[ansible-project] Re: use Ansible to install a .exe program on windows machine

[Shivaji Patne]

hi,

can you briefly explain how you configure of ansible+ windows .


i did windows host machine installed virtual box and at windows client 
side  i configured winrm, powershell3.0 .

i am facing the ssl certificate error .

 help me to any easy waY to solve this process.
 
regards 
 shivaji 

On Tuesday, August 28, 2018 at 3:00:35 AM UTC+5:30, Jordan Borean wrote:
>
> If I want to use win_chocolatey, Can you tell me if I have to install 
>> chocolatey package on every windows machine ?
>>
>
> win_chocolatey will ensure Chocolatey is installed if it isn't present. 
> This requires an active internet connection by default but in the upcoming 
> 2.7 release you can set an offline source to install it. Same thing with 
> the packages it automatically sources from the public repo on the internet 
> but you can specify an offline internal source accessible within your 
> organisation if that is what you want to do.
>
> Can you tell me if I must do something on Linux Centos Ansible server to 
>> run playbook with  win_chocolatey ?
>>
>
> Ensure that Ansible can connect to your Windows host and that's it. The 
> win_chocolatey module is run on the Windows host only, Ansible does all the 
> abstraction to execute it and return the results back.
>
> While I do highly recommend you use win_chocolatey for all this as it 
> makes things so much simpler you are not limited to using it. You can use 
> win_package or even just win_command to install an executable manually, the 
> trouble with this approach is you need to know what the silent install 
> arguments are when invoking the executable. Chocolatey does all this for 
> you and makes it quite simple to uninstall and upgrade packages in the 
> future.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3790ae40-9a99-493a-bfa7-eeb7e2d6e3ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Python API - send file as parameter

[Balaji]

Hello All,

Can anyone please help to create an equivalent of a command 

ansible-playbook -i environments playbooks/site.yml -u user_name  -e 
"@build.json"

I am very curious to know how to write this  " -e "@build.json" " in python.


Background - I am trying to run above command from a python script.

Thanks,
Balaji Chavdi 



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/65cb4180-ed24-4c22-8627-4d2d9478ea41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Configure 5 Linux servers with Nginx most efficient way

[BenZ]

Hi, 
I am using vagrant to create 5 servers and using ansible to configure each 
of them to install Nginx and add the the sentence "hello from web 
server{server number}.
I am trying to understand what is best way to configure the playbook to 
configure the servers in one block. Now I use 5 blocks that have the same 
code only the server number is changed(web1, web2,web3, etc) and the number 
I write to the index file.I am using ansible_local. 
  

vagrantfile

Vagrant.configure("2") do |config|


N = 5
(1..N).each do |machine_id|
config.vm.define "web#{machine_id}" do |machine|
machine.vm.box = "ubuntu/trusty64" 
machine.vm.hostname = "web"
machine.vm.network "private_network", ip: 
"10.0.0.#{10+machine_id}"
 end

config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "playbook.yml"
ansible.become = true
ansible.extra_vars = { machine: "web#{machine_id}" }
ansible.groups = {
  "group1" => ["web"],
}
 end
end


playbook code

- hosts: web1
  become: true 
  tasks:
- name: ensure nginx is at the latest version
  apt: name=nginx state=latest
- name: start nginx
  service:
  name: nginx
  state: started
- name: add server name to nginx html
  lineinfile:
   dest: /usr/share/nginx/html/index.html
   insertafter: "^Thank you for using nginx."
   line: hello from web server-1"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b823e005-b4bd-44b3-9302-ed1434bbf3f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] urllib3 issue

[Bharath Kumar]

Hi Guy,

Where this servers patched recently?

"yum update/upgrade"

On Mon, Aug 27, 2018 at 7:01 PM Guy Knights  wrote:

> Using Ansible 2.4, we suddenly started getting an error on a random
> assortment of our servers today:
>
> ERROR! Unexpected Exception, this is probably a bug: Requests dependency
> 'urllib3' must be version >= 1.21.1, < 1.22!
>
> Some servers running exactly the same task and also with version 1.23 of
> urllib3 installed worked fine. I rolled back urllib3 to 1.22 on the failing
> servers and it fixed the issue. Anyone know what the problem is and why
> only some of the servers are failing with this error?
>
> Thanks,
> Guy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAZdNwnRZpMwKWOBPvj3m%2BziUr6-qiBNa8JaQbR5n3BBDy%3DYTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Need a register value to persist

[Karl Auer]

I have a similar problem but the solution doesn't seem to apply.

I have multiple plays in a single playbook, but all the plays are on
localhost. A fact set in one play does not seem to be available in other
plays, because the hostname is "localhost" for all of them! Is there anyway
to distinguish between such plays?

Here's a very simple proof of concept :-)

---
# Test variable access across multiple plays on local host
- hosts: localhost
  gather_facts: false

  tasks:
 - set_fact:
 local_var: "this"

- hosts: localhost
  gather_facts: false

  tasks:
 - set_fact:
 local_var: "this"

- hosts: localhost
  gather_facts: false

  tasks:

- debug:
 var: hostvars['localhost']

The only facts output by the final debug statement are those in the current
play. Is there any way to reference the variables in the earlier plays? For
example, is there some way to provide an "alias" for a host in the "hosts"
declaration?

Regards, K.



On Fri, Aug 24, 2018 at 11:40 PM, Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On Friday, 24 August 2018 14.44.40 CEST Dimitri Yioulos wrote:
> > I've created the following playbook:
> >
> > ---
> > > - hosts: Host1
> > >   gather_facts: false
> > >   tasks:
> > > - name: SQL Query Pending Import Jobs
> > >   script: /etc/ansible/files/mssql_opm_getImportJobs.ps1
> > >   register: import_job_count
> > > - debug:
> > > msg: "Number of running imports: {{ import_job_count.rc }}"
> > >   tags:
> > > - test
> > > - hosts: Host2
> > >   gather_facts: false
> > >   tasks:
> > > - name: Stop 1Point Import Services
> > >   win_service: name={{ item }} state=stopped
> > >   with_items:
> > > ["ImportRecipientsService","ImportRecipientsService_V2","
> OnepointImportService_High","OnepointImportService_Higher",
> "OnepointImportService_Highest","OnepointImportServi
> > > ce_Low"]
> > >   when: import_job_count.stdout == "0"
> > >   tags:
> > > - stop_opm_import_services
> >
> >
> > As I hope you can see, the idea is to use the register value from the
> first
> > play to work in the second, which is aimed at another host.  I get
> > "'import_job_count' is undefined" because the register value doesn't
> > persist.  Is there any way to do this?
>
> Register variables is per host not global, so you need to specify the host
> you want to retrieve it from.
> To do this you need to use hostvars
>   hostvars['Host1'].import_job_count.stdout
>
> --
> Kai Stian Olstad
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/8443452.OIqpQm9JUp%40x1.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Karl Auer

Email  : ka...@2pisoftware.com
Website: http://2pisoftware.com

GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08RYgVFBhjJH_8XZCEjDM-UkxzN9NJeohmzCLA9Y%2BLgbSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] DNS lookup not working

[Guy Knights]

Ahh, right I guess didn't properly read that very first paragraph on the 
lookups documentation page! Ok, thanks for info everyone.

Cheers,
Guy

On Monday, August 27, 2018 at 3:32:15 PM UTC-7, Kai Stian Olstad wrote:
>
> On Tuesday, 28 August 2018 00.07.31 CEST Jonathan Lozada De La Matta 
> wrote: 
> > agreed. So you need to add connection: local or delegate_to 
>
> That wont work. 
> The block in file is needed on the remote host, and that is fine. 
> Since lookup plugins run on localhost, dnspython is needed on Ansible 
> controller not the remote host. 
>
> If DNS lookup has to be done on the remote host a command/shell module 
> with dig or some other DNS utilities is required. 
>
>
> -- 
> Kai Stian Olstad 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e5d83181-86df-44cd-87de-4f17d844cd1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] urllib3 issue

[Guy Knights]

Using Ansible 2.4, we suddenly started getting an error on a random
assortment of our servers today:

ERROR! Unexpected Exception, this is probably a bug: Requests dependency
'urllib3' must be version >= 1.21.1, < 1.22!

Some servers running exactly the same task and also with version 1.23 of
urllib3 installed worked fine. I rolled back urllib3 to 1.22 on the failing
servers and it fixed the issue. Anyone know what the problem is and why
only some of the servers are failing with this error?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] DNS lookup not working

[Kai Stian Olstad]

On Tuesday, 28 August 2018 00.07.31 CEST Jonathan Lozada De La Matta wrote:
> agreed. So you need to add connection: local or delegate_to

That wont work.
The block in file is needed on the remote host, and that is fine.
Since lookup plugins run on localhost, dnspython is needed on Ansible 
controller not the remote host.

