Re: [ansible-project] Is splitting of the inventory possible?
Try setting up one inventory for QA, another for DEV, and a third for production. You can use the same playbooks with different inventories so it'll keep the environments isolated but you'll get better consistency between each env. On 6 July 2017 at 07:36, wrote: > Hi, > > assume we would have 1000 projects in a big company and an OPS guys > tells us to copy every detail for provisioning for qa, dev and prod in one > repository. Some told arguments: > > just to clone one repository > all Unix machines require a basic setup and therefore the concrete inventory > file has to have all hosts and roles > (the intention is to maintain the host names at multiple locations) > > a) Is this the way to go or is there a better solution? > b) when a) could you please provide examples (url's) where to read? > > Kind Regards, > Thomas > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/54c81f68-5bd5-451e-9194-e68c7ed9cac9%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK5eLPSQCWtSrtQOh7JSHfuNfcNMEdT7zm2bkNmvPnw6qAmfcg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Is splitting of the inventory possible?
Hi, assume we would have 1000 projects in a big company and an OPS guys tells us to copy every detail for provisioning for qa, dev and prod in one repository. Some told arguments: - just to clone one repository - all Unix machines require a basic setup and therefore the concrete inventory file has to have all hosts and roles (the intention is to maintain the host names at multiple locations) a) Is this the way to go or is there a better solution? b) when a) could you please provide examples (url's) where to read? Kind Regards, Thomas -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/54c81f68-5bd5-451e-9194-e68c7ed9cac9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] How to use set_fact to set a new host fact based on when conditionals.
Hi all, I am trying to set a new host fact (is_master, is_slave) based on comparison of a pre-assigned variable and ansible_hostname fact. group_vars/ master_hostname: host1 slave_hostname: host2 Tasks - name: Set master host fact set_fact: is_master: yes when: master_hostname == ansible_hostname - name: Set slave host fact set_fact: is_slave: yes when: slave_hostname == ansible_hostname - name: copy master configuration file template: src: master.j2 dest: /etc/master.conf when: is_master == True - name: copy slave configuration file template: src: slave.j2 dest: /etc/slave.conf when: is_slave == True TASK [Gathering Facts] * ok: [host1] ok: [host2] TASK [Set is_master variable] *** ok: [host1] skipping: [host1] TASK [Set is_slave variable] skipping: [host2] ok: [host2] The goal I am trying to reach is to run certain tasks depending whether the host is master or slave. But these set_fact tasks always get skipped even though condition should be true. Really appreciate your help in pointing out what I am doing wrong. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b4039197-4934-4bc4-94ef-40996b6fde06%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: handlers and include files with variables in filenames
On Fri, Jun 23, 2017 at 3:13 AM, Jeff Li wrote:
>
> I solved the problem by using vars_files directive in playbook. The
> directory structure looks like
>
> playbook.yml
> vars/main.yml
> roles/my-roles/...
>
> The playbook.yml looks like
>
> ---
> hosts: all
> vars_files:
> - vars/main.yml
> tasks:
>
> roles:
>
I hate to say but I still do not know how are you selecting
which handlers to use.
>
> On Thursday, June 8, 2017 at 6:20:54 PM UTC+8, Mauricio Tavares wrote:
>>
>> So I am running ansible 2.3.0.0. What I want to do is to have my
>> handlers/main.yml file to include another file (where some handlers
>> are defined) whose name depends on a variable defined somewhere else.
>> i.e.
>>
>> - include: stuff"{{ myvariable }}".yml
>>
>> where myvariable is defined in the file group_vars/all. I also have
>>
>> [defaults]
>> handler_includes_static = True
>>
>> defined in my ansible.cfg file per
>> https://github.com/ansible/ansible/issues/13485. But when I run it I
>> get the following message:
>>
>> ERROR! Error when evaluating variable in include name: stuff"{{
>> myvariable }}".yml.
>>
>> When using static includes, ensure that any variables used in their
>> names are defined in
>> vars/vars_files or extra-vars passed in from the command line. Static
>> includes cannot use
>> variables from inventory sources like group or host vars.
>>
>> Where does it want me to define myvariable then? Somewhere in, say,
>> roles/role_in_question/vars/main.yml?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b268dafb-3a55-4a24-865e-bf9ccd482d2d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAHEKYV6VR5SLv44%3DcCCNPfjm9y1yPsfGt9DaOJ6k4BAEWSOQpA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Anyway to render jinja templates like all.yml or group vars using ansible api?
