feel like a small island :)

Daniel Girard, CISSP AWS-ASA
571-271-6811


On Mon, Dec 12, 2016 at 9:30 AM, Josh Smift  wrote:

> This came up about a year ago on the ansible-devel list,
> https://groups.google.com/forum/#!searchin/ansible-
> devel/prefix$20list%7Csort:relevance/ansible-devel/
> YjfcFY75wJk/qXoEDQbrEwAJ
> is the thread: I'd asked about it, someone replied "yes but it'd be
> tricky", I don't think anything's happened since then.
>
> Our workaround is to do it by hand in the AWS console, and put a note in
> our configs and docs about it. :^(
>
> You could also probably do something clever with a 'command' module that
> called the AWS CLI with appropriate arguments, but I haven't tried that.
>
>   -Josh (j...@care.com)
>
> (apologies for the automatic corporate disclaimer that follows)
>
> This email is intended for the person(s) to whom it is addressed and may
> contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized
> use, distribution, copying, or disclosure by any person other than the
> addressee(s) is strictly prohibited. If you have received this email in
> error, please notify the sender immediately by return email and delete the
> message and any attachments from your system.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/ansible-project/I_kXv-ZFXek/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/22606.46223.45257.968242%40gargle.gargle.HOWL.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFi%3Dr5QTDKm6CYJuQqWuTk9ji2gLHWMtDhNofyBVK2e85MJVqw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Reza ISSANY 
yess I've already tried shell butsame issue. If I try to connect
manually, it works. The problem is that ansible doesn't release the
first connection attemps while the server isn't ready. I don't know
why ...

2016-12-12 13:58 UTC+01:00, Guilherme Ueno :
> Hi,
>
> Did you already try to use "shell" instead "command"? When you try to
> execute that command from another machine it works?
>
> thanks,
> Guilherme.
>
> On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net wrote:
>>
>> Hi, forgive me for my bad english.
>>
>> I'm trying to find a way to test an ssh connection to a specific user on a
>>
>> new server.
>>
>> When I create a new virtual server, an ansible playbook is executed to
>> finish the soft deployments:
>> 1 Check if ssh is available (port 22)
>> 2 Chekc if the ansible user is available
>> 3 Get the uname
>> 4 Install packages
>>
>>
>> I have no problem for 1, 3 and 4:
>>
>> - name: "waiting for host to start"
>>   local_action: wait_for
>> host={{ inventory_hostname }}
>> state=started
>> port=22
>> delay=10
>>   become: false
>>
>> - name: "waiting to connect to  user"
>>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o
>> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o
>> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o
>> GSSAPIKeyExchange=no
>> -l x {{inventory_hostname}} exit
>>   register: result
>>   until: result.rc == 0
>>   retries: 20
>>   delay: 5
>>
>> - name: "waiting the uname"
>>   command: uname -a
>>   register: result
>>
>> - name: "uname"
>>   debug:
>> var: result.stdout
>>
>> but the second step is never OK. When the playbook execute this step,
>> ansible execute the command, but never exit from this command. I have to
>> kill the process of this command to force ansible to re-run a new test.
>> Finally when the server and user is available, after a new kill, ansible
>> can continue with step 3.
>>
>> How can I resolve this problem. I can add a sleep before the step 2, but
>> it is not a good solution. Thanks in advance for your helps.
>>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/cyOQIh3lPHM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/04b175df-ec92-4579-a17c-d4efc100d23f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>


-- 
*reza.*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAxzbSRnVQxxux4HyK_jt4avVZ7NaZtzmjOEvj0kvF33ottbXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How can I change the path for specific host

2016-12-12 Thread Guilherme Ueno 
Hi all,

I have to copy a file into a directory to specific hosts, but the path 
changes for specific hosts.

