[ansible-project] is it possible to pass tags to tower-cli ?
Hi, I'm triggering the Ansible tower job template using tower-cli. Is it possible to use the tags in tower-cli while triggering the template ? like the following. #tower-cli job launch --job-template 123 --tags test1,test2 Thanks and Regards, Shyam. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/63f05ea0-88ad-44ad-8d28-a33c72bc9506%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: 'ERROR!' Telnet 'is not a valid attribute to play
Hi, it would help to paste your playbook here. Invoking tasks from a playbook requires specific syntax - one option is under 'tasks' - see https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html Alternately you can have your tasks in a role and call the role from your playbook. Hope that helps. Regards, Straff On Wednesday, January 9, 2019 at 7:54:58 AM UTC+13, Eduardo Nunes Pereira wrote: > > Hello Everyone, > > > I use ansible 2.7, I'm trying to use the 'telnet' module to connect to > Cisco devices with IOS but it has the following error: '*ERROR!' Telnet > 'is not a valid attribute to play "*any ideas? > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9f21f857-76dd-4678-99ef-93783d808000%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Best practice to manage artifacts in Ansible
Hi, here's the sorts of things we're doing at my company: - binary collateral (.jars, .msi, .zip, .exe installers) kept in Artifactory (Nexus is other option as mentioned) - some of those we have source for and use things like maven to build, package and push to Artifactory - other deployable artifacts we get directly from 3rd parties (we have no source code for them) and upload those to Artifactory - version number of the artifact forms part of the artifactory repo path - http:///artifactory.msi> - we have two instances of artifactory - one for everything except production and production - we have a formal process to authorise and promote approved artifacts to the production artifactory instance (there's a repo proxying feature of Artifactory that we use) - not all collateral is being kept in artifactory - in some cases, where the frequency of update is low we're managing files in ansible (which is being source controlled in git/bit-bucket) - we've yet to have a formal process for deploying the ansible collateral to admin/control machine servers - for non-prod we're just doing git clone of the ansible collateral, but we're considering making an RPM so we can have proper discoverability of the anisble collateral (we have a dozen administrator/ops people that can do deployments so we need consistency and certainty of ansible collateral versions) Hope that helps. Regards, Straff On Wednesday, January 2, 2019 at 3:51:17 AM UTC+13, Sagar Parbhane wrote: > > Hi All, > > What is the best practice to manage artifacts like Jars files etc in > Ansible and if I want only client approve softwares which are are kept on > some location to be installed on my node systems then what is the best > practise to achieve this any specific modules that can be used in this > case. Also how the licence softwares installation can be manage in Ansible > Any link to some document will be a great help. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9f95d0f9-6e86-47ad-817a-6b9e7fc74576%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Find matched element in key value
Hi,
Enclosed the var and made PB as below and resulted FAILED output.
PB:
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: ILO Facts
hpilo_facts:
host: 10.20.64.51
login: XX
password: XX
delegate_to: localhost
- debug:
var: "{{ hw_health.storage['Controller on System
Board']['logical_drives'][0]['physical_drives'] | selectattr('status',
'equalto', 'CRITICAL') | list }}"
ERROR:
TASK [debug]
**
fatal: [localhost]: FAILED! => {"msg": "Unexpected failure during module
execution."}
On Wednesday, January 9, 2019 at 3:56:58 AM UTC+5:30, Kai Stian Olstad
wrote:
>
> On Tuesday, 8 January 2019 22:21:44 CET Rama wrote:
> > Hi,
> >
> > Edited the PB and it is
> >
> > ---
> > - hosts: localhost
> > connection: local
> > gather_facts: no
> > tasks:
> >- name: ILO Facts
> > hpilo_facts:
> > host: 10.20.64.51
> > login: xxx
> > password: xxx
> > delegate_to: localhost
> >
> >- debug:
> >var: hw_health.storage['Controller on System
> > Board']['logical_drives']
> >
> >
> >
> > Got output:
> > TASK [debug]
> >
> **
>
>
> > ok: [localhost] => {
> > "hw_health.storage['Controller on System Board']['logical_drives']":
> [
> > {
> > "encryption_status": "Not Encrypted",
> > "label": "01",
> > "physical_drives": [
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-1",
> > "location": "1",
> > "serial_number": "PWH12GVF",
> > "status": "OK"
> > },
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-2",
> > "location": "2",
> > "serial_number": "PWH12GWF",
> > "status": "OK"
> > },
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-3",
> > "location": "3",
> > "serial_number": "PWH12GXF",
> > "status": "CRITICAL"
> > }
> > ],
> > "status": "OK"
> > }
> > ]
> > }
>
> This makes it easier to understand structure of the variable, you should
> get the critical ones with this
>
> {{ hw_health.storage['Controller on System
> Board']['logical_drives'][0]['physical_drives'] | selectattr('status',
> 'equalto', 'CRITICAL') | list }}
>
>
> --
> Kai Stian Olstad
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e73a24c7-2388-460e-ba27-b0c221982c6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Find matched element in key value
On Tuesday, 8 January 2019 22:21:44 CET Rama wrote:
> Hi,
>
> Edited the PB and it is
>
> ---
> - hosts: localhost
> connection: local
> gather_facts: no
> tasks:
>- name: ILO Facts
> hpilo_facts:
> host: 10.20.64.51
> login: xxx
> password: xxx
> delegate_to: localhost
>
>- debug:
>var: hw_health.storage['Controller on System
> Board']['logical_drives']
>
>
>
> Got output:
> TASK [debug]
> **
> ok: [localhost] => {
> "hw_health.storage['Controller on System Board']['logical_drives']": [
> {
> "encryption_status": "Not Encrypted",
> "label": "01",
> "physical_drives": [
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-1",
> "location": "1",
> "serial_number": "PWH12GVF",
> "status": "OK"
> },
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-2",
> "location": "2",
> "serial_number": "PWH12GWF",
> "status": "OK"
> },
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-3",
> "location": "3",
> "serial_number": "PWH12GXF",
> "status": "CRITICAL"
> }
> ],
> "status": "OK"
> }
> ]
> }
This makes it easier to understand structure of the variable, you should get
the critical ones with this
{{ hw_health.storage['Controller on System
Board']['logical_drives'][0]['physical_drives'] | selectattr('status',
'equalto', 'CRITICAL') | list }}
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2659697.GgzaTtlp0l%40x1.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Id from multiple machines?
I am pretty sure that if you loop, the registered variable will contain a
list of results, one from each iteration.