Need it to work with variables / filters / boolean logic, etc. It's not a static file. On Wednesday, July 5, 2017 at 6:34:09 PM UTC-7, Brian Coca wrote: > > Just use pyyaml to import the file? > > > > -- > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4faa357c-bde9-46ff-89e5-462e16306ff2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Anyway to render jinja templates like all.yml or group vars using ansible api?
Just use pyyaml to import the file? -- -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7cOdMzay_av9JokAOevdZ8u%2B1hddvJFgn1A%3D20%2BEzUU9A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Anyway to render jinja templates like all.yml or group vars using ansible api?
Would like to access the all.yml, group_vars variables outside the context of a playbook? Ideally through the api Less ideal output a rendered all.yml, then i'll read it afterwards. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a677a931-3947-412e-993f-7909bbf37e3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Playbook that uses become only if root user not specified?
That's what I thought! Apparently they're not because if I use true it
works fine when specifying root account. I've tried googling to find the
difference but no luck. I guess that's my next question on here? Lol
On Jul 5, 2017 2:27 PM, "Daniel JD" wrote:
> I thought become: True and become: yes are "the same"?!
>
> Am Dienstag, 4. Juli 2017 20:06:29 UTC+2 schrieb ajay jiwanand:
>>
>> A very simple fix was to just change become:true to become:yes and root
>> authentication works as long as you dont specify sudo password in command
>> line (-K) and specify root account with -u
>>
>> On Tuesday, July 4, 2017 at 1:46:05 PM UTC-4, ajay jiwanand wrote:
>>>
>>> Hey Daniel,
>>>
>>> That definitely looks like it can work but that would mean that I would
>>> have to specify one password for sudo accross all devices? As there are
>>> tons of devices and tons of "admin" accounts for users who are able to
>>> perform these action it wont be possible for me to place one password under
>>> ansible_become_pass. Is it possible for the password to be taken from the
>>> password entered when running the playbook or for the playbook to skip
>>> become all together when ansible_user != 'root'?
>>>
>>> I've tried this:
>>>
>>> become: true
>>> when: ansible_user != 'root'
>>>
>>> no luck
>>>
>>> On Tuesday, July 4, 2017 at 2:05:37 AM UTC-4, Daniel JD wrote:
You could use something like the following:
- name: Set sudo Passwort
set_fact:
ansible_become_pass: "{{ my_encrypted_password }}"
when: ansible_user == 'non-root-user'
Am Dienstag, 4. Juli 2017 05:03:08 UTC+2 schrieb ajay jiwanand:
>
> I am writing a playbook that will cover a wide ranged of hosts some
> that is integrated into AD with sudo privileges and others with just a
> local "root" account. I currently have the playbook written with the
> become
> module and it works fine for AD integrated hosts but when i specify a root
> user it throws the error "needs sudo password" when I set become_user:
> root
> it works fine for root accounts but it gives sudo errors when using AD
> integrated users. Is it possible to have a playbook use sudo passwords
> when
> the user specified (through command line -u) is not root?
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/ansible-project/FEhxi0m2GUM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/ec5e81fd-a551-4760-b4e9-5fe7d0f09fbc%40googlegroups.
> com
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOnK-XrHk3bPr88OO%3DrLJ%3D4%3DZ1u_-BCv724qk3yMrTfRhJo%2BPg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Ansible parallell playbooks
Hi, In my project, where we install Splunk with the help of terraform and ansible, we ran into some "errors" where we had the ansible playbook run on 3 hosts installing a search head in Splunk. On of the tasks were to configure one of these hosts as a captain. In this case, the task was given a list on members of a cluster if the count was 0, otherwise it was given an empty list. The problem was that since there is no garantuee that the playbooks will finish at the same time, that task got excecuted before the other cluster members were up and running (restarting them in some of the tasks). So, our solution was to break out that task into a new playbook (which seams like half arsed solution in a way, but it worked). Have I missed something in ansible documentation about some task or module that handles this kind of problem? Like a hold_and_wait for condition? Is there a way to let playbooks run in parallell with each other, but with a condition to continue if all playbooks reach a specific task and then continue? I dont know if this was the best explanation of the problem but, ask if there is any uncertanties in what I mean! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b8ea3eee-59c5-4001-a571-77780099be15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] How to have a space in a variable from a JSON payload returned by uri module
Im using the uri module to call a REST endpoint but the JSON structure
returns contains a space which im not sure how to escape.