If DNS lookup has to be done on the remote host a command/shell module with dig 
or some other DNS utilities is required.


-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/10244798.i2mkUbfVt0%40x1.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] DNS lookup not working

[Jonathan Lozada De La Matta]

agreed. So you need to add connection: local or delegate_to

On Mon, Aug 27, 2018 at 5:53 PM Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On Monday, 27 August 2018 23.49.34 CEST Guy Knights wrote:
> > I have a task that uses the dig lookup to resolve a DNS record, but it
> > fails with the error, "An unhandled exception occurred while running the
> > lookup plugin 'dig'. Error was a ,
> > original message: The dig lookup requires the python 'dnspython' library
> > and it is not installed".
> >
> > However, the dnspython library is definitely installed on the host.
> Here's
> > the task definition:
> >
> > - blockinfile:
> > dest: ~/.ssh/config
> > marker: "# {mark} ANSIBLE MANAGED BLOCK - SVN MIRROR"
> > block: |
> >   Host XX
> > HostName {{ lookup('dig', '') }}
> > User XXX
> > Port 22
> > IdentityFile ~/.ssh/svn_key
> > IdentitiesOnly yes
> > RSAAuthentication yes
> > StrictHostKeyChecking no
> > create: yes
> >
> > Here's the output of pip freeze on the host where the task fails:
>
> lookup plugins run on localhost aka Ansible controller not the remote host.
>
> --
> Kai Stian Olstad
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1913709.8AxLWYWHRC%40x1.
> For more options, visit https://groups.google.com/d/optout.
>
-- 

Jonathan lozada de la matta

AUTOMATION CONSULTANT - AUTOMATION PRACTICE

Red Hat Consulting Services 

jloza...@redhat.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BJQ0CmTv%2BSvkY9mtcD6SbKD7c%2B3hnjYQ681B5%2B7w6-40g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] DNS lookup not working

[Kai Stian Olstad]

On Monday, 27 August 2018 23.49.34 CEST Guy Knights wrote:
> I have a task that uses the dig lookup to resolve a DNS record, but it
> fails with the error, "An unhandled exception occurred while running the
> lookup plugin 'dig'. Error was a ,
> original message: The dig lookup requires the python 'dnspython' library
> and it is not installed".
> 
> However, the dnspython library is definitely installed on the host. Here's
> the task definition:
> 
> - blockinfile:
> dest: ~/.ssh/config
> marker: "# {mark} ANSIBLE MANAGED BLOCK - SVN MIRROR"
> block: |
>   Host XX
> HostName {{ lookup('dig', '') }}
> User XXX
> Port 22
> IdentityFile ~/.ssh/svn_key
> IdentitiesOnly yes
> RSAAuthentication yes
> StrictHostKeyChecking no
> create: yes
> 
> Here's the output of pip freeze on the host where the task fails:

lookup plugins run on localhost aka Ansible controller not the remote host.

-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1913709.8AxLWYWHRC%40x1.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] DNS lookup not working

[Guy Knights]

I have a task that uses the dig lookup to resolve a DNS record, but it
fails with the error, "An unhandled exception occurred while running the
lookup plugin 'dig'. Error was a ,
original message: The dig lookup requires the python 'dnspython' library
and it is not installed".

However, the dnspython library is definitely installed on the host. Here's
the task definition:

- blockinfile:
dest: ~/.ssh/config
marker: "# {mark} ANSIBLE MANAGED BLOCK - SVN MIRROR"
block: |
  Host XX
HostName {{ lookup('dig', '') }}
User XXX
Port 22
IdentityFile ~/.ssh/svn_key
IdentitiesOnly yes
RSAAuthentication yes
StrictHostKeyChecking no
create: yes

Here's the output of pip freeze on the host where the task fails:

Cheetah==2.4.4
Landscape-Client==14.12
PAM==0.4.2
PyYAML==3.13
Twisted-Core==13.2.0
Twisted-Names==13.2.0
Twisted-Web==13.2.0
apt-xapian-index==0.45
argparse==1.2.1
awscli==1.16.1
backports.ssl-match-hostname==3.5.0.1
boto==2.49.0
boto3==1.8.1
botocore==1.11.1
certifi==2018.8.13
chardet==3.0.4
cloud-init==0.7.5
colorama==0.3.9
configobj==4.7.2
dnspython==1.15.0
docker-py==1.9.0
docutils==0.14
futures==3.2.0
html5lib==0.999
httplib2==0.8
idna==2.7
iotop==0.6
ipaddress==1.0.22
jmespath==0.9.3
jsonpatch==1.3
jsonpointer==1.0
oauth==1.0.1
prettytable==0.7.2
pyOpenSSL==0.13
pyasn1==0.4.4
pycurl==7.19.3
pyserial==2.6
python-apt==0.9.3.5ubuntu3
python-dateutil==2.7.3
python-debian==0.1.21-nmu2ubuntu2
requests==2.19.1
rsa==3.4.2
s3transfer==0.1.13
six==1.11.0
ssh-import-id==3.21
urllib3==1.23
virtualenv==16.0.0
websocket-client==0.49.0
wheel==0.24.0
wsgiref==0.1.2
zope.interface==4.0.5

Any idea why it fails?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msrV0Bq6CMi-rvF9t4VrDrvVi%2ByDBqu97UmV5DTVjggGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328

[Jordan Borean]

Because you are running over https, message encryption is not being run so 
that post you linked to is technically unrelated. In saying that, I have no 
idea about your environment setup, but RC4 and DES are effectively broken 
and you should avoid using in any case. Unless you have set that on purpose 
you shouldn't be allowing weak cryptos.

To try and find out what exactly is failing can you run Ansible with 
KRB5_TRACE=/dev/stdout set, e.g. '*KRB5_TRACE=/dev/stdout ansible-playbook 
agent.yml --limit *'. This will make gssapi on that host sent the logs 
to stdout hopefully giving you a better error.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d092aa8-70d1-4345-abe8-5516b4dfba61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: use Ansible to install a .exe program on windows machine

[Jordan Borean]

> If I want to use win_chocolatey, Can you tell me if I have to install 
> chocolatey package on every windows machine ?
>

win_chocolatey will ensure Chocolatey is installed if it isn't present. 
This requires an active internet connection by default but in the upcoming 
2.7 release you can set an offline source to install it. Same thing with 
the packages it automatically sources from the public repo on the internet 
but you can specify an offline internal source accessible within your 
organisation if that is what you want to do.

Can you tell me if I must do something on Linux Centos Ansible server to 
> run playbook with  win_chocolatey ?
>

Ensure that Ansible can connect to your Windows host and that's it. The 
win_chocolatey module is run on the Windows host only, Ansible does all the 
abstraction to execute it and return the results back.

While I do highly recommend you use win_chocolatey for all this as it makes 
things so much simpler you are not limited to using it. You can use 
win_package or even just win_command to install an executable manually, the 
trouble with this approach is you need to know what the silent install 
arguments are when invoking the executable. Chocolatey does all this for 
you and makes it quite simple to uninstall and upgrade packages in the 
future.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cd829834-33fa-4353-a4ef-5c44391a8d4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] use Ansible to install a .exe program on windows machine

[Viet Minh]

Hi All,

I am new to Ansible and I want to use Ansible to install a .exe program on 
windows machines.

I have a Ansible server on a CentOs linux machine and 10 windows 2012 R2 
machines where I want to install a .exe program on each windows machine.


If I want to use win_chocolatey, Can you tell me if I have to install 
chocolatey package on every windows machine ?

Can you tell me if I must do something on Linux Centos Ansible server to 
run playbook with  win_chocolatey ?

Thanks in advance,

Viet  Minh


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b9be25d4-6d01-48d7-a13e-138dc4b169b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

[Jonathan Lozada De La Matta]

Looks like you are creating the user but, not putting the public keys in
their home dir.