- name: Retrieve Orchid MID
uri:
url: "{{ item.url }}"
force_basic_auth: yes
user: admin
password: "{{ item.password }}"
timeout: 20
with_items: "{{ my_list_of_urls }}"
register: machineids
Your list would look like this:
vars:
my_list_of_urls:
- url: url_1
password: password_1
- url: url_2
password: password_2
- url: url_3
password: password_3
And afterwards, machineids should contain a list of machineid results. Use
debug to check the exact internal structure of the variable.
I HAVE NOT TESTED THIS, it is just a guess.
Regards, K.
On Wed, Jan 9, 2019 at 8:22 AM wrote:
> Hi. I'm attempting to retrieve a specific id from multiple machines with
> the uri module.
>
> The below ansible tasks can achieve the operation on one machine.
>
> What is the best way to retrieve the ID from several machines?
>
>
> - name: Retrieve Orchid MID
> uri:
> url: "{{ myurl }}"
> force_basic_auth: yes
> user: admin
> password: "{{ mypassword }}"
> timeout: 20
> register: machineid
>
> - name: DEBUG Retrieve Orchid MID
> debug:
> msg: "{{ machineid.json.orchids[0].mid }}"
>
> --
Karl Auer
Email : ka...@2pisoftware.com
Website: http://2pisoftware.com
GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08QYqy%3DsfpkwToa7mkMq70LWMpVRhQTNuaXpnpUQkm29ZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] How to get Ansible Tower to write to a backup folder
I have a very simple playbook that is backing up Cisco routers
---
# Playbook to Backup all config and produce show outputs
- hosts: localhost
gather_facts: false
tasks:
- name: Get ansible date/time facts
setup:
filter: "ansible_date_time"
gather_subset: "!all"
- name: Store DTG as fact
set_fact:
DTG: "{{ ansible_date_time.date }}"
- name: Create Directory {{hostvars.localhost.DTG}}
file:
path: ~/apefne/backups/{{hostvars.localhost.DTG}}
state: directory
- hosts: CSR-Routers
connection: local
gather_facts: false
tasks:
- name: Show Run on Device
ios_command:
commands:
- show run
register: config
- name: Save output to /etc/ansible/backups
copy:
content: "{{config.stdout[0]}}"
dest: "
/etc/ansible/backups/{{hostvars.localhost.DTG}}/{{inventory_hostname}}-{{hostvars.localhost.DTG}}-config.txt
" This works perfectly on my core install, I wanted to try it in tower but
can't see how to get it to save to the backups folder? The Debug says the
file has been written - but there are no files there? changed:
[CSR1-Remote] => { "changed": true, "checksum":
"876eac766de01bef2d647630200236405ea90a4d", "dest":
"/var/lib/awx/apefne/backups/2019-01-08/CSR1-Remote-2019-01-08-config.txt",
"diff": [], "gid": 999, "group": "awx", I have been advised to look at
Folders to expose but I can't see how to achieve this I want the playbook
to just save to backups to the date created folder in the backups
directory. Any guidance on this Tower behaviour would be appreciated Roger
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6209f1c2-d87e-4d12-abc0-6e7fc1bc2e6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Looping through a dictionary
As Kia Stan Olstad already said, you definitely need to be using with_items,
because int_output.interfaces is a list (according to the information you
have supplied).
To make sure that you are referencing the correct variable, add a debug
statement immediately before your "display output' task that just outputs
int_output:
- debug:
var: int_output
The error you are seeing always means that the variable you are using does
not contain what you think it contains, that you are using the wrong
variable, or that you are incorrectly dereferencing the contents of the
variable. The above debug statement should help you decide which.
Regards, K.
On Wed, Jan 9, 2019 at 2:32 AM Spiro Mitsialis
wrote:
> Hi,
> I have a dictionary and I need to set through it to extract data but
> cannot figure out how to do it.
>
> Dictionary looks like:
> "int_output": {
> "interfaces": [
> {
> "ipaddress": "unassigned",
> "method": "NVRAM",
> "name": "Vlan1",
> "ok": "YES",
> "protocol": "down",
> "status": "administratively down"
> },
> {
> "ipaddress": "172.31.35.8",
> "method": "NVRAM",
> "name": "Vlan99",
> "ok": "YES",
> "protocol": "up",
> "status": "up"
> },
> {
> "ipaddress": "unassigned",
> "method": "NVRAM",
> "name": "Vlan252",
> "ok": "YES",
> "protocol": "down",
> "status": "administratively down"
> }
> ]
> }
>
>
> I've tried using with_item and now trying with with_dict but cannot figure
> out how to make it work.
>
> ...
> - name: display output
> debug:
> var: "Name is {{ item.name }} and status is {{ item.status }}"
> with_dict: "{{ int_output.interfaces[0] }}"
>
> The above gives:
> TASK [display output]
> ***
> fatal: [burnside-poc-sw8.gw.mcgill.ca]: FAILED! => {"msg": "The task
> includes an option with an undefined variable. The error was : 'dict
> object' has no attribute 'name'\n\nThe error appears to have been in
> '/show_int_brief.yml': line 32, column 7, but may\nbe elsewhere in the file
> depending on the exact syntax problem.\n\nThe offending line appears to
> be:\n\n \n- name: display output\n ^ here\n"}
>
>
> Also tried:
> - name: display output
> debug:
> var: "Name is {{ item.name }} and status is {{ item.status }}"
> with_dict: int_output.interfaces[0]
>
> Above gives:
> TASK [display output]
> **
> fatal: [burnside-poc-sw8.gw.mcgill.ca]: FAILED! => {"msg": "with_dict
> expects a dict"}
>
> Any ideas good be appreciated.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d2f0f045-3228-40e9-ada1-d5f0dc5dd7a4%40googlegroups.com
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Karl Auer
Email : ka...@2pisoftware.com
Website: http://2pisoftware.com
GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08RfRYwU%3D7N0uJyuYoQ0EoLfPRcZ1Y5ShkQBOSBPwe16hw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Best practice to manage artifacts in Ansible
Have you tried Maven and Sonatype Nexus? On Tuesday, January 1, 2019 at 9:51:17 AM UTC-5, Sagar Parbhane wrote: > > Hi All, > > What is the best practice to manage artifacts like Jars files etc in > Ansible and if I want only client approve softwares which are are kept on > some location to be installed on my node systems then what is the best > practise to achieve this any specific modules that can be used in this > case. Also how the licence softwares installation can be manage in Ansible > Any link to some document will be a great help. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9f21d047-5229-4a79-88ed-518f4a4c4011%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Id from multiple machines?
Hi. I'm attempting to retrieve a specific id from multiple machines with
the uri module.
The below ansible tasks can achieve the operation on one machine.
