[ansible-project] Ansible callback

[Jegan A]

Hello All,

Can anyone help me on this. I have requirement that send notify to LogicMonitor 
if any unexpected results are returned by ansible. I have checked supported 
callback module there I couldn't find any module for logicmonitor. Please 
help me one this how can I achieve this. If it can be achieved by 
writing custom callback plugin please share me good ref links how can write 
custom callback plugin for this one. Thanks in advance. 


 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/62f11607-5383-42ae-b395-68a8aa3a167d%40googlegroups.com.

[ansible-project] Ansible for openstack

[Rahul Kumar]

Hi All,
I have provisoned one instance with following order in openstack using
Ansible:
1. Download cloud image
2. upload cloud image in Openstack
3. created key pair
4. created network
5. created subnet
6. created router
7. created security group
8. created SG rule
9. created instance

and it went successfully. Now i want to remove the resources what order i
should follow:
I tried 1 task and it is success
1. delete SG rule

after that i am getting stuck because anything i try to delete , it has
association with some other resource.

Help me

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGH8rEx1f7jFdZ%2BR82jabVX3FUVyOTC6FB5LWdo%2BM9GakY77QQ%40mail.gmail.com.

[ansible-project] MANAGE LOGICMONITOR VIA ANSIBLE

[Pramod Thombare]

Hello Team ,

 i want to SDT logic monitor devices and device group via ansible ,  using 
the ansible doc i created playbook for same . but it shows module error , 
any one here can help me out of these issue . 

Regards,
Pramod Thombare 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d4ea397-ce1f-49db-a885-829daa5faea2%40googlegroups.com.

Re: [ansible-project] Ansible for openstack

[Sebastian Meyer]

Hi Rahul,

everything is connected to the instance, no? You can't deprovision sec
groups, network stuff or key_pairs while they are in use.

You'll have to remove the instance first.

Regards
Sebastian

On 05.08.19 09:19, Rahul Kumar wrote:
> Hi All,
> I have provisoned one instance with following order in openstack using
> Ansible:
> 1. Download cloud image
> 2. upload cloud image in Openstack
> 3. created key pair
> 4. created network
> 5. created subnet
> 6. created router
> 7. created security group
> 8. created SG rule
> 9. created instance
> 
> and it went successfully. Now i want to remove the resources what order i
> should follow:
> I tried 1 task and it is success
> 1. delete SG rule
> 
> after that i am getting stuck because anything i try to delete , it has
> association with some other resource.
> 
> Help me
> 

-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


-- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis 
 https://openstack-tage.de (Code DOST-B1) 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3c5f570b-09ee-0344-0b26-d9bd0d588bc3%40b1-systems.de.

Re: [ansible-project] Ansible for openstack

[Rahul Kumar]

Thanks Sebastien . I removed instance. but rest of all resources , i am not
able to predict order, below is my playbook:
---
- name: Create a test environment
  hosts: localhost
  vars:
cert_auth:
  ca_cert: /root/cabs12.crt
  tasks:
- name: Remove security group rule for ping
  os_security_group_rule:
cloud: mycloud
ca_cert: "{{ cert_auth.ca_cert }}"
security_group: test-security-group
protocol: icmp
state: absent
remote_ip_prefix: 0.0.0.0/0

- name: Remove security group rule for SSH
  os_security_group_rule:
cloud: mycloud
ca_cert: "{{ cert_auth.ca_cert }}"
security_group: test-security-group
protocol: tcp
state: absent
port_range_min: 22
port_range_max: 22
remote_ip_prefix: 0.0.0.0/0

- name: Remove  instance
  os_server:
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
cloud: mycloud
name: test-instance
image: myimage
key_name: dump_key
timeout: 200
flavor: v8.m4
network: test-network
auto_ip: yes
security_groups:
  - test-security-group
  register:
my_instance

   - name: Remove subnet
  os_subnet:
cloud: mycloud
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
network_name: test-network
name: test-subnet

- name: Remove security group
  os_security_group:
cloud: mycloud
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
name: test-security-group
description: Security group for our test instances

- name: Remove a router
  os_router:
cloud: mycloud
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
name: test-router
network: ext-net
interfaces:
  - test-subnet

- name: Remove network
  os_network:
cloud: mycloud
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
name: test-network
external: false
wait: yes

- name: Remove new keypair from current user's default SSH key
  os_keypair:
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
name: dump_key
public_key_file: "{{ '~' | expanduser }}/.ssh/id_rsa.pub"


- name: Remove Cloud Image from Openstack
  os_image:
name: myimage
container_format: bare
cloud: mycloud
ca_cert: "{{ cert_auth.ca_cert }}"
disk_format: qcow2
state: absent
is_public: no
filename: /root/tas/cirros-0.3.4-x86_64-disk.img