On Mon, Aug 27, 2018 at 4:08 PM  wrote:

> I've run a playbook that creates an EC2 instance. The AMI used to create
> the instance is using CentOS and installs an SSH key so that I can ssh in
> as username "centos" without a password. It works fine. But now I've
> created a subsequent playbook that configures the new server. One of the
> things it does is create two new users:
>
> - name: Create Users
>   user:
> name: '{{ item.name }}'
> home: /home/centos
> create_home: yes
> groups:
>   - wheel
>   - developer
> append: yes
> comment: "CastleBranch Developer Admin"
> state: present
>   loop: "{{ ansible_server_users }}"
>
> Notice that it's creating the new users with /home/centos as the home
> directory. I thought it would just set that as home directory for my new
> user, and that I would then be able to ssh in as that new user, using the
> same keys. However, after running this I am now unable to login as
> *anything*. Not the new users, and not "centos" either.
>
> I can kill the instance and create it anew. That's not a problem. But
> anyone have any guesses as to what happened that I can't login now?
>
> --
> Todd
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d9fa9364-a77e-45da-8fc0-3aac0f6801fa%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 

Jonathan lozada de la matta

AUTOMATION CONSULTANT - AUTOMATION PRACTICE

Red Hat Consulting Services 

jloza...@redhat.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFYJA%2B%2BXVDEfgaUSaUsFat5PN9FN2zeci56VqFji%3Dzz_AsyMcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328

[Jeremie Levy]

Using an USA domain user instead of a EUR domain user move me to another 
issue

*"kerberos: Bad HTTP response returned from server. Code 400"*
I found out this question here 
: https://groups.google.com/forum/#!topic/ansible-project/WJbhN3VYMmI but 
nothing could help me.

I have to say, my first choice would be to use the same user eventually.

Thanks

Jordan / Jon ? :)

On Monday, August 27, 2018 at 9:51:54 AM UTC+3, Jeremie Levy wrote:
>
> Hi
> In my company we have a forest with multiple domains, EUR / USA ...
> I can work without any issue with my domain (EUR) with a EUR user
>
> Now i'm trying to access a USA server with and got the following failure:
>
> # ansible-playbook agent.yml --limit tsthost67.usa.company.com -
> ansible-playbook 2.6.2
>   config file = /ansible/scripts/ansible.cfg
>   configured module search path = 
> [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']
>   ansible python module location = /usr/lib/python2.7/dist-packages/ansible
>   executable location = /usr/bin/ansible-playbook
>   python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 
> 20160609]
> Using /ansible/scripts/ansible.cfg as config file
> setting up inventory plugins
> Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml 
> plugin
> Loading callback plugin default of type stdout, v2.0 from 
> /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
> Loading callback plugin ara of type notification, v2.0 from 
> /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc
>
> PLAYBOOK: agent.yml 
> *
> 1 plays in agent.yml
>
> PLAY [fw] 
> *
> Trying secret 
> FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
>  
> for vault_id=default
>
> TASK [Gathering Facts] 
> 
> task path: /ansible/scripts/agent.yml:2
> Using module file 
> /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
>  ESTABLISH WINRM CONNECTION FOR USER: 
> ansi...@eur.company.com on PORT 5986 TO tsthost67.usa.company.com
> checking if winrm_host tsthost67.usa.company.com is an IPv6 address
> calling kinit with pexpect for principal ansi...@eur.company.com
> fatal: [tsthost67.usa.company.com]: UNREACHABLE! => {
> "changed": false,
> *"msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS 
> failure.  Minor code may provide more information', 851968), ('Generic 
> error (see e-text)', -1765328324))",*
> "unreachable": true
> }
> to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry
>
> PLAY RECAP 
> 
> tsthost67.usa.company.com : ok=0changed=0unreachable=1failed=0
>
>
>
> my kerberos file:
>
> # cat /etc/krb5.conf  
> 
> 
>  
> [libdefaults]
>  default_realm = EUR.COMPANY.COM  
>   
>  ticket_lifetime = 36000  
>  
>  renew_lifetime = 2592000  
> 
>  default_keytab_name = /etc/krb5.keytab
> 
>  forwardable = true
> 
>  allow_weak_crypto = true  
> 
>  dns_lookup_realm = false   

Re: [ansible-project] How to validate the results for with_items?

[Ramu]

Thanks Kai.

On Mon, Aug 27, 2018 at 3:07 PM Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On Monday, 27 August 2018 21.59.10 CEST Ramu wrote:
> > Thanks Brian and Todd.
> > But the list will still have all other attributes. I just want to know
> the
> > items for which the test is failed.
>
> Just add the map filter
>
> {{ output.results|selectattr('failed', 'equalto', True) |
> map(attribute='item') | list }}
>
>
> --
> Kai Stian Olstad
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5358565.VTSCIDmraK%40x1.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAfqp0XDFaHcR1STsxQDGbaZcrQMK3UDGBtkYRcXiWxZrX%2B-0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to validate the results for with_items?

[Kai Stian Olstad]

On Monday, 27 August 2018 21.59.10 CEST Ramu wrote:
> Thanks Brian and Todd.
> But the list will still have all other attributes. I just want to know the
> items for which the test is failed.

Just add the map filter

{{ output.results|selectattr('failed', 'equalto', True) | map(attribute='item') 
| list }}


-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5358565.VTSCIDmraK%40x1.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

[ttwalto]

I've run a playbook that creates an EC2 instance. The AMI used to create 
the instance is using CentOS and installs an SSH key so that I can ssh in 
as username "centos" without a password. It works fine. But now I've 
created a subsequent playbook that configures the new server. One of the 
things it does is create two new users:

- name: Create Users
  user:
name: '{{ item.name }}'
home: /home/centos
create_home: yes
groups:
  - wheel
  - developer
append: yes
comment: "CastleBranch Developer Admin"
state: present
  loop: "{{ ansible_server_users }}"

Notice that it's creating the new users with /home/centos as the home 
directory. I thought it would just set that as home directory for my new 
user, and that I would then be able to ssh in as that new user, using the 
same keys. However, after running this I am now unable to login as 
*anything*. Not the new users, and not "centos" either.

I can kill the instance and create it anew. That's not a problem. But 
anyone have any guesses as to what happened that I can't login now?

--
Todd

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d9fa9364-a77e-45da-8fc0-3aac0f6801fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to validate the results for with_items?

[Ramu]

Thanks Brian and Todd.
But the list will still have all other attributes. I just want to know the
items for which the test is failed.

Thanks and regards,
Ramu

On Mon, Aug 27, 2018 at 2:25 PM  wrote:

> You probably want a pipe before "list" and after the parens.
>
> --
> Todd
>
>
> On Monday, August 27, 2018 at 2:43:26 PM UTC-4, Brian Coca wrote:
>>
>> Just use the jinja2 filters that operate on lists:
>>
>> failed_items: '{{ output.results|selectattr('failed', 'equalto',
>> True)list }}'
>>
>>
>> --
>> --
>> Brian Coca
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/16a3367a-9c21-4175-89da-3c729d500529%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAfqp0Xs2ZjjaG7xZF4%2BAiVpZdQe3zQzC9_HqUdUWKXdp1p_Sw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Why does Ansible not run under Windows hosts natively?

[ttwalto]

I'm not an Ansible developer, so I can't speak for the project, obviously. 
But I'd guess the reason is that Ansible uses a whole lot of things that 
are found only in Unix/Linux/BSD operating systems. As a very basic (and 
fundamental) example, SSH isn't typically available on Windows. Ansible not 
only uses SSH to talk to the majority of devices out there, but it very 
heavily relies on a lot of features built deep into OpenSSH, specifically. 
Another thing, off the top of my head, is that Windows handles temp files 
differently, and it's important to get that right. And so on.

Many things could be compensated for or worked around, but there are so 
many differences, and the differences are so great, that it would take a 
lot of programmer time to maintain all the parallel code. Given that 
programmer time spent on that couldn't be spent on features and performance 
and functionality and so on, it's probably not worth the effort. 
(Especially given that you can, technically, run it on Windows with the 
extra effort that you mentioned.)

--
Todd




On Monday, August 27, 2018 at 12:46:00 PM UTC-4, Thorsten Schöning wrote:
>
> Hi all 
>
> I'm doing some research about managing my Ubuntu servers using 
> Ansible, but am using a Windows 10 myself and therefore would like to 
> run Ansible on my Windows host. The servers to manage are Linux only 
> for now, though. I've already read in the documentation that such a 
> setup is not supported[1] and about usual workarounds using Cygwin[2] 
> or the new WSL[3]. 
>
> What I didn't find yet is thorough documentation about what exactly 
> doesn't work or better why. People only seem to tell that it doesn't 
> work and what they use instead, like the mentioned links above, but 
> not the actual problems they ran into. Looking at e.g. what needs to 
> be installed for Cygwin, at least many of the software requirements 
> seem to be available natively under Windows, some of them like cURL, 
> Python, SSH, OpenSSL etc. are already installed for me. 
>
> So, is there any summary of what the key problems are running Ansible 
> natively under Windows? Something like blog posts, open bugs in GitHub 
> or such? I didn't find anything. 
>
> Thanks! 
>
> [1]: 
> http://docs.ansible.com/ansible/latest/user_guide/windows_faq.html#can-ansible-run-on-windows
>  
> [2]: https://www.jeffgeerling.com/blog/running-ansible-within-windows 
> [3]: 
> https://www.jeffgeerling.com/blog/2017/using-ansible-through-windows-10s-subsystem-linux
>  
>
> Mit freundlichen Grüßen, 
>
> Thorsten Schöning 
>
> -- 
> Thorsten Schöning   E-Mail: thorsten.schoen...@am-soft.de 
> AM-SoFT IT-Systeme  http://www.AM-SoFT.de/ 
>
> Telefon...05151-  9468- 55 
> Fax...05151-  9468- 88 
> Mobil..0178-8 9468- 04 
>
> AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln 
> AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ec5c0fe1-538c-4233-afea-9c379fb8b433%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Why does Ansible not run under Windows hosts natively?