What is the best way to retrieve the ID from several machines?
- name: Retrieve Orchid MID
uri:
url: "{{ myurl }}"
force_basic_auth: yes
user: admin
password: "{{ mypassword }}"
timeout: 20
register: machineid
- name: DEBUG Retrieve Orchid MID
debug:
msg: "{{ machineid.json.orchids[0].mid }}"
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4699739c-bad7-419e-91b9-4da445f539e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Find matched element in key value
Hi,
Edited the PB and it is
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: ILO Facts
hpilo_facts:
host: 10.20.64.51
login: xxx
password: xxx
delegate_to: localhost
- debug:
var: hw_health.storage['Controller on System
Board']['logical_drives']
Got output:
TASK [debug]
**
ok: [localhost] => {
"hw_health.storage['Controller on System Board']['logical_drives']": [
{
"encryption_status": "Not Encrypted",
"label": "01",
"physical_drives": [
{
"configuration": "Configured",
"version": "PD-0.7",
"label": "device-1",
"location": "1",
"serial_number": "PWH12GVF",
"status": "OK"
},
{
"configuration": "Configured",
"version": "PD-0.7",
"label": "device-2",
"location": "2",
"serial_number": "PWH12GWF",
"status": "OK"
},
{
"configuration": "Configured",
"version": "PD-0.7",
"label": "device-3",
"location": "3",
"serial_number": "PWH12GXF",
"status": "CRITICAL"
}
],
"status": "OK"
}
]
}
On Wednesday, January 9, 2019 at 2:28:03 AM UTC+5:30, Kai Stian Olstad
wrote:
>
> On Tuesday, 8 January 2019 21:35:54 CET Rama wrote:
> > Hi,
> >
> > With this playbook we still getting msg output with first debug that i
> > mentioned in my mail. It fails where second debug defined with
> 'selectattr'
>
> OK, then I understand where the output are from.
>
> Your with_dict debug task make things more confusing, it would be better
> to get the output of this task
>
> - debug:
> var: hw_health.storage['Controller on System Board']['logical_drives']
>
>
> --
> Kai Stian Olstad
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/fc426667-87a3-4011-8b29-35b932de41ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Find matched element in key value
On Tuesday, 8 January 2019 21:35:54 CET Rama wrote: > Hi, > > With this playbook we still getting msg output with first debug that i > mentioned in my mail. It fails where second debug defined with 'selectattr' OK, then I understand where the output are from. Your with_dict debug task make things more confusing, it would be better to get the output of this task - debug: var: hw_health.storage['Controller on System Board']['logical_drives'] -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3518641.0rm0VlVGUC%40x1. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Multipath: what is the meaning of the information contained variable "facter_multipath_status" ?
On Tuesday, 8 January 2019 20:31:36 CET Will O. wrote: > When I run "ansible all -m setup", one of the facts gathered is > "facter_multipath_status": "good". > I need to know what is being checked here. > >1. Is it just showing the status of multipathd >2. Does it indicate that all path are presents and running >3. What will be the status for missing path? >4. Where can I find the logic that populate this variable? All the facts that start with facter is because you have installed facter. Facter is sort off a Puppet thing so you should probably ask them https://docs.puppet.com/facter/ or check the source yourself. -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2046248.ogFpqksB15%40x1. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] 'ERROR!' Telnet 'is not a valid attribute to play
On Tuesday, 8 January 2019 19:54:58 CET Eduardo Nunes Pereira wrote: > Hello Everyone, > > > I use ansible 2.7, I'm trying to use the 'telnet' module to connect to > Cisco devices with IOS but it has the following error: '*ERROR!' Telnet 'is > not a valid attribute to play "*any ideas? You playbook is wrong. -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4049860.W6HoggC0ue%40x1. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Looping through a dictionary
On Tuesday, 8 January 2019 17:53:44 CET Spiro Mitsialis wrote: > Thanks it worked. > I get all this extra debug info. Is there a way to display only the 2nd > line: "msg": "Name is Vlan1 and status is administratively down"? Sure, but it depend on what of the information make you want to have that line. Is it because the name is Vlan1 or is it because the status is administratively down or the combination? The fist element in the list is int_output.interfaces.0 and the second is int_output.interfaces.1 and the third is int_output.interfaces.2, but you can choose which element based on it values, so it depends on your requirement. -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/57306293.1jr9AdJdCG%40x1. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Find matched element in key value
Hi,
With this playbook we still getting msg output with first debug that i
mentioned in my mail. It fails where second debug defined with 'selectattr'
On Monday, January 7, 2019 at 9:51:41 PM UTC+5:30, Rama wrote:
>
> Hi All,
>
> Our required in-built module gives huge output of different keys that have
> multiple values with objects. I used 'with_dict' and when to narrow and get
> desired output as below. Here also am facing a road block that how can I
> get the element where any value doesn't meet. How can get output of the
> block when "status": "CRITICAL" instead of all.
>
> Output:
> "msg": {
> "key": "devices",
> "value": [
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-1",
> "location": "1",
> "serial_number": "PWH12GVF",
> "status": "OK"
> },
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-2",
> "location": "2",
> "serial_number": "PWH12GWF",
> "status": "OK"
> },
> {
> "configuration": "Configured",
> "version": "PD-0.7",
> "label": "device-3",
> "location": "3",
> "serial_number": "PWH12GXF",
> "status": "CRITICAL"
> }
> ]
> }
>
>
>
> Desired output:
> "configuration": "Configured",
> version": "PD-0.7",
> "label": "device-3",
> "location": "3",
> "serial_number": "PWH12GXF",
> "status": "CRITICAL"
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4333560d-5759-41be-a45b-66e6aadc4f48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: ssl: the specified credentials were rejected by the server
There are multiple reasons why Windows will reject the credentials from Ansible which could be; - The user is not part of the local administrator group - As per your post this doesn't seem to be the case - You are running over http and basic auth doesn't support message encryption - As per your post you have set Allowunencrypted=true so this shouldn't be the case - Basic auth is disabled - Once again it looks like you have enabled it - You have not configured the LocalAccountTokenFilterPolicy to the value of 1 My bet is the last one, you can find out more info for this at https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows. Also our ConfigureRemotingForAnsible.ps1 https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 handles this for you, make sure you have a copy of the latest version if you are using this script. On a side note, you should not be sett Allowunencrypted=true as this opens a big security hole for WinRM and it isn't required for Ansible. Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f8caac70-b4e3-4ad0-baaa-4384eec88829%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Find matched element in key value
On Tuesday, 8 January 2019 18:26:54 CET Rama wrote:
> Hi,
>
> The playbook is as follows and highlighted text is added.