First the call i make and register:
- name: Get subnet information (DNS, gateway, netmask etc.)
uri:
url: "{{ phpipam_url }}/subnets/7/"
method: GET
headers:
token: "{{ ipam_login.json.data.token }}"
status_code: 200
register: subnet_info
subnet_info then contains the JSON payload:
"json": {
"code": 200,
"data": {
"DNSrecords": "1",
"DNSrecursive": "1",
"allowRequests": "1",
"calculation": {
"Broadcast": "192.168.111.255",
"IP address": "/",
"Max host IP": "192.168.111.254",
"Min host IP": "192.168.111.1",
"Network": "192.168.111.0",
"Number of hosts": 254,
"Subnet Class": "private C",
"Subnet bitmask": "24",
"Subnet netmask": "255.255.255.0",
"Subnet wildcard": "0.0.0.255",
"Type": "IPv4"
...
what i am after here is the Subnet netmask in the data.calculation but when
i reference it like this:
"'{{ subnet_info.json.data.calculation.Subnet Netmask }}'"
or
'{{ subnet_info.json.data.calculation.Subnet Netmask }}'
or
"{{ subnet_info.json.data.calculation.Subnet Netmask }}"
i get the following error:
fatal: [localhost]: FAILED! => {
"failed": true,
"msg": "template error while templating string: expected token 'end of
print statement', got 'Netmask'. String: '{{
subnet_info.json.data.calculation.Subnet Netmask }}'"
}
how can i get to that JSON data that contains a space and reference that as
a variable?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/dbbb5f99-35f5-4f91-8248-ccdb9dc45dfe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Ansible with cpanel
I'll explain the current scenario:
We have around 500 cpanel servers which are either openvz VEs or physical
servers. Currently these servers are managed using puppet for rolling out
any common tasks. We have also disabled direct ssh login for root on all
servers for security.
Now we need to setup ansible and replace puppet. So I need to know if the
following is a correct approach:
-I've setup a new server and installed ansible.
-Since direct ssh root login is disabled in the client cpanel servers, I've
added a new user in the client servers and have setup key based
authentication from the ansible server.
-Granted sudo privilege by adding the line "ih_ansible_userALL=(root)
NOPASSWD: ALL" in /etc/sudoers file using visudo command.
I tried ansible adhoc commands like ansible -m ping test.cpanelserver.com
and it started working but stopped abruptly after a few times with the
following error:
[ih_ansible_user@ansible /]$ ansible -m ping test.cpanelserver.com
test.cpanelserver.com| FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Shared connection to test.cpanelserver.com
closed.\r\n",
"module_stdout": "sudo: PERM_ROOT: setresuid(0, -1, -1): too many
processes\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
Also getting a similar error when i execute commands as this ansibler in
the client servers:
ih_ansible_user@cpanel [/root]# sudo httpd status
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
On searching the above error I could see that there is a limit set for user
other than root and I'm unable to increase the limit. The suggested fix is
to disable shell fork bomb protection but it is not secure to do so.
Is the above method correct? If so how to overcome this error.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e015338e-213a-4471-aec4-bee6ec92f077%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] File beat installation and configuration with Ansible
Hello,
I'm writing an Ansible script that install and configure filebeat (agent of
logstash).
I've finished the installation part. Now i need to add the configuration
part to the script. I pretty new with Ansible and i need some help.
The user that suppose to run the script will have to select a few groups
from a list, and each group from the list contains a few logs paths, which
need to be added to the filebeat configuration file.
For example:
Groups to select foe example: redis, nginx, php-fpm
Redis logs:
/var/log/redis/redis.log
/var/log/redis/sentinel.log
Nginx logs:
/var/log/nginx/access.log
/var/log/nginx/error.log
php-fpm logs:
/var/log/php-fpm/error.log
If the user will select redis and php-fpm, these logs will be added to
filebeat configuration file (on the remote host), which located
on /etc/filebeat/filebeat.yml, under paths section:
filebeat:
prospectors:
-
paths:
- /var/log/redis/redis.log
- /var/log/redis/sentinel.log
- /var/log/php-fpm/error.log
I will really appreciate some help over here. Which of the modules are
most recommended in this case? Code examples? etc.
Here is what i've done so far, which contain the installation part only.