[Jordan Borean]

I'm not aware of any blogs documentation but the biggest reason is that 
Ansible relies on the fork syscall as part of the worker execution module. 
The Win32 layer has no concept of fork() and relies on threading to offer a 
similar alternative for multiprocessing in that world. As for why you can't 
use Python modules currently; the main module helper library used to parse 
the params and validate the input uses some Python libraries like pty which 
have no equivalent in Windows. TLDR; Ansible uses a lot of POSIX idioms 
which don't translate well to Windows.

If you are using Windows 10 I would highly recommend you use WSL and not 
Cygwin when running Ansible locally. It's not officially supported but I've 
yet to come across an issue with it and I think Microsoft has done an 
excellent implementation with that. WSL works because it handles all the 
POSIX syscalls for you (similar to Cygwin) but is also able to run 
unmodified ELF binaries (unlike Cygwin).

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9a66210c-09e6-422a-bfde-914874fd8090%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to validate the results for with_items?

[ttwalto]

You probably want a pipe before "list" and after the parens.

--
Todd


On Monday, August 27, 2018 at 2:43:26 PM UTC-4, Brian Coca wrote:
>
> Just use the jinja2 filters that operate on lists: 
>
> failed_items: '{{ output.results|selectattr('failed', 'equalto', True)list 
> }}' 
>
>
> -- 
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/16a3367a-9c21-4175-89da-3c729d500529%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to validate the results for with_items?

[Brian Coca]

Just use the jinja2 filters that operate on lists:

failed_items: '{{ output.results|selectattr('failed', 'equalto', True)list }}'


-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7cQBL-dqa%2B-M%2Bn%2BMP%3DnRbEe1SOWRkBvM1e%2Bxyx1FREGdQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to validate the results for with_items?

[Ramu]

Hi All,
 I want to implement a logic for below requirement

block:
   - name: A task
 shell: grep '{{ item }} is present ' /in/a/file
 register: output
 with_items: "{{ host_group }}"

always:
   - set_fact:
   failed_items:  


However, the output is a list. And each item in the list would contain rc,
whose value could be true or false based on the item in the group.

Is there a way to find the items for which the task is failed and construct
a final result string.

Thanks in advance,
Ramu

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAfqp0UmJ%3D0m1nQW5DN7xFMN3fBAzc-zR%3DyW-NZ2K%2BwyumEx8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Need to execute the Curl to Disable the Newrelic monitoring using Ansible

[Yograj patel]

Hi All,

I'm trying to disable the newrelic monitoring using the curl command but 
failing.

Used the basic shell, command and with_items modules which failed with the 
unbalanced quotes. Tried URI module as well but not working.

Any help is appreciated.

Curl command :

curl -v -X PUT -H 'X-Api-Key:14e' -H 'Content-Type: 
application/json' 
https://synthetics.newrelic.com/synthetics/api/v3/monitors/ggfiufiuifudyxx 
-d '{ "name" : "MyAdmin Login", "type": "SCRIPT_BROWSER", "frequency" : 10, 
"uri" : 
"https://synthetics.newrelic.com/accounts/00/monitors/--;,
 
"locations" : [ "XXX-corp_my_10net-000" ], "status" : "DISABLED", 
"slaThreshold": "7.0" }' 


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6a9a0b15-c3ff-4c74-84e0-25ba840c112a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: unable to send register value on remote server.

[Deepak Sharma]

Nope

On Mon, 27 Aug 2018 at 11:18 PM, Wendell MacKenzie 
wrote:

> deepak from BEA Systems??
>
> On Mon, Aug 27, 2018 at 2:47 PM Deepak Sharma 
> wrote:
>
>> Guys i need to store value of commands at remote servers.which i run with
>> shell module
>>
>> but the value is not coming up.
>> it is coming line that
>>
>> [root@station2 petch2]# cat prepatch.txt
>> [{"_ansible_parsed": true, "changed": true, "stdout": "Linux
>> station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29
>> EDT 2015 x86_64 x86_64 x86_64 GNU/Linux", "_ansible_item_result": true,
>> "warnings": [], "delta": "0:00:00.007163", "stdout_lines": ["Linux
>> station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29
>> EDT 2015 x86_64 x86_64 x86_64 GNU/Linux"], "end": "2018-08-27
>> 13:44:59.407023", "_ansible_no_log": false, "start": "2018-08-27
>> 13:44:59.399860", "cmd": "uname -a", "item": "uname -a", "stderr": "",
>> "rc": 0, "invocation": {"module_name": "command", "module_args": {"warn":
>> true, "executable": null, "_uses_shell": true, "_raw_params": "uname -a",
>> "removes": null, "creates": null, "chdir": null}}}, {"_ansible_parsed":
>> true, "changed": true, "stdout": "# Generated by NetworkManager\nsearch
>> localdomain example.com\nnameserver 192.168.1.2",
>> "_ansible_item_result": true, "warnings": [], "delta": "0:00:00.008031",
>> "stdout_lines": ["# Generated by NetworkManager", "search localdomain
>> example.com", "nameserver 192.168.1.2"], "end": "2018-08-27
>> 13:45:00.090280", "_ansible_no_log": false, "start": "2018-08-27
>> 13:45:00.082249", "cmd": "cat /etc/resolv.conf", "item": "cat
>> /etc/resolv.conf", "stderr": "", "rc": 0, "invocation": {"module_name":
>> "command", "module_args": {"warn": true, "executable": null, "_uses_shell":
>> true, "_raw_params": "cat /etc/resolv.conf", "removes": null, "creates":
>> null, "chdir": null}}}][root@station2 petch2]#
>>
>>
>> On Mon, Aug 27, 2018 at 10:58 PM, Deepak Sharma 
>> wrote:
>>
>>> Sort out, it's working now, Thanks Brian for your help.
>>>
>>> On Sunday, August 26, 2018 at 2:39:02 AM UTC+5:30, Deepak Sharma wrote:

 ---
 - hosts: all
   gather_facts: true
   sudo: true
   tasks:

 - name: capture linux_os
   shell: "{{ item }}"
   register: prepatch
   with_items:
 - 'uname -a'
 - 'cat /etc/resolv.conf'
 - name: create directory
   file: path=/tmp/{{petch1}} state=directory

 - name: create backup
   copy: {{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt
   ignore_errors: True

 Unable to send to remote server

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/7214cfee-4df2-412b-8b02-9ce13caa884c%40googlegroups.com
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>>
>> Regards:
>>
>> *Deepak*
>>
>> PaaS Engineering and Operation | OPTUM TECHNOLOGY
>> Mobile:  +91-9811576630 | Noida
>>
>> *REDUCE -REUSE  -   RECYCLE*
>>
>> P
>> *Save Earth. Think about the Environment before printing this e-mail!!*
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CA%2BFVkN5r9abTJ%3Depkof4f3u-a7qpgDAat9mTCpCDQkLaDhNFhQ%40mail.gmail.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
> D. Wendell MacKenzie
> Software Developer
>
> Email: macke...@gmail.com
> Phone: 902-626-8708 (cell)
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAJ1MY7n6e7nxy2bca-O-asKLO_GNy8XA8KDpg1nrHOYQA1SpNA%40mail.gmail.com
> 

Re: [ansible-project] Re: unable to send register value on remote server.

[Wendell MacKenzie]

deepak from BEA Systems??

