Re: [ansible-project] How to avoid backslash and quote from variable

[P. Varsha]

Hello,
I am not working on cisco switches but try once - "show run interface
"\Gi9/1\" | i no cdp" .
check your commands once your using - "show run interface \" right because
of that you got error.

Thanks


On Tue, Apr 2, 2019 at 8:28 AM bikram40  wrote:

> Hello,
>
> I am running an audit against some interfaces on Cisco switches:
> Here is the task:
> - ios_command:
> provider: "{{ cli }}"
> commands: show run interface "{{ item }}" | i no cdp
> timeout: 15
>   register: no_cdp
>   with_items: "{{ interface_all.stdout_lines }}"
>
> From with_items the value of variables passing as "show run interface
> \"Gi9/1\" | i no cdp" which gives me an error as it has \" in both leading
> and trailing side of interface name.
>
> I tried  | regex_replace after item to avoid these two characters but no
> luck.
>
> Could you please help.
>
> Thanks,
> Bikram Biswas
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAEFfMJTTQEjjBHUq_iXjPSH5iAwB6unSYws%2BrKbk%2B79Eg2e58Q%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAA3T03%2BUff_ftstzjB6Tv9TW8F-Q-2-vscLR0GqV44AzDnLT9g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vault not decrypting in loops

[P. Varsha]

hello,
try once instead of two quotation use one.
thanks


On Tue, Apr 2, 2019 at 9:01 PM Guillaume D  wrote:

>   Hello,
>
> In some way, my vault's variables are not decrypted in my playbook
>
> I got a all.yml and vault.yml in the back.
>
> I meet this situation:
>
>   - set_fact:
>   secret_list: "--from-literal={{ item.name }}={{ item[environment]
> }} {{ (secret_list | default('')) }}"
> with_items: "{{ zabbix }}"
>
> output:
>
> --from-literal=zabbix_url={{ vault_zabbix_api_url_dev }} --from-literal=
> zabbix_url={{ vault_zabbix_api_key_dev }}
>
> The value are not decrypted.
>
>
> This way works when I access directly (not by item):
>
>   - set_fact:
>   secret_list: "--from-literal=zabbix_url={{ zabbix[0].dev }}
> --from-literal=zabbix_key={{ vault_zabbix_api_key_dev }}"
>
> output:
>
> --from-literal=zabbix_url=somevalue1 --from-literal=zabbix_url=somevalue2
>
>
> Do you have any clue?
>
> Thank
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7770fde0-4185-4640-be75-d3b0f7a4ed7f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAA3T03J0EBeEwmOkDN9w5JGB1q3b5poSXUsCkHLeHnRuKm2JtA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Fwd: Us congress hearing of maan alsaan Money laundry قضية الكونغجرس لغسيل الأموال للمليادير معن الصانع

[safi al]

YouTube videos of



 U.S. Congress money laundering hearing


of

Saudi Billionaire  " Maan  Al sanea"

 with *bank of America*


and  The  owner of Saad Hospital and  Schools

 in the Eastern Province in *Saudi Arabia*



and the Chairman of the Board of Directors of Awal Bank  in *Bahrain*


With Arabic Subtitles


http://www.youtube.com/watch?v=mIBNnQvhU8s





*موقع اليوتيوب الذي عرض جلسة استماع الكونجرس الأمريكي *

* لمتابعة نشاطات غسل الأموال ونشاطات*



*السعودي معن عبدالواحد الصانع*



*مالك مستشفى  وشركة سعد  ومدارس سعد بالمنطقة الشرقية بالسعودية   ورئيس مجلس
ادارة بنك اوال البحريني*



*مترجم باللغة العربية*



http://www.youtube.com/watch?v=mIBNnQvhU8s

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACKBTFGjLH-JoEDFcEr%3DHqRZHFFdfLghtGTQHPXSWG_sviyNTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

[Jon Adcock]

That got it !  Thank you for your help.

On Tuesday, April 2, 2019 at 2:23:04 PM UTC-4, Sebastian Meyer wrote:
>
> On 02.04.19 19:50, Jon Adcock wrote: 
> >that: getent_group.wheel|default(["", "", ""])[2] == "" 
>
> You'll need () around the getent and default: 
>
> that: (getent_group.wheel|default(["", "", ""]))[2] == "" 
>
> The above should work. 
>
> Sebastian 
> -- 
> Sebastian Meyer 
> Linux Consultant & Trainer 
> Mail: me...@b1-systems.de  
>
> B1 Systems GmbH 
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de 
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5afbec21-c68f-4588-8148-012d90f89679%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

[Sebastian Meyer]

On 02.04.19 19:50, Jon Adcock wrote:
>that: getent_group.wheel|default(["", "", ""])[2] == ""

You'll need () around the getent and default:

that: (getent_group.wheel|default(["", "", ""]))[2] == ""

The above should work.