Ex.: 

Inventory:

[webserver] 
hosta
hostb



task: Copy a file into:

hosta: /usr/app/abc/dir
hostb: /usr/app/def/dir


But, I don't know how to use those variables in the "same task" using 
"webserver" as target.

thank you,
Guilherme.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a4ec4ad0-6432-40a1-a45b-6e908b506e77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible ssh unreachable

2016-12-12 Thread Raj Reddy 



UNREACHABLE! changed : false , msg:SSH error:data could not be sent to the 
remote host. Make sure this host can be reached over ssh", "unreachable": 
true

Hosts: [test] xx.local ansible_ssh_user=myname

ansible.cfg [defaults] host_key_checking = False

[ssh_connection] pipelining=true



I am running the playbook from Jenkins using execute shell `

ansible=2.2.0.0
1
Not signed in

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1952f2e1-a4de-468e-be2c-dbe9b57b8dd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] [help]Shared connection is closed

2016-12-12 Thread Margin Hu 

Hi Guys,

I met a strange issue "shared connection closed", googled but don't find 
any solution or workaround.


when the issue happened , the network is ok , why ssh connection closed ?

My verion is  as following.

[root@director ~]# ansible --version
ansible 1.9.4
  configured module search path = None
[root@director ~]# uname -a
Linux director.vepc.mnc066.mcc260.3gppnetwork.org 3.10.0-514.el7.x86_64 
#1 SMP Wed Oct 19 11:24:13 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

[root@director ~]#


[root@director restart-service-overcloud]# vim site.yml
[root@director restart-service-overcloud]# ansible-playbook site.yml

PLAY [controllers] 



GATHERING FACTS 
***

ok: [slot7]
ok: [slot14]
ok: [slot5]

TASK: [controller | script restart-service.sh  neutron-l3-agent] 
**

changed: [slot14]
failed: [slot5] => {"changed": true, "rc": 1}
stderr: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to slot5 closed.

stdout: Error: Unable to cleanup resource: neutron-l3-agent
Error performing operation: No such device

failed: [slot7] => {"changed": true, "rc": 1}
stderr: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to slot7 closed.

stdout: Error: Unable to cleanup resource: neutron-l3-agent
Error performing operation: No such device


TASK: [controller | script restart-service.sh neutron-metadata-agent] 


changed: [slot14]

TASK: [controller | script restart-service.sh neutron-dhcp-agent] 


changed: [slot14]

TASK: [controller | script restart-service.sh neutron-openvswitch-agent] 
*

changed: [slot14]

TASK: [controller | script restart-service.sh  neutron-server] 


changed: [slot14]

TASK: [controller | script restart-service.sh openstack-nova-scheduler] 
**

changed: [slot14]

TASK: [controller | script restart-service.sh openstack-nova-conductor] 
**

changed: [slot14]

TASK: [controller | script restart-service.sh openstack-nova-api] 


changed: [slot14]

PLAY [computes] 
***


GATHERING FACTS 
***

ok: [slot2]
ok: [slot9]
ok: [slot4]
ok: [slot1]
ok: [slot3]
ok: [slot13]
ok: [slot10]
ok: [slot11]
ok: [slot12]

TASK: [compute | shell openstack-service restart] 
*

changed: [slot3]
changed: [slot4]
changed: [slot9]
changed: [slot1]
changed: [slot2]
changed: [slot11]
changed: [slot13]
changed: [slot10]
changed: [slot12]

TASK: [compute | neutron-sriov-nic-agent.service] 
*

changed: [slot2]
changed: [slot4]
changed: [slot1]
changed: [slot3]
changed: [slot9]
changed: [slot10]
failed: [slot13] => {"failed": true}
msg: failure 1 running systemctl show for 
'neutron-sriov-nic-agent.service': Unit neutron-sriov-nic-agent.service 
could not be found.


changed: [slot11]
changed: [slot12]

PLAY RECAP 


   to retry, use: --limit @/root/site.retry

slot1  : ok=3changed=2 unreachable=0failed=0
slot10 : ok=3changed=2 unreachable=0failed=0
slot11 : ok=3changed=2 unreachable=0failed=0
slot12 : ok=3changed=2 unreachable=0failed=0
slot13 : ok=2changed=1 unreachable=0failed=1
slot14 : ok=9changed=8 unreachable=0failed=0
slot2  : ok=3changed=2 unreachable=0failed=0
slot3  : ok=3changed=2 unreachable=0failed=0
slot4  : ok=3changed=2 unreachable=0failed=0
slot5  : ok=1changed=0 unreachable=0failed=1
slot7  : ok=1changed=0 unreachable=0failed=1
slot9  : ok=3changed=2 unreachable=0failed=0