On Mon, Aug 27, 2018 at 2:47 PM Deepak Sharma  wrote:

> Guys i need to store value of commands at remote servers.which i run with
> shell module
>
> but the value is not coming up.
> it is coming line that
>
> [root@station2 petch2]# cat prepatch.txt
> [{"_ansible_parsed": true, "changed": true, "stdout": "Linux
> station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT
> 2015 x86_64 x86_64 x86_64 GNU/Linux", "_ansible_item_result": true,
> "warnings": [], "delta": "0:00:00.007163", "stdout_lines": ["Linux
> station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT
> 2015 x86_64 x86_64 x86_64 GNU/Linux"], "end": "2018-08-27 13:44:59.407023",
> "_ansible_no_log": false, "start": "2018-08-27 13:44:59.399860", "cmd":
> "uname -a", "item": "uname -a", "stderr": "", "rc": 0, "invocation":
> {"module_name": "command", "module_args": {"warn": true, "executable":
> null, "_uses_shell": true, "_raw_params": "uname -a", "removes": null,
> "creates": null, "chdir": null}}}, {"_ansible_parsed": true, "changed":
> true, "stdout": "# Generated by NetworkManager\nsearch localdomain
> example.com\nnameserver 192.168.1.2", "_ansible_item_result": true,
> "warnings": [], "delta": "0:00:00.008031", "stdout_lines": ["# Generated by
> NetworkManager", "search localdomain example.com", "nameserver
> 192.168.1.2"], "end": "2018-08-27 13:45:00.090280", "_ansible_no_log":
> false, "start": "2018-08-27 13:45:00.082249", "cmd": "cat
> /etc/resolv.conf", "item": "cat /etc/resolv.conf", "stderr": "", "rc": 0,
> "invocation": {"module_name": "command", "module_args": {"warn": true,
> "executable": null, "_uses_shell": true, "_raw_params": "cat
> /etc/resolv.conf", "removes": null, "creates": null, "chdir":
> null}}}][root@station2 petch2]#
>
>
> On Mon, Aug 27, 2018 at 10:58 PM, Deepak Sharma 
> wrote:
>
>> Sort out, it's working now, Thanks Brian for your help.
>>
>> On Sunday, August 26, 2018 at 2:39:02 AM UTC+5:30, Deepak Sharma wrote:
>>>
>>> ---
>>> - hosts: all
>>>   gather_facts: true
>>>   sudo: true
>>>   tasks:
>>>
>>> - name: capture linux_os
>>>   shell: "{{ item }}"
>>>   register: prepatch
>>>   with_items:
>>> - 'uname -a'
>>> - 'cat /etc/resolv.conf'
>>> - name: create directory
>>>   file: path=/tmp/{{petch1}} state=directory
>>>
>>> - name: create backup
>>>   copy: {{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt
>>>   ignore_errors: True
>>>
>>> Unable to send to remote server
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/7214cfee-4df2-412b-8b02-9ce13caa884c%40googlegroups.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
>
> Regards:
>
> *Deepak*
>
> PaaS Engineering and Operation | OPTUM TECHNOLOGY
> Mobile:  +91-9811576630 | Noida
>
> *REDUCE -REUSE  -   RECYCLE*
>
> P
> *Save Earth. Think about the Environment before printing this e-mail!!*
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2BFVkN5r9abTJ%3Depkof4f3u-a7qpgDAat9mTCpCDQkLaDhNFhQ%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 

D. Wendell MacKenzie
Software Developer

Email: macke...@gmail.com
Phone: 902-626-8708 (cell)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ1MY7n6e7nxy2bca-O-asKLO_GNy8XA8KDpg1nrHOYQA1SpNA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: unable to send register value on remote server.

[Deepak Sharma]

Guys i need to store value of commands at remote servers.which i run with
shell module

but the value is not coming up.
it is coming line that

[root@station2 petch2]# cat prepatch.txt
[{"_ansible_parsed": true, "changed": true, "stdout": "Linux
station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT
2015 x86_64 x86_64 x86_64 GNU/Linux", "_ansible_item_result": true,
"warnings": [], "delta": "0:00:00.007163", "stdout_lines": ["Linux
station2.example.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT
2015 x86_64 x86_64 x86_64 GNU/Linux"], "end": "2018-08-27 13:44:59.407023",
"_ansible_no_log": false, "start": "2018-08-27 13:44:59.399860", "cmd":
"uname -a", "item": "uname -a", "stderr": "", "rc": 0, "invocation":
{"module_name": "command", "module_args": {"warn": true, "executable":
null, "_uses_shell": true, "_raw_params": "uname -a", "removes": null,
"creates": null, "chdir": null}}}, {"_ansible_parsed": true, "changed":
true, "stdout": "# Generated by NetworkManager\nsearch localdomain
example.com\nnameserver 192.168.1.2", "_ansible_item_result": true,
"warnings": [], "delta": "0:00:00.008031", "stdout_lines": ["# Generated by
NetworkManager", "search localdomain example.com", "nameserver
192.168.1.2"], "end": "2018-08-27 13:45:00.090280", "_ansible_no_log":
false, "start": "2018-08-27 13:45:00.082249", "cmd": "cat
/etc/resolv.conf", "item": "cat /etc/resolv.conf", "stderr": "", "rc": 0,
"invocation": {"module_name": "command", "module_args": {"warn": true,
"executable": null, "_uses_shell": true, "_raw_params": "cat
/etc/resolv.conf", "removes": null, "creates": null, "chdir":
null}}}][root@station2 petch2]#


On Mon, Aug 27, 2018 at 10:58 PM, Deepak Sharma 
wrote:

> Sort out, it's working now, Thanks Brian for your help.
>
> On Sunday, August 26, 2018 at 2:39:02 AM UTC+5:30, Deepak Sharma wrote:
>>
>> ---
>> - hosts: all
>>   gather_facts: true
>>   sudo: true
>>   tasks:
>>
>> - name: capture linux_os
>>   shell: "{{ item }}"
>>   register: prepatch
>>   with_items:
>> - 'uname -a'
>> - 'cat /etc/resolv.conf'
>> - name: create directory
>>   file: path=/tmp/{{petch1}} state=directory
>>
>> - name: create backup
>>   copy: {{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt
>>   ignore_errors: True
>>
>> Unable to send to remote server
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/7214cfee-4df2-412b-8b02-9ce13caa884c%40googlegroups.
> com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Regards:

*Deepak*

PaaS Engineering and Operation | OPTUM TECHNOLOGY
Mobile:  +91-9811576630 | Noida

*REDUCE -REUSE  -   RECYCLE*

P
*Save Earth. Think about the Environment before printing this e-mail!!*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BFVkN5r9abTJ%3Depkof4f3u-a7qpgDAat9mTCpCDQkLaDhNFhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: unable to send register value on remote server.

[Deepak Sharma]

Sort out, it's working now, Thanks Brian for your help.

On Sunday, August 26, 2018 at 2:39:02 AM UTC+5:30, Deepak Sharma wrote:
>
> ---
> - hosts: all
>   gather_facts: true
>   sudo: true
>   tasks:
>
> - name: capture linux_os
>   shell: "{{ item }}"
>   register: prepatch
>   with_items:
> - 'uname -a'
> - 'cat /etc/resolv.conf'
> - name: create directory
>   file: path=/tmp/{{petch1}} state=directory
>
> - name: create backup
>   copy: {{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt
>   ignore_errors: True
>
> Unable to send to remote server
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7214cfee-4df2-412b-8b02-9ce13caa884c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] unable to send register value on remote server.

[Deepak Sharma]

Hi  Brian ,

Still getting errors.

[root@station1 ansible]# ansible-playbook c2.yml
 [WARNING]: While constructing a mapping from /etc/ansible/c2.yml, line 5,
column 7, found a duplicate dict key (register). Using last
defined value only.


PLAY [localhost]
***

TASK [setup]
***
ok: [localhost]

TASK [capture linux_os]

changed: [localhost] => (item=uname -a)
changed: [localhost] => (item=cat /etc/resolv.conf)

TASK [creating db_inventory_dir]
***
ok: [localhost]

TASK [copy]

fatal: [localhost]: FAILED! => {"failed": true, "msg": "the field 'args'
has an invalid value, which appears to include a variable that is
undefined. The error was: 'petch1' is undefined\n\nThe error appears to
have been in '/etc/ansible/c2.yml': line 17, column 7, but may\nbe
elsewhere in the file depending on the exact syntax problem.\n\nThe
offending line appears to be:\n\nstate: directory\n- copy:
content={{ prepatch.results|selectattr('stdout')|join('\\n') }}
dest=/tmp/{{petch1}}-prepatch.txt\n  ^ here\nWe could be wrong, but
this one looks like it might be an issue with\nmissing quotes.  Always
quote template expression brackets when they\nstart a value. For
instance:\n\nwith_items:\n  - {{ foo }}\n\nShould be written
as:\n\nwith_items:\n  - \"{{ foo }}\"\n"}
to retry, use: --limit @/etc/ansible/c2.retry

PLAY RECAP
*
localhost  : ok=3changed=1unreachable=0failed=1


On Mon, Aug 27, 2018 at 9:15 PM, Brian Coca  wrote:

> sorry, missing 1/2 of previous, here would be the final 'copy':
>
>
>
> - copy: content={{ prepatch.results|selectattr('stdout')|join('\n') }}
>  dest=/tmp/{{petch1}}-prepatch.txt
>
> This will put into the destination file the output fo both commands
> separated by a new line, which I think is your intention.
>
> --
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/CACVha7cBTJDKr5EUgNZownc8fAGyk
> o6nk3__o7kmv2NysriNbQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Regards:

*Deepak*

*REDUCE -REUSE  -   RECYCLE*

P
*Save Earth. Think about the Environment before printing this e-mail!!*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BFVkN6w__1u7%3D2rNo3yMPZZYDB3W8zf_wLSpmuaoAJNz28WWg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Why does Ansible not run under Windows hosts natively?