Sebastian
-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/750f0cef-9d55-4fab-be0a-2641adf08616%40b1-systems.de.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

[Matt Martz]

Your formatting doesn't match mine. Notice the difference of `that` between
mine and yours.  `that` is ententes to be a list

On Tue, Apr 2, 2019 at 12:50 PM Jon Adcock  wrote:

> Thank you for your reply.  I am getting what appears to be a formatting
> error.  Here is the task from my playbook, and the error it is generating:
> ---
>   tasks:
>   - getent:
>database: group
>
> # Users in the default wheel group are automatically granted sudo
> privileges
>   - assert:
>that: getent_group.wheel|default(["", "", ""])[2] == ""
>msg: "The wheel group contains one or more users!"
> ---
> task path: /etc/ansible/playbooks/test1.yml:22
> fatal: [jon-rhel7]: FAILED! => {
> "msg": "The conditional check 'getent_group.wheel|default([\"\", \"\",
> \"\"])[2] == \"\"' failed. The error was: template error while templating
> string: expected token 'end of statement block', got '['. String: {% if
> getent_group.wheel|default([\"\", \"\", \"\"])[2] == \"\" %} True {% else
> %} False {% endif %}"
> }
>
> On Tuesday, April 2, 2019 at 12:28:14 PM UTC-4, Matt Martz wrote:
>>
>> You can use the `getent` module to do this.  Something like:
>>
>> - getent:
>> database: group
>>
>> - assert:
>> that:
>>   - getent_group.wheel|default(["", "", ""])[2] == ""
>>
>> On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  wrote:
>>
>>> I'm trying to add a task to my security playbook to ensure that there
>>> are no members in the default Linux wheel group.  This has turned out to be
>>> more difficult than I thought it would be.
>>>
>>> Can someone out there help get me started?  (ansible 2.7.9)
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> Matt Martz
>> @sivel
>> sivel.net
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/134b6341-8224-4881-94fa-6a7d7a964d07%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v82snondru_BPnEqnGqsZpEN8joG-wOA%3D0Edf7DmXsyAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Edit playbook to work with Packer Ansible Provisioner

[Raghavendra Rao]

Use hosts: all

More detailed discussion in:

https://stackoverflow.com/questions/21966246/packer-ansible-how-to-specify-the-inventory-file

-R.Rao

On Tue, 2 Apr 2019 at 23:40,  wrote:

> Hello,
>
> I’m trying to call a playbook from Packer for the first time. I’m using
> the Packer Ansible provisioner. The documentation says that Packer will
> “dynamically create an inventory file to use with the playbook” If this is
> the case, How should I edit my playbook? As it is now it has a “hosts”
> entry - should I just remove that? It looks like:
>
> - hosts: ec2lin
>
>   remote_user: ec2-user
>
>   become: yes
>
>   become_user: root
>
>   tasks:
>
>   - name: run yum update -y using yum module
>
> yum:
>
>   name: "*"
>
>   state: latest
>
> Thank You much for any help
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d64c9bd8-ed4f-4066-bac9-1e0a19e1b367%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKbF63iBXNM2Rkrr1evN1Ou9u03wCAsbyz_axteWthLu2_%3DcZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Edit playbook to work with Packer Ansible Provisioner

[Sebastian Meyer]

On 02.04.19 20:10, gigit1...@gmail.com wrote:
> 
> 
> Hello, 
> 
> I’m trying to call a playbook from Packer for the first time. I’m using the 
> Packer Ansible provisioner. The documentation says that Packer will 
> “dynamically create an inventory file to use with the playbook” If this is 
> the case, How should I edit my playbook? As it is now it has a “hosts” 
> entry - should I just remove that? 

Use hosts: all

Packer only makes the one host available in the inventory.