>
> ---
> - hosts: localhost
> connection: local
> gather_facts: no
> tasks:
>- name: ILO Facts
> hpilo_facts:
> host: 10.20.64.51
> login: xxx
> password: xxx
> delegate_to: localhost
>
>- debug:
>msg: "{{item}}"
> with_dict: "{{ hw_health.storage['Controller on System
> Board']['logical_drives'] }}"
> when:
> - "'physical_drives' in item.key"
>
>
>- debug:
> var: "{{ msg| selectattr('status', 'equalto', 'CRIRICAL') | list }}"
You don't have any variable in here called msg, so when you use msg in the
debug task it will fail with undefined variable.
In you first mail you did have an output that was called msg.
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4028874.LiXk1REK3k%40x1.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Multipath: what is the meaning of the information contained variable "facter_multipath_status" ?
When I run "ansible all -m setup", one of the facts gathered is "facter_multipath_status": "good". I need to know what is being checked here. 1. Is it just showing the status of multipathd 2. Does it indicate that all path are presents and running 3. What will be the status for missing path? 4. Where can I find the logic that populate this variable? Thanks, Will O. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/36570564-e623-4730-bed0-36cb2965bbc3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Possible to update target OS from an ISO?
We have several remote target machines running Ubuntu 12.04. Is it possible for Ansible to install Ubuntu 18.04 on the target machines from an ISO? I'm trying to avoid an update to 14.04 and then 16.04 and then 18.04. I'd like to avoid any updates at all and just do a fresh install of 18.04. If it's possible, could you briefly tell me the procedure? Thanks! Todd -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f8ca518e-805f-4fa5-b7c7-24bd65fdc7b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] 'ERROR!' Telnet 'is not a valid attribute to play
Hello Everyone, I use ansible 2.7, I'm trying to use the 'telnet' module to connect to Cisco devices with IOS but it has the following error: '*ERROR!' Telnet 'is not a valid attribute to play "*any ideas? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fdb60391-dfcb-4c95-afb8-55aef2b6f27f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Find matched element in key value
Hi,
The playbook is as follows and highlighted text is added.
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: ILO Facts
hpilo_facts:
host: 10.20.64.51
login: xxx
password: xxx
delegate_to: localhost
- debug:
msg: "{{item}}"
with_dict: "{{ hw_health.storage['Controller on System
Board']['logical_drives'] }}"
when:
- "'physical_drives' in item.key"
- debug:
var: "{{ msg| selectattr('status', 'equalto', 'CRIRICAL') | list }}"
On Tuesday, January 8, 2019 at 9:39:48 PM UTC+5:30, Kai Stian Olstad wrote:
>
> On Tuesday, 8 January 2019 14:31:23 CET Rama wrote:
> > Thank you for your reply. I added another 'debug', var with given jinja
> > variable. But unfortunately, it gives error with below. Can you please
> > assist.
> >
> >
> > fatal: [localhost]: FAILED! => {"msg": "The task includes an option with
> an
> > undefined variable. The error was: 'msg' is undefined\n\nThe error
> appears
> > to have been in '/root/devices..yml': line 20, column 6, but may\nbe
> > elsewhere in the file depending on the exact syntax problem.\n\nThe
> > offending line appears to be:\n\n\n - debug:\n ^ here\n"}
>
> Without the code there is nothing I can do to assist.
>
>
> --
> Kai Stian Olstad
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/819c1ec5-a925-4027-b7d7-2130e257b657%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: While executing Cloudera prerequistes playbook received below errors please help
Can you please check the playbook has any become_user parameter inside of
the playbook. It seems issue with ssh public key. Your ping command run
as '*cdhadmin*' user, The user's public key present on remote servers
hence the ping command ran successfully.
If possible please share the p
On Tuesday, January 8, 2019 at 4:26:05 PM UTC+5:30, ashok kumar penumudi
wrote:
>
> *sudo ansible-playbook -vvv cloudera-prerequisites.yml*
> ansible-playbook 2.7.5
> config file = /etc/ansible/ansible.cfg
> configured module search path = [u'/root/.ansible/plugins/modules',
> u'/usr/share/ansible/plugins/modules']
> ansible python module location = /usr/lib/python2.7/site-packages/ansible
> executable location = /bin/ansible-playbook
> python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5
> 20150623 (Red Hat 4.8.5-36)]
> Using /etc/ansible/ansible.cfg as config file
> /etc/ansible/hosts did not meet host_list requirements, check plugin
> documentation if this is unexpected
> /etc/ansible/hosts did not meet script requirements, check plugin
> documentation if this is unexpected
> Parsed /etc/ansible/hosts inventory source with ini plugin
>
> PLAYBOOK: cloudera-prerequisites.yml
> ***
> 2 plays in cloudera-prerequisites.yml
>
> PLAY [cloudera]
>
>
> TASK [Gathering Facts]
> *
> task path: /etc/ansible/cloudera-prerequisites.yml:2
> ESTABLISH SSH CONNECTION FOR USER: None
> SSH: EXEC ssh -C -o ControlMaster=auto -o
> ControlPersist=60s -o StrictHostKeyChecking=no -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 -o
> ControlPath=/root/.ansible/cp/b875bf0563 vboacisbs10.ad.infosys.com
> '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
> ESTABLISH SSH CONNECTION FOR USER: None
> SSH: EXEC ssh -C -o ControlMaster=auto -o
> ControlPersist=60s -o StrictHostKeyChecking=no -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 -o
> ControlPath=/root/.ansible/cp/83454b2d1b vboacisbs13.ad.infosys.com
> '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
> ESTABLISH SSH CONNECTION FOR USER: None
> SSH: EXEC ssh -C -o ControlMaster=auto -o
> ControlPersist=60s -o StrictHostKeyChecking=no -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 -o
> ControlPath=/root/.ansible/cp/b458d6cabe vboacisbs11.ad.infosys.com
> '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
> ESTABLISH SSH CONNECTION FOR USER: None
> SSH: EXEC ssh -C -o ControlMaster=auto -o
> ControlPersist=60s -o StrictHostKeyChecking=no -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 -o
> ControlPath=/root/.ansible/cp/8f63fe98fe vboacisbs12.ad.infosys.com
> '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
> (255, '', '\\S\nKernel \\r on an
> \\m\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
> fatal: [vboacisbs10.ad.infosys.com]: UNREACHABLE! => {
> "changed": false,
> "msg": "Failed to connect to the host via ssh: \\S\nKernel \\r on an
> \\m\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
> "unreachable": true
> }
> (255, '', 'IT IS AN OFFENSE TO CONTINUE
> WITHOUT PROPER AUTHORIZATION\nThis system is restricted to authorized
> users. Individuals attempting unauthorized access will be prosecuted. If
> unauthorized, terminate access now! Clicking on OK indicates your
> acceptance of the information in the background\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
> fatal: [vboacisbs13.ad.infosys.com]: UNREACHABLE! => {
> "changed": false,
> "msg": "Failed to connect to the host via ssh: IT IS AN OFFENSE TO
> CONTINUE WITHOUT PROPER AUTHORIZATION\nThis system is restricted to
> authorized users. Individuals attempting unauthorized access will be
> prosecuted. If unauthorized, terminate access now! Clicking on OK indicates
> your acceptance of the information in the background\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
> "unreachable": true
> }
> (255, '', 'IT IS AN OFFENSE TO CONTINUE
> WITHOUT PROPER AUTHORIZATION\nThis system is restricted to authorized
> users. Individuals attempting unauthorized acc
Re: [ansible-project] Looping through a dictionary
Thanks it worked.