- name: Remove security group
  os_security_group:
cloud: mycloud
state: absent
ca_cert: "{{ cert_auth.ca_cert }}"
name: test-security-group
description: Security group for our test instances

On Mon, 5 Aug 2019 at 13:09, Sebastian Meyer  wrote:

> Hi Rahul,
>
> everything is connected to the instance, no? You can't deprovision sec
> groups, network stuff or key_pairs while they are in use.
>
> You'll have to remove the instance first.
>
> Regards
> Sebastian
>
> On 05.08.19 09:19, Rahul Kumar wrote:
> > Hi All,
> > I have provisoned one instance with following order in openstack using
> > Ansible:
> > 1. Download cloud image
> > 2. upload cloud image in Openstack
> > 3. created key pair
> > 4. created network
> > 5. created subnet
> > 6. created router
> > 7. created security group
> > 8. created SG rule
> > 9. created instance
> >
> > and it went successfully. Now i want to remove the resources what order i
> > should follow:
> > I tried 1 task and it is success
> > 1. delete SG rule
> >
> > after that i am getting stuck because anything i try to delete , it has
> > association with some other resource.
> >
> > Help me
> >
>
> --
> Sebastian Meyer
> Linux Consultant & Trainer
> Mail: me...@b1-systems.de
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>
>
> -- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis 
>  https://openstack-tage.de (Code DOST-B1) 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3c5f570b-09ee-0344-0b26-d9bd0d588bc3%40b1-systems.de
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGH8rEys2%2B0xc4w3knDQMp2Kg_-FCJToUUd0pMo3St_

Re: [ansible-project] MANAGE LOGICMONITOR VIA ANSIBLE

[Dick Visser]

Hi

Could you please tell clearly:

What you are trying to achieve
How you are doing this
What errors/problems you encounter (copied as text, not as binary
attachments/screenshots)
What the relevant tasks/playbooks/code/variables look like

thx

On Mon, 5 Aug 2019 at 09:34, Pramod Thombare  wrote:
>
> Hello Team ,
>
>  i want to SDT logic monitor devices and device group via ansible ,  using 
> the ansible doc i created playbook for same . but it shows module error , any 
> one here can help me out of these issue .
>
> Regards,
> Pramod Thombare
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/6d4ea397-ce1f-49db-a885-829daa5faea2%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwPd_N4D_26D5xf%2BRYJS-WSW7b3c_PVbD6Cszm7uADyN8A%40mail.gmail.com.

Re: [ansible-project] Ansible for openstack

[Dick Visser]

I have access to various Openstack clusters from different providers
and I found it was very much dependent on the way the cluster has been
setup, and also what version of openstack component were used.
It was hard to create a generic role/playbook that works well across
those providers.
Similarly, because of the different dependencies, destroying resources
was non-trivial, each provider was different.