- name: Install filebeat
gather_facts: False
remote_user: myUser
become: yes
vars:
elasticsearch_repo_base_url:
"https://packages.elastic.co/beats/yum/el/$basearch";
elasticsearch_repo_gpg_key_url:
"http://packages.elastic.co/GPG-KEY-elasticsearch";
tasks:
- name: Importing Elasticsearch public GPG key
rpm_key:
key: "{{ elasticsearch_repo_url }}"
state: present
- name: Add repository for filebeat
yum_repository:
name: Elastic Beats Repository
description: Elastic Beats Repository
baseurl: "{{ elasticsearch_repo_base_url }}"
gpgkey: "{{ elasticsearch_repo_gpg_key_url }}"
gpgcheck: yes
- name: Install filebeat
yum:
name: filebeat
state: latest
- name: Enabling filebeat service on boot and starting
service:
name: filebeat
state: restarted
enabled: yes
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1825bafc-00c7-4d39-af64-c093cd941a47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] getting key:value from fact
On 04. juli 2017 18:59, Jan Mattsson wrote:
I am trying to get back into some Ansible automation after some absence but
get stuck immediately trying to get the IP address of an Azure VM from
ansible facts:
ok: [localhost] => {
"*interface_facts.ansible_facts.azure_networkinterfaces*": [
Here you have a list.
{
"etag": "W/\"a4csdf-b1120d-5c9fb31354129\"",
"id":
"/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/networkInterfaces/testvm1-eth0",
"location": "westeurope",
"*properties*": {
"dnsSettings": {
"appliedDnsServers": [],
"dnsServers": [],
"internalDomainNameSuffix":
"kttxupoc3ofsdf25452peia.ax.internal.cloudapp.net"
},
"enableIPForwarding": false,
"*ipConfigurations*": [
Here you have a list.
{
"etag":
"W/\"ae60d652-3b57-4cfd-b10d-5c9fb11296e6\"",
"id":
"/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/networkInterfaces/testvm1-eth0/ipConfigurations/default",
"name": "default",
"*properties*": {
"privateIPAddress": "192.168.1.2",
*"privateIPAddressVersion": "IPv4",*
"privateIPAllocationMethod": "Dynamic",
"provisioningState": "Succeeded",
"subnet": {
"id":
"/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/IaaS-Vnet/subnets/IaaS-Test-FE-Subnet"
}
}
}
],
"macAddress": "0E-0D-3E-29-FE-AF",
"networkSecurityGroup": {
"id":
"/subscriptions/a4csdf-b1120d-5c9fb31354129/resourceGroups/testRG/providers/Microsoft.Network/networkSecurityGroups/testvm1-eth001"
},
"primary": true,
"provisioningState": "Succeeded",
"resourceGuid": "a7182a83-61bc-3bed-9758-2d72f251952d",
"virtualMachine": {
"id":
"/subscriptions/1a4csdf-b1120d-5c9fb31329-e5b/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testvm1"
}
}
}
]
}
I Thought that I could get the IP by using
"interface_facts.ansible_facts.azure_networkinterfaces.properties,ipConfigurations.properties.privateIPAddress
You have two list in you structure to reach privateIPAddress, try
interface_facts.ansible_facts.azure_networkinterfaces.0.properties.ipConfigurations.0.properties.privateIPAddress
it can also be written like this
interface_facts.ansible_facts.azure_networkinterfaces[0].properties.ipConfigurations[0].properties.privateIPAddress
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f737accc-93c3-9d7c-a321-c9ad3261f9fe%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Using a windows file share as a source in win_chocolatey.
Hi All,
Really excited to have discovered this group. Looking forward to being an
active member.
I've just got going on ansible to manage some windows workstations. I'm
attempting to use the win_chocolatey module to manage my installs.
Does anyone know if it's possible to use a UNC path to a windows file share
as the source of the packages.
For example:
- name: Install Packages
win_chocolatey:
name: "{{ item.name }}"
source: "{{ item.source }}"
state: present
with_items:
- { name: "package1", source:
'\\fileserver\Installs\package1.nupkg' }
- { name: "package2", source:
'\\fileserver\Installs\package2.nupkg' }
When running the above (and many different permutations) I get the below
error:
"msg": "Exception calling \"DownloadString\" with \"1\" argument(s):
\"Unable to connect to the remote server\""}
I have ensured the account i'm running the playbook with has a kerberos
ticket using kinit and can connect to both the machine being managed and
the fileshare, and has the correct NTFS/share permissions.
I would have though as win_chocolatey relies on winRM that connecting to
windows file shares was possible but want to confirm.
Thanks in advance.
Nick
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9e05a6ff-972b-4242-92df-d56deb4c4e8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Cannot read group_variable from role task - Ansible 2.3.1.0 (works fine with 2.1) -
Hello,
I have some trouble on reusing a code wrote for Ansible 2.1.1.0 with
Ansible 2.3.1.0.