I get all this extra debug info. Is there a way to display only the 2nd
line: "msg": "Name is Vlan1 and status is administratively down"?
TASK [display output]
**
ok: [burnside-poc-sw8.gw.mcgill.ca] => (item={'status': u'administratively
down', 'protocol': u'down', 'name': u'Vlan1', 'ok': u'YES', 'ipaddress':
u'unassigned', 'method': u'NVRAM'}) => {
"msg": "Name is Vlan1 and status is administratively down"
}
ok: [burnside-poc-sw8.gw.mcgill.ca] => (item={'status': u'up', 'protocol':
u'up', 'name': u'Vlan99', 'ok': u'YES', 'ipaddress': u'172.31.35.8',
'method': u'NVRAM'}) => {
"msg": "Name is Vlan99 and status is up"
}
ok: [burnside-poc-sw8.gw.mcgill.ca] => (item={'status': u'administratively
down', 'protocol': u'down', 'name': u'Vlan252', 'ok': u'YES', 'ipaddress':
u'unassigned', 'method': u'NVRAM'}) => {
"msg": "Name is Vlan252 and status is administratively down"
}
> int_output.interfaces is a list and you need to use with_items.
> - name: display output
debug:
var: "Name is {{ item.name }} and status is {{ item.status }}"
with_items: "{{ int_output.interfaces }}"
>
>
> --
Kai Stian Olstad
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/64d55e80-d77c-42c7-bc44-d126d99086f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Filtering variables
On Tuesday, 8 January 2019 17:28:08 CET John Harmon wrote: > Perfect, thx Kai. One follow-up question. Why getent_passwd[item] instead > of getentpasswd.[item] (notice the dot)? getent_passwd.user1 is the same as getent_passwd['user1'] it's just different syntax. But when you are using variables you need the [], if not item is taken as the string "item" and not the variable item. -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2084427.IkyajlO34N%40x1. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Filtering variables
Perfect, thx Kai. One follow-up question. Why getent_passwd[item] instead
of getentpasswd.[item] (notice the dot)?
On Tuesday, January 8, 2019 at 9:25:53 AM UTC-7, Kai Stian Olstad wrote:
>
> On Tuesday, 8 January 2019 17:18:29 CET John Harmon wrote:
> > I am using getent to search for user details; however, I only wish for
> > information regarding 3 users. I can't seem to find a way to get a
> filter
> > to work.
> >
> > - debug:
> > var: getent_passwd.('user1'|'user2'|'user3')
> >
> > I am doing something wrong, but could use a nudge in the right
> direction.
> > I know if I specify getent_passwd.user1, I see the info just for that
> > user... I am just trying to expand it to 3 users.
>
> - debug: var=getent_passwd[item]
> with_items:
> - user1
> - user2
> - user3
>
>
> --
> Kai Stian Olstad
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/603daf5b-fc20-48e2-9313-405529f7d831%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Filtering variables
On Tuesday, 8 January 2019 17:18:29 CET John Harmon wrote:
> I am using getent to search for user details; however, I only wish for
> information regarding 3 users. I can't seem to find a way to get a filter
> to work.
>
> - debug:
> var: getent_passwd.('user1'|'user2'|'user3')
>
> I am doing something wrong, but could use a nudge in the right direction.
> I know if I specify getent_passwd.user1, I see the info just for that
> user... I am just trying to expand it to 3 users.
- debug: var=getent_passwd[item]
with_items:
- user1
- user2
- user3
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2803103.WZDJ6xyQms%40x1.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Filtering variables
I am using getent to search for user details; however, I only wish for
information regarding 3 users. I can't seem to find a way to get a filter
to work.
- debug:
var: getent_passwd.('user1'|'user2'|'user3')
I am doing something wrong, but could use a nudge in the right direction.
I know if I specify getent_passwd.user1, I see the info just for that
user... I am just trying to expand it to 3 users.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/80ffa8e4-5967-475d-888f-1ba4ccfc58df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Looping through a dictionary
On Tuesday, 8 January 2019 16:32:43 CET Spiro Mitsialis wrote:
> Hi,
> I have a dictionary and I need to set through it to extract data but cannot
> figure out how to do it.
>
> Dictionary looks like:
> "int_output": {
> "interfaces": [
> {
> "ipaddress": "unassigned",
> "method": "NVRAM",
> "name": "Vlan1",
> "ok": "YES",
> "protocol": "down",
> "status": "administratively down"
> },
> {
> "ipaddress": "172.31.35.8",
> "method": "NVRAM",
> "name": "Vlan99",
> "ok": "YES",
> "protocol": "up",
> "status": "up"
> },
> {
> "ipaddress": "unassigned",
> "method": "NVRAM",
> "name": "Vlan252",
> "ok": "YES",
> "protocol": "down",
> "status": "administratively down"
> }
> ]
> }
>
>
> I've tried using with_item and now trying with with_dict but cannot figure
> out how to make it work.
>
> ...
> - name: display output
> debug:
> var: "Name is {{ item.name }} and status is {{ item.status }}"
> with_dict: "{{ int_output.interfaces[0] }}"
int_output.interfaces is a list and you need to use with_items.
- name: display output
debug:
var: "Name is {{ item.name }} and status is {{ item.status }}"
with_items: "{{ int_output.interfaces }}"
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5575366.dahrnb8LaO%40x1.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Find matched element in key value
On Tuesday, 8 January 2019 14:31:23 CET Rama wrote:
> Thank you for your reply. I added another 'debug', var with given jinja
> variable. But unfortunately, it gives error with below. Can you please
> assist.