[root@director restart-service-overcloud]#


 EXEC ssh -C -tt -v -o ControlMaster=auto -o ControlPersist=60s 
-o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 slot5 /bin/sh -c 'rm 
-rf /root/.ansible/tmp/ansible-tmp-1481442180.55-164858731706577/ 
>/dev/null 2>&1'
changed: [slot5] => {"changed": true, "rc": 0, "stderr": "OpenSSH_6.6.1, 
OpenSSL 1.0.1e-fips 11

[ansible-project] ansible_ssh_host points to wrong ip

2016-12-12 Thread Mathias Aldrin 
Hi,

I have created a vm with 3 network interfaces using a heat template in an 
openstack cloud environment.
One of the interfaces are reachable from the outside the cloud and the 
other two interfaces are private networks inside the cloud.

+--+---+++-+-+
| ID   | Name  | Status | 
Task State | Power State | Networks 
   |
+--+---+++-+-+
| cffb942b-44c1-4ee4-b31a-a46599912913 | qwm-0   | ACTIVE | -   
   | Running | qw-loopback=10.20.160.16; external=10.68.32.157; 
qw-cn-up=10.20.150.16  |


I can ssh into the vm at 10.68.32.157 but not via 10.20.160.16 nor 
10.20.150.16.

The problem is that ansible thinks 10.20.150.16 is the address to use why I 
use dynamic inventory:

inventory/openstack.py --list | egrep -i "ansible_ssh_host|accessIPv4"
"ansible_ssh_host": "10.20.150.16", 
  "accessIPv4": "10.20.150.16", 

How can I control ansible so it always set "external" network ip addresses 
to ansible_ssh_host and accessIPv4?

Thanks
Mathias

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd96b8aa-91f8-40ff-9f2c-5fed5111c3cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible wait_for ssh for a specific user

2016-12-12 Thread Guilherme Ueno 
Hi,

Did you already try to use "shell" instead "command"? When you try to 
execute that command from another machine it works?

thanks,
Guilherme.

On Monday, December 12, 2016 at 8:39:25 AM UTC-2, zer...@issany.net wrote:
>
> Hi, forgive me for my bad english.
>
> I'm trying to find a way to test an ssh connection to a specific user on a 
> new server.
>
> When I create a new virtual server, an ansible playbook is executed to 
> finish the soft deployments:
> 1 Check if ssh is available (port 22)
> 2 Chekc if the ansible user is available
> 3 Get the uname
> 4 Install packages
>
>
> I have no problem for 1, 3 and 4:
>
> - name: "waiting for host to start"
>   local_action: wait_for
> host={{ inventory_hostname }}
> state=started
> port=22
> delay=10
>   become: false
>
> - name: "waiting to connect to  user"
>   local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o 
> ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o 
> StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no 
> -l x {{inventory_hostname}} exit
>   register: result
>   until: result.rc == 0
>   retries: 20
>   delay: 5
>
> - name: "waiting the uname"
>   command: uname -a
>   register: result
>
> - name: "uname"
>   debug:
> var: result.stdout
>
> but the second step is never OK. When the playbook execute this step, 
> ansible execute the command, but never exit from this command. I have to 
> kill the process of this command to force ansible to re-run a new test.
> Finally when the server and user is available, after a new kill, ansible 
> can continue with step 3.
>
> How can I resolve this problem. I can add a sleep before the step 2, but 
> it is not a good solution. Thanks in advance for your helps.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/04b175df-ec92-4579-a17c-d4efc100d23f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Failed to get D-Bus connection in Docker Container

2016-12-12 Thread Coolman 
Hello there,
I get the error described in the title when I execute systemctl in a docker 
container launcher with Ansible docker module. Thus, I cannot manage 
services in the docker container (eg. satrt/stop/reload nginx service 
...etc.)
How can I avoid this issue when launching a docker container with Andible ?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d57a331e-2de9-4645-bd4c-498da23712e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Unable to source a script?

2016-12-12 Thread Jitendra Bhalothia 

Hi People,

You have to define the executable path.
 