With Ansible 2.3 when I try reading, from a task of a role, a nested
variable that comes from "group_vars", tells me that variable isn't define.
I remove all unnecessary from my code and create an example code
(following).
The structure is :
- test.yml
- group_vars:
- db.yml
- hosts:
- dev
- roles:
- dbtest:
- tasks:
- main.yml
Where "test.yml" is:
- name: test
hosts: db
gather_facts: false
roles:
- dbtest
"db.yml" under group_vars is:
databases:
- name: dbName
encoding: utf8
"dev" under "hosts" is :
[local-db]
localhost
[db:children]
local-db
"main.yml" under "roles/dbtest/tasks" is:
- name: 'Print databases'
debug:
var: databases
- name: 'Item'
debug:
var: item
with_items: databases
- name: 'Item Name'
debug:
var: item.name
with_items: databases
When I run the code with Ansible 2.1.1.0 calling
ansible-playbook -i hosts/dev test.yml
,I got this output:
PLAY [test]
TASK [dbtest : Print databases]
ok: [localhost] => {
"databases": [
{
"encoding": "utf8",
"name": "dbName"
}
]
}
TASK [dbtest : Item]
***
ok: [localhost] => (item={u'name': u'dbName', u'encoding': u'utf8'}) => {
"item": {
"encoding": "utf8",
"name": "dbName"
}
}
TASK [dbtest : Item Name]
**
ok: [localhost] => (item={u'name': u'dbName', u'encoding': u'utf8'}) => {
"item": {
"encoding": "utf8",
"name": "dbName"
},
"item.name": "dbName"
}
PLAY RECAP
*
localhost : ok=3changed=0unreachable=0failed=0
When I run with Ansible 2.3.1.0 the output is:
PLAY [test]
**
TASK [dbtest : Print databases]
**
ok: [localhost] => {
"databases": [
{
"encoding": "utf8",
"name": "dbName"
}
]
}
TASK [dbtest : Item]
*
ok: [localhost] => (item=databases) => {
"item": "databases"
}
TASK [dbtest : Item Name]
ok: [localhost] => (item=databases) => {
"item": "databases",
"item.name": "VARIABLE IS NOT DEFINED!"
}
PLAY RECAP
***
localhost : ok=3changed=0unreachable=0failed=0
As you can see, on the last step when I try to read "item.name" the old one
works, the new one doesn't see the variable.
I'd like to understand if is possible and how modify my code in order that
will work also with Ansible 2.3 (considering that in my full code I widely
use nested variable as describe above.
Tell me if you need more information and if you have any suggestion, thanks
Paolo
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/93836018-ba9b-44b2-90f1-ee2c53921b3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Using Cpanel with Ansible
Hi,
Let me explain our environment first:
We have about 500 cpanel servers which are either openvz VEs or physical
servers. We are now using puppet to manage and carry out any common system
administration tasks on the servers. Direct ssh root login is disabled on
ll these servers.
Requirement: We need to setup ansible to replace puppet.
What I've done:
Since direct ssh root login is disabled, I've created a new user in the
client server and set up key based authentication from ansible master
server. Also gave sudo privileges to this user so that the user has got
sufficient privileges to execute commands as the root user.
I tried a few ansible adhoc commands and they worked for a few times, for
eg:
[ih_ansible_user@ansible /]$ ansible -m shell -a '/etc/init.d/exim status'
test.cpanelserver.com
test.cpanelserver.com | SUCCESS | rc=0 >>
exim (pid 28919 22473 21885 19961 19960 18016 16832 10399 10059 6131 3856
3657 3501 3431 2083 2012) is running...
[ih_ansible_user@ansible /]$ ansible -m shell -a '/etc/init.d/mysql status'
test.cpanelserver.com
test.cpanelserver.com | SUCCESS | rc=0 >>
SUCCESS! MySQL running (13701)
[ih_ansible_user@ansible /]$ ansible -m shell -a 'df -h'
test.cpanelserver.com
test.cpanelserver.com | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 2.0T 1.3T 598G 69% /
But after a few tries, I get the error:
[ih_ansible_user@ansible /]$ ansible -m shell -a '/etc/init.d/httpd status'
test.cpanelserver.com
test.cpanelserver.com| FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Shared connection to test.cpanelserver.com
closed.\r\n",
"module_stdout": "sudo: PERM_ROOT: setresuid(0, -1, -1): too many
processes\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
I'm also getting a similar error when I execute the command from the client
server as the ansible user:
ih_ansible_user@test [/root]# sudo httpd status
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
Upon searching, I could see that the number of processes for users other
than root is restricted in cpanel servers. The suggested fix is to disable
shell fork bomb protection but it is not secure. Also I'm unable to
increase the limit.