>
>
> fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an
> undefined variable. The error was: 'msg' is undefined\n\nThe error appears
> to have been in '/root/devices..yml': line 20, column 6, but may\nbe
> elsewhere in the file depending on the exact syntax problem.\n\nThe
> offending line appears to be:\n\n\n - debug:\n ^ here\n"}
Without the code there is nothing I can do to assist.
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4984908.00edUGmZGx%40x1.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Looping through a dictionary
Hi,
I have a dictionary and I need to set through it to extract data but cannot
figure out how to do it.
Dictionary looks like:
"int_output": {
"interfaces": [
{
"ipaddress": "unassigned",
"method": "NVRAM",
"name": "Vlan1",
"ok": "YES",
"protocol": "down",
"status": "administratively down"
},
{
"ipaddress": "172.31.35.8",
"method": "NVRAM",
"name": "Vlan99",
"ok": "YES",
"protocol": "up",
"status": "up"
},
{
"ipaddress": "unassigned",
"method": "NVRAM",
"name": "Vlan252",
"ok": "YES",
"protocol": "down",
"status": "administratively down"
}
]
}
I've tried using with_item and now trying with with_dict but cannot figure
out how to make it work.
...
- name: display output
debug:
var: "Name is {{ item.name }} and status is {{ item.status }}"
with_dict: "{{ int_output.interfaces[0] }}"
The above gives:
TASK [display output]
***
fatal: [burnside-poc-sw8.gw.mcgill.ca]: FAILED! => {"msg": "The task
includes an option with an undefined variable. The error was : 'dict
object' has no attribute 'name'\n\nThe error appears to have been in
'/show_int_brief.yml': line 32, column 7, but may\nbe elsewhere in the file
depending on the exact syntax problem.\n\nThe offending line appears to
be:\n\n \n- name: display output\n ^ here\n"}
Also tried:
- name: display output
debug:
var: "Name is {{ item.name }} and status is {{ item.status }}"
with_dict: int_output.interfaces[0]
Above gives:
TASK [display output]
**
fatal: [burnside-poc-sw8.gw.mcgill.ca]: FAILED! => {"msg": "with_dict
expects a dict"}
Any ideas good be appreciated.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d2f0f045-3228-40e9-ada1-d5f0dc5dd7a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Find matched element in key value
Hi,
Thank you for your reply. I added another 'debug', var with given jinja
variable. But unfortunately, it gives error with below. Can you please
assist.
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an
undefined variable. The error was: 'msg' is undefined\n\nThe error appears
to have been in '/root/devices..yml': line 20, column 6, but may\nbe
elsewhere in the file depending on the exact syntax problem.\n\nThe
offending line appears to be:\n\n\n - debug:\n ^ here\n"}
On Monday, January 7, 2019 at 10:46:16 PM UTC+5:30, Kai Stian Olstad wrote:
>
> On Monday, 7 January 2019 17:21:41 CET Rama wrote:
> > Hi All,
> >
> > Our required in-built module gives huge output of different keys that
> have
> > multiple values with objects. I used 'with_dict' and when to narrow and
> get
> > desired output as below. Here also am facing a road block that how can
> I
> > get the element where any value doesn't meet. How can get output of the
> > block when "status": "CRITICAL" instead of all.
> >
> > Output:
> > "msg": {
> > "key": "devices",
> > "value": [
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-1",
> > "location": "1",
> > "serial_number": "PWH12GVF",
> > "status": "OK"
> > },
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-2",
> > "location": "2",
> > "serial_number": "PWH12GWF",
> > "status": "OK"
> > },
> > {
> > "configuration": "Configured",
> > "version": "PD-0.7",
> > "label": "device-3",
> > "location": "3",
> > "serial_number": "PWH12GXF",
> > "status": "CRITICAL"
> > }
> > ]
> > }
>
> You can use the Jinja selectattr
>
> {{ msg.value | selectattr('status', 'equalto', 'CRITICAL') | list }}
>
>
> --
> Kai Stian Olstad
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a63711f1-b2df-4ae5-a254-fa0c25fe2cf0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Template format error: YAML not well-formed.
Hi,
That issue is now fixed by re-doing that part of the code but introduced
with another error: S3 error: Requests specifying Server Side Encryption
with AWS KMS managed keys require AWS Signature Version 4. This is because
the S3 bucket is encrypted. I tried to create a temporary
unencrypted bucket and it works fine. I found a document and it says "to
use KMS with S3 encryption you have to set the signature version to v4
explicitly"
https://forums.aws.amazon.com/thread.jspa?threadID=165286
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
I am not sure where this needs to be updated, as I am running this code
from Cloud9 environment. I guess it is Python-Boto SDK.
On Tuesday, January 8, 2019 at 12:41:40 PM UTC, Dick Visser wrote:
>
> I suspect the issue is introduced by the copy/pasting.
> Can you pipe it directly to yamllint and tell us what that says?
>
> DIck
>
> On Tue, 8 Jan 2019 at 11:06, Kishore Ponniah > wrote:
> >
> > Please find my code below: I checked the code using YAML validator and
> looks like it is valid. But still complaining about Line 12 column 6.
> >
> > Any help please?
> >
> > ---
> > # This playbook builds IAM infrastructure in all configured accounts
> > - name: Install/Update RXGT Identity account CF templates
> > hosts: infrastructure
> > tasks:
> >
> > - name: Install/Update RXGT PS cross account CF templates
> > hosts: infrastructure
> > tasks:
> > # Support using STS temporary creds (optional)
> > # See readme.md
> > - name: get sts session token
> > sts_session_token:
> > duration_seconds: "{{ sts_session_duration | default(3600) }}"
> > # Support role policy with mandatory MFA
> > mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
> > mfa_token: "{{ sts_mfa_token | default(omit) }}"
> > register: sts_session_token
> > when: with_sts
> > tags:
> > rxgt-ps-identity-stack-deploy
> >
> > - name: retrieve sts credentials
> > set_fact:
> > sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
> > sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
> > sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
> > when: with_sts
> > tags:
> > rxgt-ps-identity-stack-deploy
> >
> > - name: debug role arns
> > debug:
> > msg: "Assuming role: {{ account_config.sts_role_arn }}"
> > verbosity: 1
> > loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> > loop_control:
> > loop_var: account_config
> > label: "{{ account_config.sts_role_arn }}"
> > tags:
> > rxgt-ps-identity-stack-deploy
> >
> > - name: assume cross account roles
> > sts_assume_role:
> > role_arn: "{{ account_config.sts_role_arn }}"
> > role_session_name: "ansibledeploy"
> > duration_seconds: "{{ sts_session_duration | default(3600) }}"
> > # Use STS temporary creds or fallback to aws cli/boto creds - see
> readme.md
> > aws_access_key: "{{ sts_access_key | default(omit) }}"
> > aws_secret_key: "{{ sts_secret_key | default(omit) }}"
> > security_token: "{{ sts_session_token | default(omit) }}"
> > # Support role policy with mandatory MFA
> > mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
> > mfa_token: "{{ sts_mfa_token | default(omit) }}"
> > loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> > loop_control:
> > loop_var: account_config
> > label: "{{ account_config.sts_role_arn }}"
> > #
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
>
> > register: assumed_roles_with_account_config
> > tags:
> > rxgt-ps-identity-stack-deploy
> >
> > - name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
> > cloudformation:
> > stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
> > state: present
> > region: "{{ account_config.1 }}"
> > aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
> > aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
> > security_token: "{{ account_config.0.sts_creds.session_token }}"
> > create_changeset: true
> > changeset_name: "{{ cf_changeset_name }}"
> > # Don't pass the cd-deploy-role to CF due to [possible privilege
> escalation](
> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
>
>
> > # for anyone able to perform stack updates.