- name: for source command
  command: source /home/ubuntu/.bash_profile  executable=/bin/bash

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f43f3126-679a-4671-9c4f-ec1cfc05271d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible philosophy for those new to the list == keep it simple

2016-12-12 Thread Spike Robinson 
I'm kind of with BitDivine. I've been using Ansible "in anger" (at times 
literally!) on a real world environment for a few months now. I also try to 
make my playbooks a statement of desired state. Most of the time that's easy to 
achieve. It gets frustrating when it's not so easy to achieve, but each of 
those challenges has pushed me up the learning curve of the language, so it's 
all good. As Michael says in the OP, it's easy (and good) to write scripts in 
plain English, and once written they stay written and useful, you can forget 
about them and still rely on them. 

I also try to write idempotent scripts. Again, this is easy often enough that 
in the cases when it isn't so easy, it gets frustrating. You can see from the 
varying functioning and usage of the various  modules that idempotence is 
probably one of the "computer-sciencey" "memes" that the OP disdains. It's a 
general principle for modules, maybe, but it's far from rigidly enforced or 
universal or uniform. Or in some cases, it's so taken for granted that you 
can't see from the documentation how idempotence is going to work, but then 
magically it "just does". I'm learning that with Ansible sometimes you just 
have to close your eyes and *believe*. :-) 

"Install then (check or install)" is a good pattern. Running the script until 
it goes green is a much easier meta-pattern (a behavior pattern rather than a 
programming pattern). It's a great habit to get into and on our site we are 
doing it all the time. (Along with, while testing the playbook, actually 
checking the system *hasn't* changed when the playbook responds green!) Again, 
the fact that this "just works" most of the time makes it doubly frustrating 
when, for example, tests that perform no actual system change report Changed by 
default, or, worse, tests like (the  touch module) actually do change the 
system when executing what should be a read only test. 

So I can see the merits of all the approaches mentioned here. :-)  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1e79d7b3-8485-40e0-9e0a-8f71d9cac3bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] "validate_certs" arg with ansible 2.2 and vmware module not skipping cert validation

2016-12-12 Thread broncomz1 
I've see several discussions where the "validate_certs" arg should work 
(was fixed, https://github.com/ansible/ansible-modules-extras/issues/2757 
for example) in order to use self-signed certificates and skip cert 
validation in ansible 2.2, however I'm still seeing certificate issues when 
setting "validate_certs=false".

localhost | FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"hostname": "172.31.240.202",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"username": "root",
"validate_certs": false
},
"module_name": "vmware_vm_facts"
},
"msg": "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:590)"

Any pointers to how to solve would be much appreciated. I may very well be 
doing something wrong here...new to ansible in general...

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3ed6c7f8-24f4-4502-b3d4-a074ac199d86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible ssh error Unreachable.

2016-12-12 Thread Raj Reddy 


ERROR: UNREACHABLE! => changed : false , msg:SSH error:data could not be 
sent to the remote host.Make sure this host can be reached over ssh", 
"unreachable": true


Hosts: [test] xx.local ansible_ssh_user=myname

ansible.cfg [defaults] host_key_checking = False

[ssh_connection] pipelining=true

I am running the playbook from Jenkins using execute shell `

ansible-playbook -i hosts playbook/app.yml


Ansible version 2.2.0.0


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d008a0d6-4bd1-490c-b2ed-dd58f4423120%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] auto-mux: Trying existing master

2016-12-12 Thread Margin Hu 


I met a issue when run a playbook. what caused that symtom ? 


[root@director restart-service-overcloud]# vim site.yml 
[root@director restart-service-overcloud]# ansible-playbook  site.yml 

PLAY [controllers] 
 

GATHERING FACTS 
*** 
ok: [slot7]
ok: [slot14]
ok: [slot5]

TASK: [controller | script restart-service.sh  neutron-l3-agent] 
** 
changed: [slot14]
failed: [slot5] => {"changed": true, "rc": 1}
stderr: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to slot5 closed.

stdout: Error: Unable to cleanup resource: neutron-l3-agent
Error performing operation: No such device

failed: [slot7] => {"changed": true, "rc": 1}
stderr: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to slot7 closed.

stdout: Error: Unable to cleanup resource: neutron-l3-agent
Error performing operation: No such device