Currently I'm stuck at this point. Please let me know if this is the
correct approach, like adding a new user for ansible etc.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/78f66838-46df-410e-9d30-bd7e9e6cff29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Ansible: Some problems with modules【raw】
When I was using modules of raw, Some servers do not automatically stop tasks。 Have you ever been in a similar situation? ansible server:SUSE Linux Enterprise Server 11 SP4 (x86_64) ansible version:1.7.2 Problematic server:AIX 6.1 Problem Description: Timeout is the default, nor does it occur every time, occasionally. Use command or shell module, will not be the problem, but the client is not necessarily installed python, it can only use raw. If you need additional information, please explain that I will provide. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/60e70ef1-22ab-4578-89f6-ab0059933d09%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Some problems with module raw
When I was using modules of raw, Some servers do not automatically stop tasks。 Have you ever been in a similar situation? ansible server:SUSE Linux Enterprise Server 11 SP4 (x86_64) ansible version:1.7.2 Problematic server:AIX 6.1 Problem Description: Timeout is the default, nor does it occur every time, occasionally. Use command or shell module, will not be the problem, but the client is not necessarily installed python, it can only use raw. If you need additional information, please explain that I will provide. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b06a4c9c-5b4c-4faf-8e7b-30f7807b28c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Role to generate System documentation.
G'day one and all, Yesterday while updating some system operations manuals I thought some of this could be done automatically by Ansible by using templates and gathered facts in conjunction with PDF generation. Before I start would like to know if someones already done it without me re-inventing the wheel? Stephen -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/59c7b7e5-c6ca-402b-9904-7f3fe70dea5e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] bigip_irule module and token authentication
Hi Does anyone know whether the bigip_irule module supports token authentication? Using remote (ldap) auth to the BigIP and, while initial authentication is successful, subsequent REST calls fail with auth error. All indications are that module does not support tokens, but unable to find any definitive documentation. Thanks -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0dd3d1b5-7574-49b6-9cf6-526d9e1991e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Playbook that uses become only if root user not specified?
I thought become: True and become: yes are "the same"?!
Am Dienstag, 4. Juli 2017 20:06:29 UTC+2 schrieb ajay jiwanand:
>
> A very simple fix was to just change become:true to become:yes and root
> authentication works as long as you dont specify sudo password in command
> line (-K) and specify root account with -u
>
> On Tuesday, July 4, 2017 at 1:46:05 PM UTC-4, ajay jiwanand wrote:
>>
>> Hey Daniel,
>>
>> That definitely looks like it can work but that would mean that I would
>> have to specify one password for sudo accross all devices? As there are
>> tons of devices and tons of "admin" accounts for users who are able to
>> perform these action it wont be possible for me to place one password under
>> ansible_become_pass. Is it possible for the password to be taken from the
>> password entered when running the playbook or for the playbook to skip
>> become all together when ansible_user != 'root'?
>>
>> I've tried this:
>>
>> become: true
>> when: ansible_user != 'root'
>>
>> no luck
>>
>> On Tuesday, July 4, 2017 at 2:05:37 AM UTC-4, Daniel JD wrote:
>>>
>>> You could use something like the following:
>>>
>>> - name: Set sudo Passwort
>>> set_fact:
>>> ansible_become_pass: "{{ my_encrypted_password }}"
>>> when: ansible_user == 'non-root-user'
>>>
>>> Am Dienstag, 4. Juli 2017 05:03:08 UTC+2 schrieb ajay jiwanand:
I am writing a playbook that will cover a wide ranged of hosts some
that is integrated into AD with sudo privileges and others with just a
local "root" account. I currently have the playbook written with the
become
module and it works fine for AD integrated hosts but when i specify a root
user it throws the error "needs sudo password" when I set become_user:
root
it works fine for root accounts but it gives sudo errors when using AD
integrated users. Is it possible to have a playbook use sudo passwords
when
the user specified (through command line -u) is not root?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ec5e81fd-a551-4760-b4e9-5fe7d0f09fbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: complex loop in playbook
maybe json_query will do the trick: https://docs.ansible.com/ansible/playbooks_filters.html#json-query-filter -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1dcd594c-b8d6-4e5c-a6ca-afcf712b7206%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Ansible custom module and custom python library
It works, thanks Brian ! -- Yassine On Monday, July 3, 2017 at 5:53:44 PM UTC+2, Brian Coca wrote: > > docs are basically the same as my response, use a module_utils/ dir > adjactent to play/in role or specify a dir in config in the path > entry, then you can use just like anything in the shipped ansible > module_utils dir. > > > > -- > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7d5f30ed-86e3-4b7e-b3b1-a7fde935faba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] ansible and windows AD module
I am trying to invoke AD commands( I put this into powershellscript) from
ansible server. I am using Kerberos in the ansible server for auth. Can you
guys help in this issue?