Sebastian

> It looks like:
> 
> - hosts: ec2lin
> 
>   remote_user: ec2-user
> 
>   become: yes
> 
>   become_user: root
> 
>   tasks:
> 
>   - name: run yum update -y using yum module
> 
> yum:
> 
>   name: "*"
> 
>   state: latest
> 
> Thank You much for any help
> 

-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e79621a5-d86e-0f6c-d3a6-69a6035bf593%40b1-systems.de.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Edit playbook to work with Packer Ansible Provisioner

[gigit1000]

Hello, 

I’m trying to call a playbook from Packer for the first time. I’m using the 
Packer Ansible provisioner. The documentation says that Packer will 
“dynamically create an inventory file to use with the playbook” If this is 
the case, How should I edit my playbook? As it is now it has a “hosts” 
entry - should I just remove that? It looks like:

- hosts: ec2lin

  remote_user: ec2-user

  become: yes

  become_user: root

  tasks:

  - name: run yum update -y using yum module

yum:

  name: "*"

  state: latest

Thank You much for any help

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d64c9bd8-ed4f-4066-bac9-1e0a19e1b367%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

[Jon Adcock]

Thank you for your reply.  I am getting what appears to be a formatting 
error.  Here is the task from my playbook, and the error it is generating:
---
  tasks:
  - getent:
   database: group

# Users in the default wheel group are automatically granted sudo privileges
  - assert:
   that: getent_group.wheel|default(["", "", ""])[2] == ""
   msg: "The wheel group contains one or more users!"
---
task path: /etc/ansible/playbooks/test1.yml:22
fatal: [jon-rhel7]: FAILED! => {
"msg": "The conditional check 'getent_group.wheel|default([\"\", \"\", 
\"\"])[2] == \"\"' failed. The error was: template error while templating 
string: expected token 'end of statement block', got '['. String: {% if 
getent_group.wheel|default([\"\", \"\", \"\"])[2] == \"\" %} True {% else 
%} False {% endif %}"
}

On Tuesday, April 2, 2019 at 12:28:14 PM UTC-4, Matt Martz wrote:
>
> You can use the `getent` module to do this.  Something like:
>
> - getent:
> database: group
>
> - assert:
> that:
>   - getent_group.wheel|default(["", "", ""])[2] == ""
>
> On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  > wrote:
>
>> I'm trying to add a task to my security playbook to ensure that there are 
>> no members in the default Linux wheel group.  This has turned out to be 
>> more difficult than I thought it would be.
>>
>> Can someone out there help get me started?  (ansible 2.7.9)
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/134b6341-8224-4881-94fa-6a7d7a964d07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] IOS Command ARP Issue

[Emir Hayric]

I am trying to develop a Playbook which will reference an external 
variables file that contains numerous MAC addresses that I want to 
interrogate a network core device for.

If I use a very simple playbook just showing the entire ARP table such as 
this I get the expected results as show.

---
- name: IP From Arp For ISE Cleanup
  hosts: CoreTest
  gather_facts: false
  connection: network_cli

  tasks:

#Execute commands on specified hosts, interating through imported items.
  - name: Interrogate ARP Tables on Customer Core Devices
ios_command:
  commands: sh ip arp vrf ipt 
register: results

#Print Results
  - name: Print Results
debug:
  msg: "{{ results }}"

stdout_lines:
- - Protocol  Address  Age (min)  Hardware Addr   Type  
 Interface
  - Internet  172.17.x.x  -   .0c9f.f1fc  ARPA   Vlan508
  - Internet  172.17.x.x110   001f.6dcc.5e4a  ARPA   Vlan508
  - Internet  172.17.x.x 77   001f.6dcc.5447  ARPA   Vlan508


However when I use the include filter and point to an external variables 
files which includes the specific MAC addresses I want to find the debug 
output doesn't show me that it ever gets the IP addresses.

Can anyone tell me why this is happening?

---

- name: IP From Arp For ISE Cleanup
  hosts: CoreTest
  gather_facts: false
  connection: network_cli

  tasks:
# Imports the variables
  - name: Include MAC Addresses From External File
include_vars:
  file: mac_addresses.yml
  name: mac_addresses

#Execute commands on specified hosts, interating through imported items.
  - name: Interrogate ARP Tables on Customer Core Devices
ios_command:
  commands: sh ip arp vrf ipt | include "{{ item }}"
with_items: "{{ mac_addresses.macs }}"
register: results

#Print Results
  - name: Print Results
debug:
  msg: "{{ item }}"
with_items: "{{ mac_addresses.macs }}"

TASK [Include MAC Addresses From External File] 
***
task path: /etc/ansible/ip_arp.yml:10
ok: [Switch.Sc] => changed=false 
  ansible_facts:
mac_addresses:
  macs:
  - 001a.e82a.9f0d
  - 001a.e82a.9f71
  ansible_included_var_files:
  - /etc/ansible/mac_addresses.yml
TASK [Interrogate ARP Tables on Customer Core Devices] 
*
ok: [Switch.Sc] => (item=001a.e82a.9f0d) => changed=false 
  invocation:
module_args:
  auth_pass: null
  authorize: null
  commands:
  - sh ip arp vrf ipt | include "001a.e82a.9f0d"
  host: null
  interval: 1
  match: all
  password: null
  port: null
  provider: null
  retries: 10
  ssh_keyfile: null
  timeout: null
  username: null
  wait_for: null
  item: 001a.e82a.9f0d
  stdout:
  - ''
  stdout_lines: 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1367f1c4-c37b-4cb4-9dad-376c4b023415%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