TASK: [controller | script restart-service.sh  neutron-metadata-agent] 
 
changed: [slot14]

TASK: [controller | script restart-service.sh  neutron-dhcp-agent] 
 
changed: [slot14]

TASK: [controller | script restart-service.sh  neutron-openvswitch-agent] 
* 
changed: [slot14]

TASK: [controller | script restart-service.sh  neutron-server] 
 
changed: [slot14]

TASK: [controller | script restart-service.sh  openstack-nova-scheduler] 
** 
changed: [slot14]

TASK: [controller | script restart-service.sh  openstack-nova-conductor] 
** 
changed: [slot14]

TASK: [controller | script restart-service.sh  openstack-nova-api] 
 
changed: [slot14]

PLAY [computes] 
*** 

GATHERING FACTS 
*** 
ok: [slot2]
ok: [slot9]
ok: [slot4]
ok: [slot1]
ok: [slot3]
ok: [slot13]
ok: [slot10]
ok: [slot11]
ok: [slot12]

TASK: [compute | shell openstack-service restart] 
* 
changed: [slot3]
changed: [slot4]
changed: [slot9]
changed: [slot1]
changed: [slot2]
changed: [slot11]
changed: [slot13]
changed: [slot10]
changed: [slot12]

TASK: [compute | neutron-sriov-nic-agent.service] 
* 
changed: [slot2]
changed: [slot4]
changed: [slot1]
changed: [slot3]
changed: [slot9]
changed: [slot10]
failed: [slot13] => {"failed": true}
msg: failure 1 running systemctl show for 
'neutron-sriov-nic-agent.service': Unit neutron-sriov-nic-agent.service 
could not be found.

changed: [slot11]
changed: [slot12]

PLAY RECAP 
 
   to retry, use: --limit @/root/site.retry

slot1  : ok=3changed=2unreachable=0
failed=0   
slot10 : ok=3changed=2unreachable=0
failed=0   
slot11 : ok=3changed=2unreachable=0
failed=0   
slot12 : ok=3changed=2unreachable=0
failed=0   
slot13 : ok=2changed=1unreachable=0
failed=1   
slot14 : ok=9changed=8unreachable=0
failed=0   
slot2  : ok=3changed=2unreachable=0
failed=0   
slot3  : ok=3changed=2unreachable=0
failed=0   
slot4  : ok=3changed=2unreachable=0
failed=0   
slot5  : ok=1changed=0unreachable=0
failed=1   
slot7  : ok=1changed=0unreachable=0
failed=1   
slot9  : ok=3changed=2unreachable=0
failed=0   

[root@director restart-service-overcloud]# 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/08602820-b86a-4f9a-82d4-7252f22794ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when ... is defined not woring as expected?

2016-12-12 Thread Kai 
Hi Brian,

thanks a lot for the pointer / the solution. A double-default does the
trick in this case :)

 with_items: "{{ (pkg_repo_list|default({})).repo_keys | default([]) }}"

Cheers, Kai


On 12/12/16 15:23, Brian Coca wrote:
> when executes for each item in the loop and cannot short circuit the
> with_ as documented
> here 
> http://docs.ansible.com/ansible/playbooks_conditionals.html#loops-and-conditionals
> 
> 
> --
> Brian Coca
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7fymop6Sn%2BM7bSX6Ew%2B5xPfo3r8dGnkxXQGvosm7hLsDA%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b539e8d7-f717-7ab3-b0b0-0442e53f6c1e%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Tasks are not executed in the order defined in With_dict

2016-12-12 Thread Deepa Yr 
Hi

  I have a dict where I need to install patches in the order

patches:
patch1:
patch_name:
   patch2:
patch_name:
   patch3:
patch_name:
  and so on
   patch8:
patch_name:


- name: install patches
  include: install_patch.yml
  with_dict: {{patches}}

When I run above playbook, the order is not as I have defined. It is taking 
patch8,patch1,patch2.. patch7.

Can you please suggest how I can run in the order.