Below is my powershell script runs on windows server(windows server 2008 r2
standard), which is in domain. I am able to run this powershell script fine
when I RDP into this machine. But fails when i run this script from
powershell.
==
param (
[string]$vm_name
)
$grp= -join($vm_name,"_login")
Import-Module -Name ActiveDirectory
Set-ADGroup -Identity $grp -GroupScope Universal -GroupCategory Security
Add-ADGroupMember -Identity $grp -Members eoinf-sysadmin
Below is error message when I run above script from ansible:
=
ansible-playbook winAD.yml --extra-vars "vm_name=marx5075" -vv
Using /home/athangal/playbooks/ansible.cfg as config file
PLAYBOOK: winAD.yml
1 plays in winAD.yml
PLAY [win]
*
TASK [raw]
*
task path: /home/athangal/playbooks/winAD.yml:8
changed: [WINDOWS.my.corp] => {"changed": true, "rc": 0, "stderr":
"Set-ADGroup : Unable to contact the server. This may be because this
server \r\ndoes not exist, it is currently down, or it does not have the
Active Directory \r\nWeb Services running.\r\nAt
C:\\scripts\\setUnvGp.ps1:6 char:1\r\n+ Set-ADGroup -Identity $grp
–GroupScope Universal -GroupCategory Security\r\n+
\r\n+
CategoryInfo : ResourceUnavailable: (marx5075_login:ADGroup) [S
\r\net-ADGroup], ADServerDownException\r\n+ FullyQualifiedErrorId : Unable
to contact the server. This may be becaus \r\ne this server does not exist,
it is currently down, or it does not have th \r\ne Active Directory Web
Services running.,Microsoft.ActiveDirectory.Managem
\r\nent.Commands.SetADGroup\r\n\r\nAdd-ADGroupMember : Unable to contact
the server. This may be because this \r\nserver does not exist, it is
currently down, or it does not have the Active \r\nDirectory Web Services
running.\r\nAt C:\\scripts\\setUnvGp.ps1:7 char:1\r\n+ Add-ADGroupMember
-Identity $grp -Members eoinf-sysadmin\r\n+
\r\n+
CategoryInfo : ResourceUnavailable: (marx5075_login:ADGroup) [A
\r\ndd-ADGroupMember], ADServerDownException\r\n+ FullyQualifiedErrorId :
Unable to contact the server. This may be becaus \r\ne this server does not
exist, it is currently down, or it does not have th \r\ne Active Directory
Web Services running.,Microsoft.ActiveDirectory.Managem
\r\nent.Commands.AddADGroupMember\r\n", "stdout": "", "stdout_lines": []}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/93fc7484-b015-4435-a3fb-23aa9c8f8b07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Add 'check mode' feature to an existing module
ec2_elb_lb does not support 'check mode' (Dry run). I would like to add it to the module. - Is the below still the preferred way? https://groups.google.com/d/topic/ansible-project/v638okDSzvo/discussion add supports_check_mode=True to the bottom of the AnsibleModule constructor > > AND > > wherever a module decides to set "changed" = True, and before actually > making a change, do something like: > > if self.check_mode: > module.exit_json(changed=True) > - Are there any templates or examples? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1e4977cd-022a-4215-a543-ab05ea249fa2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] handler with listed variables
Hello,
I'm having trouble to figure out the best way to use handler with listed
variables. My setup is as follow:
*vars:*
omd_sites:
- prod
- stg
- dev3
*tasks:*
- name: Template groups.mk
template:
src: groups.mk.j2
dest: "/opt/omd/sites/{{ item }}/etc/check_mk/conf.d/groups.mk"
owner: "{{ item }}"
group: "{{ item }}
with_items: "{{ omd_sites }}"
notify: cmk reload
*handlers:*
* # option1*
- name: cmk reload
command: su -c "cmk -O" -l "{{omd_sites}}"
*Error: *
FAILED! => {"changed": true, "cmd": ["su", "-c", "cmk -O", "-l", "[u'prod',
u'stg', u'dev3']"], "delta": "0:00:00.002481", "end": "2017-07-05
13:11:30.514962", "failed": true, "rc": 1, "start": "2017-07-05
13:11:30.512481", "stderr": "su: user [u'prod', u'stg', u'dev3'] does not