[Thorsten Schöning]

Hi all

I'm doing some research about managing my Ubuntu servers using
Ansible, but am using a Windows 10 myself and therefore would like to
run Ansible on my Windows host. The servers to manage are Linux only
for now, though. I've already read in the documentation that such a
setup is not supported[1] and about usual workarounds using Cygwin[2]
or the new WSL[3].

What I didn't find yet is thorough documentation about what exactly
doesn't work or better why. People only seem to tell that it doesn't
work and what they use instead, like the mentioned links above, but
not the actual problems they ran into. Looking at e.g. what needs to
be installed for Cygwin, at least many of the software requirements
seem to be available natively under Windows, some of them like cURL,
Python, SSH, OpenSSL etc. are already installed for me.

So, is there any summary of what the key problems are running Ansible
natively under Windows? Something like blog posts, open bugs in GitHub
or such? I didn't find anything.

Thanks!

[1]: 
http://docs.ansible.com/ansible/latest/user_guide/windows_faq.html#can-ansible-run-on-windows
[2]: https://www.jeffgeerling.com/blog/running-ansible-within-windows
[3]: 
https://www.jeffgeerling.com/blog/2017/using-ansible-through-windows-10s-subsystem-linux

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning   E-Mail: thorsten.schoen...@am-soft.de
AM-SoFT IT-Systeme  http://www.AM-SoFT.de/

Telefon...05151-  9468- 55
Fax...05151-  9468- 88
Mobil..0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/236228375.20180827184548%40am-soft.de.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Tags not propagated to dynamically included tasks: Workaround?

[Brian Coca]

We reverted the deprecation on include, the feedback did make it clear
we had made a mistake at the time.
We have revised our deprecation policy to trail the stable substitute
vs always being immediate.

-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7dzsWzmyQnLjxbcVp0Ze__Xc2oGpE48ZPdhB28Tpjn_BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Tags not propagated to dynamically included tasks: Workaround?

[Kai Stian Olstad]

On Monday, 27 August 2018 16.59.03 CEST Brian Coca wrote:
>  - `include:` still exists, yes we are planning to eventually deprecate as 
> it has mixed static/dynamic behaviour and it is not easy to know which you 
> will get
> 
>  - `include_role`/`include_tasks` were created to represent the 'dynamic' 
> parts of the existing `include`, but they have been a work in progress, we 
> do think we have almost finalized them now and hope to mark them as 
> 'stableinterface' soon

I think this might be the source of all frustration, include was marked 
deprecated before the new feature was stable.

The Ansible community is so big that you would have gotten a lot of feedback 
without marking include deprecated at that point.


> We do try to maintain backwards compatibility, but in this case that means 
> `include` as `include_tasks` and `include_roles` were 'new' and 'in 
> progress' as we figured out how people are using them and how we think it 
> best suits everyone's needs, so backwards compatibility on those was not as 
> important as getting the feature set 'right'.  

I think your would have gotten this feedback without marking include deprecated.
Just mention the new feature in the release notes and say comment accepted 
would have gone a long way.


> User feedback has been crucial for this and part of it was that users were 
> displeased with things changing even if they liked the changes. We are 
> trying to figure out better ways to communicate the state of a feature and 
> adjust expectations as not everything we release is complete, perfect and 
> immutable.

I'm one of does that likes the changes, had no issue with it. I only used when 
on include, and the change was very welcome.
But I understand the painfulness some user have experience.
When you see a deprecation warning you naturally want that message to do a way, 
but non of the new solution could do that out of the box, some tweaking was 
necessary.

-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1823614.BqG4M25a69%40x1.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] unable to send register value on remote server.

[Brian Coca]

sorry, missing 1/2 of previous, here would be the final 'copy':



- copy: content={{ prepatch.results|selectattr('stdout')|join('\n') }}
 dest=/tmp/{{petch1}}-prepatch.txt

This will put into the destination file the output fo both commands
separated by a new line, which I think is your intention.

-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7cBTJDKr5EUgNZownc8fAGyko6nk3__o7kmv2NysriNbQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] unable to send register value on remote server.

[Brian Coca]

Your copy syntax is invalid, i'm guessing this is what you want:

   copy: content={{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt

It also looks wrong as prepatch is a list and does not have a stdout
but a .results, with each item having a stdout


-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7cE5zAKv8w%2BMXPY6LwxA68%3DOSKjOfov2BEM2N8%3DgVCw1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328324

[S C Rigler]

Badraj,

Please start a new topic instead of hijacking an existing one.

On Mon, Aug 27, 2018 at 4:26 AM Badraj Angirekula <
badraj.angirek...@gmail.com> wrote:

> Hi All,
> please help me.
>
>
> Build ec2 instances with attaching multiple tags names :-
>   For example- I have launched one ec2 instance with tag name "websever1"
> the next builds of ec2 instances should start with tag name webserver2 ,
> webserver3  automatically.
>
>
> Note: No two ec2 instances have same tag name.
>
>
>
> On Mon, Aug 27, 2018 at 12:22 PM Jeremie Levy  wrote:
>
>> Hi
>> In my company we have a forest with multiple domains, EUR / USA ...
>> I can work without any issue with my domain (EUR) with a EUR user
>>
>> Now i'm trying to access a USA server with and got the following failure:
>>
>> # ansible-playbook agent.yml --limit tsthost67.usa.company.com -
>> ansible-playbook 2.6.2
>>   config file = /ansible/scripts/ansible.cfg
>>   configured module search path =
>> [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']
>>   ansible python module location =
>> /usr/lib/python2.7/dist-packages/ansible
>>   executable location = /usr/bin/ansible-playbook
>>   python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0
>> 20160609]
>> Using /ansible/scripts/ansible.cfg as config file
>> setting up inventory plugins
>> Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml
>> plugin
>> Loading callback plugin default of type stdout, v2.0 from
>> /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
>> Loading callback plugin ara of type notification, v2.0 from
>> /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc
>>
>> PLAYBOOK: agent.yml
>> *
>> 1 plays in agent.yml
>>
>> PLAY [fw]
>> *
>> Trying secret
>> FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
>> for vault_id=default
>>
>> TASK [Gathering Facts]
>> 
>> task path: /ansible/scripts/agent.yml:2
>> Using module file
>> /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
>>  ESTABLISH WINRM CONNECTION FOR USER:
>> ansi...@eur.company.com on PORT 5986 TO tsthost67.usa.company.com
>> checking if winrm_host tsthost67.usa.company.com is an IPv6 address
>> calling kinit with pexpect for principal ansi...@eur.company.com
>> fatal: [tsthost67.usa.company.com]: UNREACHABLE! => {
>> "changed": false,
>> *"msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS
>> failure.  Minor code may provide more information', 851968), ('Generic
>> error (see e-text)', -1765328324))",*
>> "unreachable": true
>> }
>> to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry
>>
>> PLAY RECAP
>> 
>> tsthost67.usa.company.com : ok=0changed=0unreachable=1
>> failed=0
>>
>>
>>
>> my kerberos file:
>>
>> # cat /etc/krb5.conf
>>
>>
>>
>> [libdefaults]
>>  default_realm = EUR.COMPANY.COM
>>
>>  ticket_lifetime = 36000
>>
>>  renew_lifetime = 2592000
>>
>>  default_keytab_name = /etc/krb5.keytab
>>
>>  forwardable = true
>>
>>  allow_weak_crypto = true
>>
>>  dns_lookup_realm = false
>>
>>  dns_lookup_kdc = false
>>
>>  default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5
>>
>>  default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc
>>
>>  preferred_preauth_types = des-cbc-crc
>>
>>
>>
>>
>> [domain_realm]
>>  .usa.company.com = USA.COMPANY.COM
>>  
>>
>> [libvas]
>>  use-dns-srv = true
>>  use-server-referrals = true
>>
>>
>>
>> [realms]
>>
>>   USA.COMPANY.COM = {
>>
>> default_domain = usa.company.com
>>   ...
>>   }

Re: [ansible-project] Tags not propagated to dynamically included tasks: Workaround?