Thanks
Deepa

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f07a7fe-867e-4bef-a249-b8d23034b15e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Creating Security Groups with EC2_group mod

2016-12-12 Thread Josh Smift 
This came up about a year ago on the ansible-devel list,
https://groups.google.com/forum/#!searchin/ansible-devel/prefix$20list%7Csort:relevance/ansible-devel/YjfcFY75wJk/qXoEDQbrEwAJ
is the thread: I'd asked about it, someone replied "yes but it'd be
tricky", I don't think anything's happened since then.

Our workaround is to do it by hand in the AWS console, and put a note in
our configs and docs about it. :^(

You could also probably do something clever with a 'command' module that
called the AWS CLI with appropriate arguments, but I haven't tried that.

  -Josh (j...@care.com)

(apologies for the automatic corporate disclaimer that follows)

This email is intended for the person(s) to whom it is addressed and may 
contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use, 
distribution, copying, or disclosure by any person other than the addressee(s) 
is strictly prohibited. If you have received this email in error, please notify 
the sender immediately by return email and delete the message and any 
attachments from your system.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/22606.46223.45257.968242%40gargle.gargle.HOWL.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when ... is defined not woring as expected?

2016-12-12 Thread Brian Coca 
when executes for each item in the loop and cannot short circuit the with_
as documented here
http://docs.ansible.com/ansible/playbooks_conditionals.html#loops-and-conditionals


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7fymop6Sn%2BM7bSX6Ew%2B5xPfo3r8dGnkxXQGvosm7hLsDA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] when ... is defined not woring as expected?

2016-12-12 Thread Kai 
Hi there!

ansible-playbook (v. 2.2.0.0) throws an error message that I do not
understand in my conext: "'pkg_repo_list' is undefined"

The task reads:

- name: ensure defined apt keys
  apt_key:
state: present
id: "{{pkg_item.id}}"
keyserver: "{{pkg_item.server}}"
  with_items: "{{pkg_repo_list.repo_keys}}"
  loop_control:
loop_var: pkg_item
  become: True
  when: (pkg_repo_list is defined) and (pkg_repo_list.repo_keys is
defined)


The task is the first of two tasks enclosed in a block:
  - block:
[...]
when: pkg_repo_list is defined

(Because of this conditioned block the "when" in the tasks first read
"when: pkg_repo_list.repo_keys is defined", which resulted in the same
error message.)

Shouldn't this task be skipped (in fact: the complete block) and thus
result in no error? What is it that I do not seen here?

Cheers, Kai

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f57a2ef-49ac-dfc3-6670-a7f8e6989939%40gmx.de.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: How to handle passwords with the vault

2016-12-12 Thread 'J Hawkesworth' via Ansible Project 
I think the think you are missing here is that whatever is in group_vars 
(either a file or a directory) needs to match up with the name of a group 
in your inventory file (unless you using the magic 'all' group, which 
applies to all hosts).

So you might wind up with 3 files in different directories like this

group_vars/development/vault
group_vars/testing/vault
group_vars/production/vault  

then in your inventory all the variables in 
group_vars/development/vault
would apply to any hosts belonging to a group called

[development]
host1
host2

You'd then need to encrypt them like this:

ansible-vault encrypt group_vars/development/vault
ansible-vault encrypt group_vars/testing/vault
ansible-vault encrypt group_vars/production/vault

You can use the vaulted variables anywhere you can use ordinary variables, 
but you'll need to supply the vault password to your playbook runs (or you 
can specify a path to a file containing the vault password in your 
ansible.cfg file if that makes sense for you).

Jon


On Friday, December 9, 2016 at 10:57:13 PM UTC, Dave B wrote:
>
> I'm using Ansible to orchestrate a bunch of VM, as expected. I want to run 
> commands as root, so I have the root password in a file in group_vars, so 
> /etc/ansible/group_vars/vault, which I've encrypted with ansible-vault.
>
> I understand from the Best Practices 
> http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults
>  
> that I'm to use a file containing the passwords that's encrypted and  then 
> another referencing those. So I have  
> group_vars -> vault
>  -> vars
>
> cat vars
> ansible_become_user=vault_ansible_become_user
> ansible_become_pass=vault_ansible_become_pass
>
> And then those variables are assigned in vault.
>
> I'm totally not sure how then to use these or reference them. Any 
> advice/guidance would be good.
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6410636b-a207-4908-8350-97c5a6ed2c77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] update of ansible seems to be inconsistent