exist", "stderr_lines": ["su: user [u'prod', u'stg', u'dev3'] does not
exist"], "stdout": "", "stdout_lines": []}
*# option2*
- name: cmk reload
command: su -c "cmk -O" -l "{{omd_sites}}"
*Error:*
FAILED! => {"changed": true, "cmd": ["su", "-c", "cmk -O", "-l", "[uprod,",
"ustg,", "udev3]"], "delta": "0:00:00.002500", "end": "2017-07-05
13:20:09.621223", "failed": true, "rc": 1, "start": "2017-07-05
13:20:09.618723", "stderr": "su: user [uprod, does not exist",
"stderr_lines": ["su: user [uprod, does not exist"], "stdout": "",
"stdout_lines": []}
*# option3*
- name: cmk reload
command: "cmk -O"
become_user: "{{omd_sites}}"
become_method: su
become: true
*Error:*
FAILED! => {"changed": false, "failed": true, "module_stderr": "Shared
connection to hmlb1mon07 closed.\r\n", "module_stdout": "su: user [uprod,
does not exist\r\n", "msg": "MODULE FAILURE", "rc": 1}
How can I run handler only for {{ omd_sites }} item that changed and this
has to be done by the {{ omd_sites }} user (account name the same as {{
omd_sites }} item)
Regards
Raf
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/03329b35-14fc-496d-b48e-fbf6e0eefb9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: getting key:value from fact
Solved, and for posterity the answer
is:
interface_facts.ansible_facts.azure_networkinterfaces[0].properties.ipConfigurations[0].properties.privateIPAddress
On Tuesday, July 4, 2017 at 6:59:24 PM UTC+2, Jan Mattsson wrote:
>
> I am trying to get back into some Ansible automation after some absence
> but get stuck immediately trying to get the IP address of an Azure VM from
> ansible facts:
>
> ok: [localhost] => {
> "*interface_facts.ansible_facts.azure_networkinterfaces*": [
> {
> "etag": "W/\"a4csdf-b1120d-5c9fb31354129\"",
> "id":
> "/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/networkInterfaces/testvm1-eth0",
> "location": "westeurope",
> "*properties*": {
> "dnsSettings": {
> "appliedDnsServers": [],
> "dnsServers": [],
> "internalDomainNameSuffix": "
> kttxupoc3ofsdf25452peia.ax.internal.cloudapp.net"
> },
> "enableIPForwarding": false,
> "*ipConfigurations*": [
> {
> "etag":
> "W/\"ae60d652-3b57-4cfd-b10d-5c9fb11296e6\"",
> "id":
> "/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/networkInterfaces/testvm1-eth0/ipConfigurations/default",
> "name": "default",
> "*properties*": {
> "privateIPAddress": "192.168.1.2",
> *"privateIPAddressVersion": "IPv4",*
> "privateIPAllocationMethod": "Dynamic",
> "provisioningState": "Succeeded",
> "subnet": {
> "id":
> "/subscriptions/a444df-b1120d-5c9fb31-354129-2gbf3e5b/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/IaaS-Vnet/subnets/IaaS-Test-FE-Subnet"
> }
> }
> }
> ],
> "macAddress": "0E-0D-3E-29-FE-AF",
> "networkSecurityGroup": {
> "id":
> "/subscriptions/a4csdf-b1120d-5c9fb31354129/resourceGroups/testRG/providers/Microsoft.Network/networkSecurityGroups/testvm1-eth001"
> },
> "primary": true,
> "provisioningState": "Succeeded",
> "resourceGuid": "a7182a83-61bc-3bed-9758-2d72f251952d",
> "virtualMachine": {
> "id":
> "/subscriptions/1a4csdf-b1120d-5c9fb31329-e5b/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testvm1"
> }
> }
> }
> ]
> }
>
>
> I Thought that I could get the IP by using
> "interface_facts.ansible_facts.azure_networkinterfaces.properties,ipConfigurations.properties.privateIPAddress
>
> But no amounts of dots and square brackets gets me past the
> interface_facts.ansible_facts.azure_networkinterfaces level, anything below
> just responds "VARIABLE IS NOT DEFINED!"
>
> I am pretty sure this is just a YAML list/dict noob issue, but after hours
> of searching I am still lost.
>
> Can anyone please point me in the right direction?
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/45ea3ba8-a65c-4e87-99ee-debf6565cb59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