> > # role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
> > template_url: "
> https://s3.console.aws.amazon.com/s3/buckets///xx/x/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
>
>
> > template_parameters: "{{
> account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
>
> }}"
> > termination_protection: no
> > tags: "{{ global_tags |
> combine(account_config.0.account_config.stacks['
Re: [ansible-project] Re: Template format error: YAML not well-formed.
I suspect the issue is introduced by the copy/pasting.
Can you pipe it directly to yamllint and tell us what that says?
DIck
On Tue, 8 Jan 2019 at 11:06, Kishore Ponniah wrote:
>
> Please find my code below: I checked the code using YAML validator and looks
> like it is valid. But still complaining about Line 12 column 6.
>
> Any help please?
>
> ---
> # This playbook builds IAM infrastructure in all configured accounts
> - name: Install/Update RXGT Identity account CF templates
> hosts: infrastructure
> tasks:
>
> - name: Install/Update RXGT PS cross account CF templates
> hosts: infrastructure
> tasks:
> # Support using STS temporary creds (optional)
> # See readme.md
> - name: get sts session token
> sts_session_token:
> duration_seconds: "{{ sts_session_duration | default(3600) }}"
> # Support role policy with mandatory MFA
> mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
> mfa_token: "{{ sts_mfa_token | default(omit) }}"
> register: sts_session_token
> when: with_sts
> tags:
> rxgt-ps-identity-stack-deploy
>
> - name: retrieve sts credentials
> set_fact:
> sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
> sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
> sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
> when: with_sts
> tags:
> rxgt-ps-identity-stack-deploy
>
> - name: debug role arns
> debug:
> msg: "Assuming role: {{ account_config.sts_role_arn }}"
> verbosity: 1
> loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.sts_role_arn }}"
> tags:
> rxgt-ps-identity-stack-deploy
>
> - name: assume cross account roles
> sts_assume_role:
> role_arn: "{{ account_config.sts_role_arn }}"
> role_session_name: "ansibledeploy"
> duration_seconds: "{{ sts_session_duration | default(3600) }}"
> # Use STS temporary creds or fallback to aws cli/boto creds - see readme.md
> aws_access_key: "{{ sts_access_key | default(omit) }}"
> aws_secret_key: "{{ sts_secret_key | default(omit) }}"
> security_token: "{{ sts_session_token | default(omit) }}"
> # Support role policy with mandatory MFA
> mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
> mfa_token: "{{ sts_mfa_token | default(omit) }}"
> loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
> rxgt_identity_account['account_config'])|list }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.sts_role_arn }}"
> #
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
> register: assumed_roles_with_account_config
> tags:
> rxgt-ps-identity-stack-deploy
>
> - name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
> cloudformation:
> stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
> state: present
> region: "{{ account_config.1 }}"
> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
> security_token: "{{ account_config.0.sts_creds.session_token }}"
> create_changeset: true
> changeset_name: "{{ cf_changeset_name }}"
> # Don't pass the cd-deploy-role to CF due to [possible privilege
> escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
> # for anyone able to perform stack updates.
> # role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
> template_url:
> "https://s3.console.aws.amazon.com/s3/buckets///xx/x/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
> template_parameters: "{{
> account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
> }}"
> termination_protection: no
> tags: "{{ global_tags |
> combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
> recursive=True) }}"
> # Convert to a list of dicts duplicated per region. See
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
> loop: "{{
> assumed_roles_with_account_config.results|subelements('account_config.regions',
> skip_missing=True) }}"
> loop_control:
> loop_var: account_config
> label: "{{ account_config.0.account_config.account_alias }}:{{
> account_config.1 }}"
> tags:
> rxgt-ps-identity-stack-deploy
>
> - name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
> cloudformation:
> stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
> state: present
> region: "{{ account_config.1 }}"
> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
> security_token: "{{ account_config.0.sts_creds.session_token }}"
> create_changeset: false
> changeset_name: "{{ cf_changeset_name }}"
> # Don't pass the cd-deploy-role to CF due to [possible privilege
> escalation](
[ansible-project] Ansible automation help
Hi,
We are working on cloudera installation using templates.
Templates are in JSON format, below is the sample:
1
2
3
"cdhVersion" : "5.7.0",
"displayName" : "Cluster 1",
"cmVersion" : "5.7.0",
"repositories": [
"http://cache-gce-central-1.gce.cloudera.com/repos/cdh5.7.0-static/parcels/5.7.0/";
,"http://cache-gce-central-1.gce.cloudera.com/archive/cdh4/parcels/4.7.1/";,.
.."],
"products" : [ {
"version" : "2.1.0-1.2.1.0.p0.20",
"product" : "KAFKA"
}, {
"version" : "1.6.0-1.cdh5.1.4.p0.116",
"product" : "ACCUMULO"
}, {
"version" : "5.7.0-1.cdh5.7.0.p0.46",
"product" : "CDH"
} ],
"refName" : "ZOOKEEPER-1",
"serviceType" : "ZOOKEEPER",
"serviceConfigs" : [ {
"name" : "enableSecurity",
"value" : "true"
} ],
"roleConfigGroups" : [ {
"refName" : "ZOOKEEPER-1-SERVER-BASE",
"roleType" : "SERVER",
"configs" : [ {
"name" : "zookeeper_server_java_heapsize",
"value" : "705691648"
} ],
1. *Ansible script should work like this:*
1) It should download the standard template from
repository/github/bitbucket.