2016-12-12 Thread Gildas Cotomale 
Le jeudi 8 décembre 2016 09:02:31 UTC+1, Andreas Olsson a écrit :
>
> ons 2016-12-07 klockan 23:40 -0800 skrev Sebastian S.: 
> > which ansible says: /usr/local/bin/ansible 
>
> That looks more like somewhere where Pip would install Ansible, or 
> where someone would install Ansible manually. Any chance that you also 
> have a /usr/bin/ansible, which better match the apt version? 
>
> I don't know how much different Debian and Ubuntu can be there. 
My Debian installation, done with Pip gives the same answer. 


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7b7429cc-4ae6-4e42-8fba-50c3d3a617cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] update of ansible seems to be inconsistent

2016-12-12 Thread Sebastian S. 
You were right. There was a ansible pip installation. I uninstalled it and 
ansible --version is now correct. Thank you!! ^^ 

Am Donnerstag, 8. Dezember 2016 13:44:35 UTC+1 schrieb Sebastian S.:
>
> In fact there is one. But when I run this one something goes wrong:
>
> ansible@DE9899S76 /etc/ansible/roles % /usr/bin/ansible  
> Traceback (most recent call last):
>   File "/usr/bin/ansible", line 46, in 
> from ansible.module_utils._text import to_text
> ImportError: No module named _text
>
>
> Am Donnerstag, 8. Dezember 2016 09:02:31 UTC+1 schrieb Andreas Olsson:
>>
>> ons 2016-12-07 klockan 23:40 -0800 skrev Sebastian S.: 
>> > which ansible says: /usr/local/bin/ansible 
>>
>> That looks more like somewhere where Pip would install Ansible, or 
>> where someone would install Ansible manually. Any chance that you also 
>> have a /usr/bin/ansible, which better match the apt version? 
>>
>> // Andreas 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/81c19ee5-a5a0-44d5-9321-09cd60bf6ca4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Creating Security Groups with EC2_group mod

2016-12-12 Thread Dan 
Has anyone found a method around this?

On Friday, December 9, 2016 at 5:57:09 PM UTC-5, Dan wrote:
>
> I've had great success in building out my security groups with this 
> module, until today.
>
> The issue is that I cannot code in yaml a destination referencing a 
> prefix-list. "pl-XX"
>
> Is this supported? Or planned in the future?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/27b5d484-2e59-449e-8f00-f72afef26f8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible wait_for ssh for a specific user

2016-12-12 Thread zerros 
Hi, forgive me for my bad english.

I'm trying to find a way to test an ssh connection to a specific user on a 
new server.

When I create a new virtual server, an ansible playbook is executed to 
finish the soft deployments:
1 Check if ssh is available (port 22)
2 Chekc if the ansible user is available
3 Get the uname
4 Install packages


I have no problem for 1, 3 and 4:

- name: "waiting for host to start"
  local_action: wait_for
host={{ inventory_hostname }}
state=started
port=22
delay=10
  become: false

- name: "waiting to connect to  user"
  local_action: command ssh -i ~/.ssh/mykey -o ConnectTimeout=5 -o 
ConnectionAttempts=1 -o UserKnownHostsFile=/dev/null -o 
StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no 
-l x {{inventory_hostname}} exit
  register: result
  until: result.rc == 0
  retries: 20
  delay: 5

- name: "waiting the uname"
  command: uname -a
  register: result

- name: "uname"
  debug:
var: result.stdout

but the second step is never OK. When the playbook execute this step, 
ansible execute the command, but never exit from this command. I have to 
kill the process of this command to force ansible to re-run a new test.
Finally when the server and user is available, after a new kill, ansible 
can continue with step 3.

How can I resolve this problem. I can add a sleep before the step 2, but it 
is not a good solution. Thanks in advance for your helps.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/27ff917d-f4cd-4b48-9e83-0860c8b99115%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible philosophy for those new to the list == keep it simple

2016-12-12 Thread Bit Divine 

Do you feel safe running the playbook automatically every five minutes and 
having it alert you when things were not as expected?  Personally that's 
the point I'd feel queasy about, and given that a playbook (in my 
philosophy) logically must have a check only mode, not as a feature but as 
something you get for free, I'd be happier using that.  Automatic 
correction would be cool but I'd only want it at night if it's run during 
office hours only for long enough for me to trust it.  Or at least long 
enough for me to make a call on whether to take that risk.  Where I can 
take the risk I'd be very happy for the infrastructure to be self healing! 
 That is not just "make it so" but "make it stay so".