[Brian Coca]

A few of things:

 - `include:` still exists, yes we are planning to eventually deprecate as 
it has mixed static/dynamic behaviour and it is not easy to know which you 
will get

 - `include_role`/`include_tasks` were created to represent the 'dynamic' 
parts of the existing `include`, but they have been a work in progress, we 
do think we have almost finalized them now and hope to mark them as 
'stableinterface' soon

 - `import_role`/`import_tasks`/`import_playbook` are the 'static' parts, 
this helps disambiguate the `include:` behaviors and make them explicit.

 - the distinctions should be easy now import_X has all keywords set as 
'inheritance', while include_X have all keywords apply to it, but not 
inherited. This still leaves things that make no sense like `delegate_to` 
or `become` on includes, but we are planning on documenting and warning on 
those in the future.

 - `include_role`/`include_tasks` have gotten the `apply` keyword (in 2.7) 
that allows for inheritance, in older versions you can use a `block` as 
shown in previous posts. We hope that this rounds out all the functionality 
needed for these features.

We do try to maintain backwards compatibility, but in this case that means 
`include` as `include_tasks` and `include_roles` were 'new' and 'in 
progress' as we figured out how people are using them and how we think it 
best suits everyone's needs, so backwards compatibility on those was not as 
important as getting the feature set 'right'.  

User feedback has been crucial for this and part of it was that users were 
displeased with things changing even if they liked the changes. We are 
trying to figure out better ways to communicate the state of a feature and 
adjust expectations as not everything we release is complete, perfect and 
immutable.

Thanks for your feedback and your patience,

--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/735a8ef2-30b6-4a0e-bbf1-fc3c2b1516b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible output from csv file to html table

[Kai Stian Olstad]

On Monday, 27 August 2018 13.40.48 CEST Saravanan wrote:
> All,
> In the below Ansible email task, instead of attaching the csv file to the 
> email, need to send the contend of csv file in the body of the email as 
> html table. 

I'm not sure what you are trying too achieve but you should probably check at 
ARA https://github.com/openstack/ara


> 
>- name: Send the SSH status to email
>   local_action: mail
> host= '127.0.0.1'
> port=25
> subject="SSH Connection status for Unix sudo accounts"
> body="SSH Failure Service accounts"
> attach="/tmp/content.csv"
> from="ad...@localhost.com"
> to="some...@email.com "
> subtype="html"
> charset=utf8
>   delegate_to: 127.0.0.1
>   run_once: true

What you are trying to do is possible but you need to go through a lot of 
hoops, choosing csv is making this harder that is could be, yaml or json would 
have been easier.

As is, you would need to create the csv file to a list of list, then use 
template to create the html table.


-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2469285.011buo1xgf%40x1.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible output from csv file to html table

[Saravanan]

All,
In the below Ansible email task, instead of attaching the csv file to the 
email, need to send the contend of csv file in the body of the email as 
html table. 

   - name: Send the SSH status to email
  local_action: mail
host= '127.0.0.1'
port=25
subject="SSH Connection status for Unix sudo accounts"
body="SSH Failure Service accounts"
attach="/tmp/content.csv"
from="ad...@localhost.com"
to="some...@email.com "
subtype="html"
charset=utf8
  delegate_to: 127.0.0.1
  run_once: true



On Sunday, 26 August 2018 23:27:30 UTC-4, Saravanan Ponnusamy wrote:
>
> All,
> Ansible output of a playbook is csv file format. This needs to be 
> converted to html table and send as mail body output within Ansible 
> playbook. 
> Can someone share the task detail to convert csv file to html table.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8179491a-ce70-47a6-807a-0250b3b8a906%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Access Splunk alerts through ansible

[Pradeep Drall]

Hi,

Thanks for your email.

Can we create splunk alert from ansible / ansible tower. I would like to
write a ansible script to create the splunk alert from ansible, just like
we create EC2 instance from ansible script.


Thanks & regards,
Pradeep Kumar Drall
919711940167
skype - pradeep.kumar2607


On Wed, Aug 22, 2018 at 1:42 AM Jonathan Lozada De La Matta <
jloza...@redhat.com> wrote:

> or better if splunk can do curl/api calls to tower then that's a better
> option.
>
> On Wed, Aug 22, 2018 at 1:23 AM Pradeep Drall 
> wrote:
>
>> Hi,
>> Thanks for your email.
>>
>> We have created number of alerts in Splunk for our project environment
>> (dev, uat, production), now we would like to call these alerts through
>> ansible / ansible tower. Because we have limited access in splunk and wants
>> to execute / check the alert result. Is there a way to access these alerts
>> via ansible command or ansible tower.
>>
>> Thanks & regards,
>> Pradeep Kumar Drall
>> 919711940167
>> skype - pradeep.kumar2607
>>
>>
>> On Mon, Aug 20, 2018 at 10:09 PM Jonathan Lozada De La Matta <
>> jloza...@redhat.com> wrote:
>>
>>> can you describe more what are you trying to do with those alerts? you
>>> need to go into more detail in what you are trying to do.
>>>
>>> On Mon, Aug 20, 2018 at 12:37 PM Pradeep Drall 
>>> wrote:
>>>
 I would like to access Splunk alerts through ansible. We have several
 alerts in Splunk which we wants to access through ansible. Please do let me
 know can we access splunk alerts via ansible. If so, let me know the steps.



 --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/bdf57008-8a33-4f07-97f4-16c46d239d88%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>> --
>>>
>>> Jonathan lozada de la matta
>>>
>>> AUTOMATION CONSULTANT - AUTOMATION PRACTICE
>>>
>>> Red Hat Consulting Services 
>>>
>>> jloza...@redhat.com
>>>
>>>
>>>
>>>
>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BJ4-P2roOMQEBSa394C5RYsYvRLUfms%3DXr0H4N%2B2qtVfg%40mail.gmail.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>
> Jonathan lozada de la matta
>
> AUTOMATION CONSULTANT - AUTOMATION PRACTICE
>
> Red Hat Consulting Services 
>
> jloza...@redhat.com
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJv_HQXQjC5WHDX6ns6vuDm2PorkJF63_yn0PVeQYUBr9ruGOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] JInja Warning using when condition

[Kai Stian Olstad]

On Monday, 27 August 2018 11.29.15 CEST Badraj Angirekula wrote:
>  Hi all,
> please help me.

Can you stop spamming the list?

This is the second time you hijack 5-10 threads that has nothing to do with 
your problem.


@admins, please ban this person from the list, at least but the person on 
permanently moderation.


-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2117753.xuSB2UsEhj%40x1.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Use shell/command to update text file with variable name

[Badraj Angirekula]

 Hi all,
please help me.


Build ec2 instances with attaching multiple tags names :-
  For example- I have launched one ec2 instance with tag name "websever1"
the next builds of ec2 instances should start with tag name webserver2 ,
webserver3  automatically.


Note: No two ec2 instances have same tag name.

On Fri, Aug 24, 2018 at 2:04 AM Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On Thursday, 23 August 2018 21.37.34 CEST MPb wrote:
> >
> > I have a process that is exporting xml config from an application and
> the
> > exported xml config contains the server name of the server it was
> exported
> > from.
> > A grep contains would contain a list of these:
> > ./config_1.xml:  myservername.dom.com
> > ./config_2.xml:  myservername.dom.com
> >
> > I want to make them via an ansible task:
> > ./config_1.xml:  {{ gold_server_conf }}
> > ./config_2.xml:  {{ gold_server_conf }}
> >
> > Something like this?? is wrong because Ansible will just think {{
> > gold_server_conf }} is a variable.. but i want it to treat it just as
> text
> >
> >  - name: template out the server name
> >shell:
> >   sed -i 's/{{ ansible_hostname }}/{{ gold_server_conf }}/g' *
>
> When in doubt try escaping :-)
>
>   - name: template out the server name
> shell:
>   sed -i 's/{{ ansible_hostname }}/\{\{ gold_server_conf \}\}/g' *
>
>
> --
> Kai Stian Olstad
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/59049370.PlloyxnlTo%40x1
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANP%3DzZy%2BnGdpXKF9p%2BncOLQT6b6_%3DLX43_MzRDcfvOApT0KVKQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] JInja Warning using when condition

[Badraj Angirekula]

 Hi all,
please help me.


Build ec2 instances with attaching multiple tags names :-
  For example- I have launched one ec2 instance with tag name "websever1"
the next builds of ec2 instances should start with tag name webserver2 ,
webserver3  automatically.