[Matt Martz]

You can use the `getent` module to do this.  Something like:

- getent:
database: group

- assert:
that:
  - getent_group.wheel|default(["", "", ""])[2] == ""

On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  wrote:

> I'm trying to add a task to my security playbook to ensure that there are
> no members in the default Linux wheel group.  This has turned out to be
> more difficult than I thought it would be.
>
> Can someone out there help get me started?  (ansible 2.7.9)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v-s3JtKqZX42a7sVe5rV1B75t7SYAcmpzFPYFfqsv4S2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Check Number Of Wheel Group Members

[Jon Adcock]

I'm trying to add a task to my security playbook to ensure that there are 
no members in the default Linux wheel group.  This has turned out to be 
more difficult than I thought it would be.

Can someone out there help get me started?  (ansible 2.7.9)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] workaround for serial: 1 failures stopping the entire playbook?

[Andrew Caldwell]

Hello,

This has probably been addressed 1000 times before, but I can't seem to 
find an answer (if this is even possible) on how, when running a play 
within a playbook on serial: 1, to have a node fail a task that would be 
fatal for the node, but not for the remaining nodes that have not run yet, 
and Ansible skip the rest of the play for just that one node, moving on to 
the next node in the batch.

I have a scenario where I want to perform OS patching on a large-ish group 
of servers in a hadoop cluster with no downtime to the cluster itself. So I 
am using serial: 1 when performing the patching tasks for each node - put 
it in maintenance mode, take it out of the cluster, patch, reboot, re-join 
the cluster, and do some basic health checks.

However if any one of these tasks fails in serial: 1 mode, Ansible 
considers the entire play failed and will not run against any remaining 
nodes. Since this is a large cluster (50 nodes), a failure on a single node 
isn't a showstopper and shouldn't stop the rest of the nodes from 
performing their OS patching. 

I'd like to know if there is a way around Ansible stopping an entire play 
for all nodes if a single node fails when running in serial: 1. From what 
I've read on the google there doesn't seem to be a way to do this short of 
setting serial: 2(+), but I thought I'd ask.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/29de3d70-5040-4606-8ccd-836f8ce4be5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] vault not decrypting in loops

[Guillaume D]

  Hello,

In some way, my vault's variables are not decrypted in my playbook

I got a all.yml and vault.yml in the back.

I meet this situation:

  - set_fact:
  secret_list: "--from-literal={{ item.name }}={{ item[environment] }} 
{{ (secret_list | default('')) }}"
with_items: "{{ zabbix }}"

output: 

--from-literal=zabbix_url={{ vault_zabbix_api_url_dev }} --from-literal=
zabbix_url={{ vault_zabbix_api_key_dev }}

The value are not decrypted.


This way works when I access directly (not by item):

  - set_fact:   
  secret_list: "--from-literal=zabbix_url={{ zabbix[0].dev }} 
--from-literal=zabbix_key={{ vault_zabbix_api_key_dev }}"

output: 

--from-literal=zabbix_url=somevalue1 --from-literal=zabbix_url=somevalue2


Do you have any clue?

Thank

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7770fde0-4185-4640-be75-d3b0f7a4ed7f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] more freedom and options for `run_once`

['Uffi Schnuffi' via Ansible Project]

Currently something like the following:

```
- 
  run_once: true
  when: item == true
  with_random_choice:
- true
- false
```

Will run only once even when the task is skipped (`item = false`).

There are cases when it is desired to run a task until it was run 
successfully for the first time.

What if `run_once` offered a bit more options?

`run_once: success`: Run until the task is successfully run on a host
`run_once: not_skipped`: Run until task was not skipped



Or an additional task keyword (which sounds even better):

`run_until: `

That would allow great freedom in deciding until when a task is run. 

It also separates well from the `until` task keyword which is used with 
`retries`.


Git issues about the current limitation:
https://github.com/ansible/ansible/issues/23594
https://github.com/ansible/ansible/issues/11496
https://github.com/ansible/ansible/issues/18821
https://github.com/ansible/ansible/issues/13226

Threads:
https://groups.google.com/forum/#!topic/ansible-project/CNTYdNHaWqM
https://groups.google.com/forum/#!topic/ansible-project/0YIQktue6uA


What do you think?


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/968abbfc-de26-4ce8-b7c0-cefa0df7732b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.