I agree completely (from my limited understanding) that Ansible it is not 
primarily a monitoring tool.  It is primarily a "make it so" tool.  Whether 
one gets an "is it so" out for free is a litmus test for whether it's a 
high reliability "make it so".  What to do about e.g. extra users of a 
system goes beyond even the free extra.  Funnily enough I was flipping 
through a Google Site Reliability Engineering book on the train last night 
and they brought up exactly the case of incorrect user lists.  In their 
manual they recommend having the system notice and alert but not try to 
autocorrect.  I wasn't even going to go as far as alert.  Finding all users 
in Ansible takes one jsonpath selector.  Getting all users in AWS also 
takes one line of code.  Writing a check that does the diff automatically 
is super-straightforward!  It uses Ansible as a data store but it's not 
Ansible that does the check.

I am interested that you describe Ansible as a job description rather than 
the description of desired state that I had been imagining.  That makes it 
a means to an end, an imperative language in declarative guise.  How do you 
represent the desired end state?  I am looking for something that is good 
at describing that end state and if Ansible is on a divergent course it's 
good for me to know early! :-)

Regards, Max

On Saturday, December 10, 2016 at 7:47:18 PM UTC, Dick Davies wrote:
>
> You're right to point out the map is not the territory. 
>
> The disk space argument sounds like just semantics, generally I think most 
> engineers hear '10Gb disk' as 'storage with 10Gb capacity' with various 
> caveats. 
>
> I think idempotent playbooks cover the 'check installation is good' 
> rather well in practice. 
> We frequently run our playbooks and verify they're all green, with 
> some thought it's straightforward 
> for that playbook to not affect state if no work needed to be performed. 
>
> Ansible works best (for me) when it delegates to the underlying 
> operations primitives - a service 
> task _can_ hack around a badly written initscript but fixing the 
> underlying initscript pays 
> off in more situations. 
>
> 'who are the additional users' is not a question ansible should be 
> asking, in my opinion. 
> I think of a playbook as a job description - if you can do the job I 
> don't care about your other 
> attributes. That way lies the madness of CMDBs. 
>
> On 9 December 2016 at 20:02, Bit Divine > 
> wrote: 
> > 
> > On the matter of philosophy, as someone who has taken care of 
> infrastructure 
> > for a while but who is new to Ansible, here is my general take.  What do 
> you 
> > think?  How does it compare with your vision? 
> > 
> > * A deployment script is primarily a declaration of intended state. 
>  (E.g. 
> > logical volume X should exist and should have size at least 10GB.) 
> > * If you tell a physicist the above, he or she is likely to counter that 
> > abstract truths don't exist in the real world.  The only truths are 
> > empirical.  When we say that a drive has size 10G what we really mean is 
> > that we can write 10G of data to it and read it back.  Actually doing 
> that 
> > every time we want to check a partition size is a bit slow and tedious 
> so we 
> > may use lvdispaly instead (knowing full well that lvdisplay can give a 
> > different answer) but this is still an actual verifiable test, not an 
> > abstraction. 
> > * Corollary:  A deploy script's declaration of state is a sequence of 
> tests 
> > of the form "is the world in state X?". 
> > * If a test of the form "is the world in state X?" returns negative, a 
> > deploy script should have an action of the form "make it so". 
> > * Lesson from life, just because an installation script returns true 
> doesn't 
> > mean that it succeeded.  The world is full of broken code and it is 
> > pointless trying to rail against it.  Any deploy script that does: 
> `check 
> > else install` is vulnerable to broken installers.  Site reliability 
> > engineers cannot afford to write installers like that.  Their installers 
> > must always be of the form `check or ( install and check again )`. 
> > * Corollary: Every aspect of an install script needs two functions: 
> check 
> > and install, and they should be run as `check or