Note: No two ec2 instances have same tag name.

On Fri, Jul 20, 2018 at 7:27 PM Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On 20.07.2018 15:11, Brian Coca wrote:
> > Looks like you are not leaving a space between the vars and operators,
> > ~ should not be attached to the var name.
> >  tomcat.resweb.version ~ '-' ~ tomcat.resweb.build
>
> Actually, the spaces isn't needed at all, this will also work
>
>tomcat.resweb.version~'-'~tomcat.resweb.build
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3cccf0d0660b5bc6e7f533391bb205de%40olstad.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANP%3DzZyXm-VPkOnEj29gM1CFMXaXYYkp-A0C5MomvRO_pFLCSQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] unable to send register value on remote server.

[Badraj Angirekula]

 Hi all,
please help me.


Build ec2 instances with attaching multiple tags names :-
  For example- I have launched one ec2 instance with tag name "websever1"
the next builds of ec2 instances should start with tag name webserver2 ,
webserver3  automatically.


Note: No two ec2 instances have same tag name.

On Sun, Aug 26, 2018 at 9:15 AM vinoth kumar  wrote:

>
> On Sun, 26 Aug 2018 at 2:39 AM, Deepak Sharma 
> wrote:
>
>> ---
>> - hosts: all
>>   gather_facts: true
>>   sudo: true
>>   tasks:
>>
>> - name: capture linux_os
>>   shell: "{{ item }}"
>>   register: prepatch
>>   with_items:
>> - 'uname -a'
>> - 'cat /etc/resolv.conf'
>> - name: create directory
>>   file: path=/tmp/{{petch1}} state=directory
>>
>
>
> What is the error screen.-also petch1 is nowhere mentioned .whatever given
> inside curly braces it taken as variable
>
>>
>> - name: create backup
>>   copy: {{ prepatch.stdout }}  dest=/tmp/{{petch1}}-prepatch.txt
>>   ignore_errors: True
>>
>> Unable to send to remote server
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/e625498f-386a-4329-9fb4-db21244b949b%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAJ%2BRxtRHTvKad185%2B%3D%3DF4F-bzYepCT7%2BKK_MVALbwfR7nAYVGw%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANP%3DzZx4oRoRBoVJaC08Gffu8yTZtzgEmzrr%2BfjgCLJJXAU8ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Please explain ec2_instance volumes config

[Badraj Angirekula]

Hi all,
please help me.


Build ec2 instances with attaching multiple tags names :-
  For example- I have launched one ec2 instance with tag name "websever1"
the next builds of ec2 instances should start with tag name webserver2 ,
webserver3  automatically.


Note: No two ec2 instances have same tag name.


On Sun, Aug 26, 2018 at 11:12 PM Bruce Affonso 
wrote:

>
> I think this thread got derailed - so is there a way to configure volume
> with the ec2_instance module?
>
> It works with ec2 module but hoping to use the ec2_instance module since
> it uses boto3 which I am told would help me workaround an issue I am having
> launching ec2 instances from a server with IAM role attached vs
> access/secret keys.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f962b6ae-c6a3-47fd-bdc3-63be3a47e0e3%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANP%3DzZyh5z_OU%2B-s4NTnpAhqYb8Us-dUSXgXqQRjLhy%3DTgnkAw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328324

[Badraj Angirekula]

Hi All,
please help me.


Build ec2 instances with attaching multiple tags names :-
  For example- I have launched one ec2 instance with tag name "websever1"
the next builds of ec2 instances should start with tag name webserver2 ,
webserver3  automatically.


Note: No two ec2 instances have same tag name.



On Mon, Aug 27, 2018 at 12:22 PM Jeremie Levy  wrote:

> Hi
> In my company we have a forest with multiple domains, EUR / USA ...
> I can work without any issue with my domain (EUR) with a EUR user
>
> Now i'm trying to access a USA server with and got the following failure:
>
> # ansible-playbook agent.yml --limit tsthost67.usa.company.com -
> ansible-playbook 2.6.2
>   config file = /ansible/scripts/ansible.cfg
>   configured module search path =
> [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']
>   ansible python module location = /usr/lib/python2.7/dist-packages/ansible
>   executable location = /usr/bin/ansible-playbook
>   python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0
> 20160609]
> Using /ansible/scripts/ansible.cfg as config file
> setting up inventory plugins
> Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml
> plugin
> Loading callback plugin default of type stdout, v2.0 from
> /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
> Loading callback plugin ara of type notification, v2.0 from
> /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc
>
> PLAYBOOK: agent.yml
> *
> 1 plays in agent.yml
>
> PLAY [fw]
> *
> Trying secret
> FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
> for vault_id=default
>
> TASK [Gathering Facts]
> 
> task path: /ansible/scripts/agent.yml:2
> Using module file
> /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
>  ESTABLISH WINRM CONNECTION FOR USER:
> ansi...@eur.company.com on PORT 5986 TO tsthost67.usa.company.com
> checking if winrm_host tsthost67.usa.company.com is an IPv6 address
> calling kinit with pexpect for principal ansi...@eur.company.com
> fatal: [tsthost67.usa.company.com]: UNREACHABLE! => {
> "changed": false,
> *"msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS
> failure.  Minor code may provide more information', 851968), ('Generic
> error (see e-text)', -1765328324))",*
> "unreachable": true
> }
> to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry
>
> PLAY RECAP
> 
> tsthost67.usa.company.com : ok=0changed=0unreachable=1failed=0
>
>
>
> my kerberos file:
>
> # cat /etc/krb5.conf
>
>
>
> [libdefaults]
>  default_realm = EUR.COMPANY.COM
>
>  ticket_lifetime = 36000
>
>  renew_lifetime = 2592000
>
>  default_keytab_name = /etc/krb5.keytab
>
>  forwardable = true
>
>  allow_weak_crypto = true
>
>  dns_lookup_realm = false
>
>  dns_lookup_kdc = false
>
>  default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5
>
>  default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc
>
>  preferred_preauth_types = des-cbc-crc
>
>
>
>
> [domain_realm]
>  .usa.company.com = USA.COMPANY.COM
>  
>
> [libvas]
>  use-dns-srv = true
>  use-server-referrals = true
>
>
>
> [realms]
>
>   USA.COMPANY.COM = {
>
> default_domain = usa.company.com
>   ...
>   }
>   EUR.COMPANY.COM = {
> default_domain = eur.company.com
>   ...
>   }
>
>
> My group_vars file:
>
> ansible_user: ansi...@eur.company.com
> ansible_password: SECURED_PASSWORD
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_transport: kerberos
> ansible_winrm_scheme: 

[ansible-project] [Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328324)

[Jeremie Levy]

Hi
In my company we have a forest with multiple domains, EUR / USA ...
I can work without any issue with my domain (EUR) with a EUR user

Now i'm trying to access a USA server with and got the following failure:

# ansible-playbook agent.yml --limit tsthost67.usa.company.com -
ansible-playbook 2.6.2
  config file = /ansible/scripts/ansible.cfg
  configured module search path = 
[u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 
20160609]
Using /ansible/scripts/ansible.cfg as config file
setting up inventory plugins
Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml 
plugin
Loading callback plugin default of type stdout, v2.0 from 
/usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
Loading callback plugin ara of type notification, v2.0 from 
/usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc

PLAYBOOK: agent.yml 
*
1 plays in agent.yml

PLAY [fw] 
*
Trying secret 
FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt')
 
for vault_id=default

TASK [Gathering Facts] 

task path: /ansible/scripts/agent.yml:2
Using module file 
/usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
 ESTABLISH WINRM CONNECTION FOR USER: 
ansi...@eur.company.com on PORT 5986 TO tsthost67.usa.company.com
checking if winrm_host tsthost67.usa.company.com is an IPv6 address
calling kinit with pexpect for principal ansi...@eur.company.com
fatal: [tsthost67.usa.company.com]: UNREACHABLE! => {
"changed": false,
*"msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS 
failure.  Minor code may provide more information', 851968), ('Generic 
error (see e-text)', -1765328324))",*
"unreachable": true
}
to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry

PLAY RECAP 

tsthost67.usa.company.com : ok=0changed=0unreachable=1failed=0



my kerberos file:

# cat /etc/krb5.conf


   
[libdefaults]
 default_realm = EUR.COMPANY.COM
 ticket_lifetime = 36000
   
 renew_lifetime = 2592000  

 default_keytab_name = /etc/krb5.keytab

 forwardable = true

 allow_weak_crypto = true  

 dns_lookup_realm = false  

 dns_lookup_kdc = false

 default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5
   
 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc
   
 preferred_preauth_types = des-cbc-crc