2) Create a copy of that file
3) On the copy perform the following operations:
Replace by reading the value from the main DB.
Replace the by reading the value from the main DB.
Replace the CDH repo name.
Replace the by reading the value from the main DB.
Replace the by reading the value from the main DB.
4) Save the cluster instance template file with some standard naming
convention.
5) Check-in the file in Bitbucket branch or in github.
6) Save the details in the main DB.
Please help me on this.
Regards,
Shan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1d15ae51-077d-4950-b244-1fada99d528c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] While executing Cloudera prerequistes playbook received below errors please help
*sudo ansible-playbook -vvv cloudera-prerequisites.yml*
ansible-playbook 2.7.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible-playbook
python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5
20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
/etc/ansible/hosts did not meet host_list requirements, check plugin
documentation if this is unexpected
/etc/ansible/hosts did not meet script requirements, check plugin
documentation if this is unexpected
Parsed /etc/ansible/hosts inventory source with ini plugin
PLAYBOOK: cloudera-prerequisites.yml
***
2 plays in cloudera-prerequisites.yml
PLAY [cloudera]
TASK [Gathering Facts]
*
task path: /etc/ansible/cloudera-prerequisites.yml:2
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/b875bf0563 vboacisbs10.ad.infosys.com
'/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/83454b2d1b vboacisbs13.ad.infosys.com
'/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/b458d6cabe vboacisbs11.ad.infosys.com
'/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/8f63fe98fe vboacisbs12.ad.infosys.com
'/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
(255, '', '\\S\nKernel \\r on an
\\m\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [vboacisbs10.ad.infosys.com]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: \\S\nKernel \\r on an
\\m\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
(255, '', 'IT IS AN OFFENSE TO CONTINUE
WITHOUT PROPER AUTHORIZATION\nThis system is restricted to authorized
users. Individuals attempting unauthorized access will be prosecuted. If
unauthorized, terminate access now! Clicking on OK indicates your
acceptance of the information in the background\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [vboacisbs13.ad.infosys.com]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: IT IS AN OFFENSE TO
CONTINUE WITHOUT PROPER AUTHORIZATION\nThis system is restricted to
authorized users. Individuals attempting unauthorized access will be
prosecuted. If unauthorized, terminate access now! Clicking on OK indicates
your acceptance of the information in the background\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
(255, '', 'IT IS AN OFFENSE TO CONTINUE
WITHOUT PROPER AUTHORIZATION\nThis system is restricted to authorized
users. Individuals attempting unauthorized access will be prosecuted. If
unauthorized, terminate access now! Clicking on OK indicates your
acceptance of the information in the background\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [vboacisbs12.ad.infosys.com]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: IT IS AN OFFENSE TO
CONTINUE WITHOUT PROPER AUTHORIZATION\nThis system is restricted to
authorized users. Individuals attempting unauthorized access will be
prosecuted. If unauthorized, terminate access
Re: [ansible-project] Re: Template format error: YAML not well-formed.
Please find my code below: I checked the code using YAML validator and
looks like it is valid. But still complaining about Line 12 column 6.
Any help please?
---
# This playbook builds IAM infrastructure in all configured accounts
- name: Install/Update RXGT Identity account CF templates
hosts: infrastructure
tasks:
- name: Install/Update RXGT PS cross account CF templates
hosts: infrastructure
tasks:
# Support using STS temporary creds (optional)
# See readme.md
- name: get sts session token
sts_session_token:
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
register: sts_session_token
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: retrieve sts credentials
set_fact:
sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: debug role arns
debug:
msg: "Assuming role: {{ account_config.sts_role_arn }}"
verbosity: 1
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
tags:
rxgt-ps-identity-stack-deploy
- name: assume cross account roles
sts_assume_role:
role_arn: "{{ account_config.sts_role_arn }}"
role_session_name: "ansibledeploy"
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Use STS temporary creds or fallback to aws cli/boto creds - see readme.md
aws_access_key: "{{ sts_access_key | default(omit) }}"
aws_secret_key: "{{ sts_secret_key | default(omit) }}"
security_token: "{{ sts_session_token | default(omit) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
#
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
register: assumed_roles_with_account_config
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: true
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets///xx/x/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
}}"
termination_protection: no
tags: "{{ global_tags |
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: false
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets///xx/x/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{
account_confi
Re: [ansible-project] Re: Template format error: YAML not well-formed.
Please find my code below: So it complains about line 12 colum 6. I checked
using the Yaml validator and it is valid yaml.
---
# This playbook builds IAM infrastructure in all configured accounts
- name: Install/Update RXGT Identity account CF templates
hosts: infrastructure
tasks:
- name: Install/Update RXGT PS cross account CF templates
hosts: infrastructure
tasks:
# Support using STS temporary creds (optional)
# See readme.md
- name: get sts session token
sts_session_token:
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
register: sts_session_token
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: retrieve sts credentials
set_fact:
sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
when: with_sts
tags:
rxgt-ps-identity-stack-deploy
- name: debug role arns
debug:
msg: "Assuming role: {{ account_config.sts_role_arn }}"
verbosity: 1
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
tags:
rxgt-ps-identity-stack-deploy
- name: assume cross account roles
sts_assume_role:
role_arn: "{{ account_config.sts_role_arn }}"
role_session_name: "ansibledeploy"
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Use STS temporary creds or fallback to aws cli/boto creds - see readme.md
aws_access_key: "{{ sts_access_key | default(omit) }}"
aws_secret_key: "{{ sts_secret_key | default(omit) }}"
security_token: "{{ sts_session_token | default(omit) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
#
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
register: assumed_roles_with_account_config
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: true
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets/rxgt-ps-software-eu-west-1-061934891466/rxbootstrap/cloudformation/rxgtidentity/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
}}"
termination_protection: no
tags: "{{ global_tags |
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
tags:
rxgt-ps-identity-stack-deploy
- name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: false
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url:
"https://s3.console.aws.amazon.com/s3/buckets/rxgt-ps-software-eu-west-1-061934891466/rxbootstrap/cloudformation/rxgtidentity/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_paramete
[ansible-project] audit asnisble-playbook
hi, I'm having a security issue problem with Ansible. for policies, I have to know who did what. So, if I want to launch some playbooks and somehow cause trouble in the servers, I must bring back the information who did what on those servers. now the only information that I have is the servers audit log. and the playbooks log. but It's impossible to match univocally a record on the audit with a record on the ansible log, so it's impossible to know the human user. how this could be archived? thanks. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44c48396-fcb2-42b6-8295-7f393b642876%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