Dick

On Mon, 5 Aug 2019 at 09:49, Rahul Kumar  wrote:
>
> Thanks Sebastien . I removed instance. but rest of all resources , i am not 
> able to predict order, below is my playbook:
> ---
> - name: Create a test environment
>   hosts: localhost
>   vars:
> cert_auth:
>   ca_cert: /root/cabs12.crt
>   tasks:
> - name: Remove security group rule for ping
>   os_security_group_rule:
> cloud: mycloud
> ca_cert: "{{ cert_auth.ca_cert }}"
> security_group: test-security-group
> protocol: icmp
> state: absent
> remote_ip_prefix: 0.0.0.0/0
>
> - name: Remove security group rule for SSH
>   os_security_group_rule:
> cloud: mycloud
> ca_cert: "{{ cert_auth.ca_cert }}"
> security_group: test-security-group
> protocol: tcp
> state: absent
> port_range_min: 22
> port_range_max: 22
> remote_ip_prefix: 0.0.0.0/0
>
> - name: Remove  instance
>   os_server:
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> cloud: mycloud
> name: test-instance
> image: myimage
> key_name: dump_key
> timeout: 200
> flavor: v8.m4
> network: test-network
> auto_ip: yes
> security_groups:
>   - test-security-group
>   register:
> my_instance
>
>- name: Remove subnet
>   os_subnet:
> cloud: mycloud
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> network_name: test-network
> name: test-subnet
>
> - name: Remove security group
>   os_security_group:
> cloud: mycloud
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> name: test-security-group
> description: Security group for our test instances
>
> - name: Remove a router
>   os_router:
> cloud: mycloud
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> name: test-router
> network: ext-net
> interfaces:
>   - test-subnet
>
> - name: Remove network
>   os_network:
> cloud: mycloud
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> name: test-network
> external: false
> wait: yes
>
> - name: Remove new keypair from current user's default SSH key
>   os_keypair:
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> name: dump_key
> public_key_file: "{{ '~' | expanduser }}/.ssh/id_rsa.pub"
>
>
> - name: Remove Cloud Image from Openstack
>   os_image:
> name: myimage
> container_format: bare
> cloud: mycloud
> ca_cert: "{{ cert_auth.ca_cert }}"
> disk_format: qcow2
> state: absent
> is_public: no
> filename: /root/tas/cirros-0.3.4-x86_64-disk.img
>
> - name: Remove security group
>   os_security_group:
> cloud: mycloud
> state: absent
> ca_cert: "{{ cert_auth.ca_cert }}"
> name: test-security-group
> description: Security group for our test instances
>
> On Mon, 5 Aug 2019 at 13:09, Sebastian Meyer  wrote:
>>
>> Hi Rahul,
>>
>> everything is connected to the instance, no? You can't deprovision sec
>> groups, network stuff or key_pairs while they are in use.
>>
>> You'll have to remove the instance first.
>>
>> Regards
>> Sebastian
>>
>> On 05.08.19 09:19, Rahul Kumar wrote:
>> > Hi All,
>> > I have provisoned one instance with following order in openstack using
>> > Ansible:
>> > 1. Download cloud image
>> > 2. upload cloud image in Openstack
>> > 3. created key pair
>> > 4. created network
>> > 5. created subnet
>> > 6. created router
>> > 7. created security group
>> > 8. created SG rule
>> > 9. created instance
>> >
>> > and it went successfully. Now i want to remove the resources what order i
>> > should follow:
>> > I tried 1 task and it is success
>> > 1. delete SG rule
>> >
>> > after that i am getting stuck because anything i try to delete , it has
>> > association with some other resource.
>> >
>> > Help me
>> >
>>
>> --
>> Sebastian Meyer
>> Linux Consultant & Trainer
>> Mail: me...@b1-systems.de
>>
>> B1 Systems GmbH
>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>>
>>
>> -- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis 
>>  https://openstack-tage.de (Code DOST-B1) 
>>
>> --
>> You received this message because you

Re: [ansible-project] MANAGE LOGICMONITOR VIA ANSIBLE

[Pramod Thombare]

give me a moment will post u with print screen 


On Monday, 5 August 2019 13:53:08 UTC+5:30, Dick Visser wrote:
>
> Hi 
>
> Could you please tell clearly: 
>
> What you are trying to achieve 
> How you are doing this 
> What errors/problems you encounter (copied as text, not as binary 
> attachments/screenshots) 
> What the relevant tasks/playbooks/code/variables look like 
>
> thx 
>
> On Mon, 5 Aug 2019 at 09:34, Pramod Thombare  > wrote: 
> > 
> > Hello Team , 
> > 
> >  i want to SDT logic monitor devices and device group via ansible , 
>  using the ansible doc i created playbook for same . but it shows module 
> error , any one here can help me out of these issue . 
> > 
> > Regards, 
> > Pramod Thombare 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/6d4ea397-ce1f-49db-a885-829daa5faea2%40googlegroups.com.
>  
>
>
>
>
> -- 
> Dick Visser 
> Trust & Identity Service Operations Manager 
> GÉANT 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9e7295c1-0167-493e-974b-ed272d006ba7%40googlegroups.com.

Re: [ansible-project] Ansible for openstack

[Rahul Kumar]

Hi dick
I am using Red hat distribution of Openstack.
And openstack --verison =3.19.0

Though , Currently i am just targeting one instance (and not even stack)
for starting purpose and i want to use
only red hat openstack platform and no other provider.

On Mon, 5 Aug 2019 at 13:56, Dick Visser  wrote:

> I have access to various Openstack clusters from different providers
> and I found it was very much dependent on the way the cluster has been
> setup, and also what version of openstack component were used.
> It was hard to create a generic role/playbook that works well across
> those providers.
> Similarly, because of the different dependencies, destroying resources
> was non-trivial, each provider was different.
>
> Dick
>
> On Mon, 5 Aug 2019 at 09:49, Rahul Kumar  wrote:
> >
> > Thanks Sebastien . I removed instance. but rest of all resources , i am
> not able to predict order, below is my playbook:
> > ---
> > - name: Create a test environment
> >   hosts: localhost
> >   vars:
> > cert_auth:
> >   ca_cert: /root/cabs12.crt
> >   tasks:
> > - name: Remove security group rule for ping
> >   os_security_group_rule:
> > cloud: mycloud
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > security_group: test-security-group
> > protocol: icmp
> > state: absent
> > remote_ip_prefix: 0.0.0.0/0
> >
> > - name: Remove security group rule for SSH
> >   os_security_group_rule:
> > cloud: mycloud
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > security_group: test-security-group
> > protocol: tcp
> > state: absent
> > port_range_min: 22
> > port_range_max: 22
> > remote_ip_prefix: 0.0.0.0/0
> >
> > - name: Remove  instance
> >   os_server:
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > cloud: mycloud
> > name: test-instance
> > image: myimage
> > key_name: dump_key
> > timeout: 200
> > flavor: v8.m4
> > network: test-network
> > auto_ip: yes
> > security_groups:
> >   - test-security-group
> >   register:
> > my_instance
> >
> >- name: Remove subnet
> >   os_subnet:
> > cloud: mycloud
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > network_name: test-network
> > name: test-subnet
> >
> > - name: Remove security group
> >   os_security_group:
> > cloud: mycloud
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > name: test-security-group
> > description: Security group for our test instances
> >
> > - name: Remove a router
> >   os_router:
> > cloud: mycloud
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > name: test-router
> > network: ext-net
> > interfaces:
> >   - test-subnet
> >
> > - name: Remove network
> >   os_network:
> > cloud: mycloud
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > name: test-network
> > external: false
> > wait: yes
> >
> > - name: Remove new keypair from current user's default SSH key
> >   os_keypair:
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > name: dump_key
> > public_key_file: "{{ '~' | expanduser }}/.ssh/id_rsa.pub"
> >
> >
> > - name: Remove Cloud Image from Openstack
> >   os_image:
> > name: myimage
> > container_format: bare
> > cloud: mycloud
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > disk_format: qcow2
> > state: absent
> > is_public: no
> > filename: /root/tas/cirros-0.3.4-x86_64-disk.img
> >
> > - name: Remove security group
> >   os_security_group:
> > cloud: mycloud
> > state: absent
> > ca_cert: "{{ cert_auth.ca_cert }}"
> > name: test-security-group
> > description: Security group for our test instances
> >
> > On Mon, 5 Aug 2019 at 13:09, Sebastian Meyer 
> wrote:
> >>
> >> Hi Rahul,
> >>
> >> everything is connected to the instance, no? You can't deprovision sec
> >> groups, network stuff or key_pairs while they are in use.
> >>
> >> You'll have to remove the instance first.
> >>
> >> Regards
> >> Sebastian
> >>
> >> On 05.08.19 09:19, Rahul Kumar wrote:
> >> > Hi All,
> >> > I have provisoned one instance with following order in openstack using
> >> > Ansible:
> >> > 1. Download cloud image
> >> > 2. upload cloud image in Openstack
> >> > 3. created key pair
> >> > 4. created network
> >> > 5. created subnet
> >> > 6. created router
> >> > 7. created security group
> >> > 8. created SG rule
> >> > 9. created instance
> >> >
> >> > and it went successfully. Now i want to remove the resources what
> order i
> >> > should follow:
> >> > I tried 1 task and it is success
> >> > 1. delete SG

Re: [ansible-project] Ansible callback

[Andrew Feller]

Hey Jegan,

I’ve had some luck building a custom ansible-runner plugin rather than building 
a custom callback.

https://ansible-runner.readthedocs.io/en/latest/external_interface.html

Only other way I know especially high degree of control and visibility

Sent from my iPhone

> On Aug 5, 2019, at 3:10 AM, Jegan A  wrote:
> 
> Hello All,
> 
> Can anyone help me on this. I have requirement that send notify to 
> LogicMonitor if any unexpected results are returned by ansible. I have 
> checked supported callback module there I couldn't find any module for 
> logicmonitor. Please help me one this how can I achieve this. If it can be 
> achieved by writing custom callback plugin please share me good ref links how 
> can write custom callback plugin for this one. Thanks in advance. 
> 
> 
>  
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/62f11607-5383-42ae-b395-68a8aa3a167d%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/293BD785-ED42-4D15-8F20-5E4B97DF8752%40gmail.com.

Re: [ansible-project] MANAGE LOGICMONITOR VIA ANSIBLE

[Pramod Thombare]

ANY UPDATE 






On Monday, 5 August 2019 14:16:31 UTC+5:30, Pramod Thombare wrote:
>
> Hello , 
> Thanks for reply .
>
> I have used below playbook from ansible docs to put device group in down 
> time (SDT) in Logicminitor (montoring tool)
>
>
> #example of putting a host group in SDT
> ---
> - hosts: localhost
>   remote_user: pthombare
>   vars:
> company: csod
> user: pthombare
> password: mypasword
>   tasks:
>   - name: SDT a host group
> # All tasks except for target=collector should use delegate_to: 
> localhost
> logicmonitor:
>   target: hostgroup
>   action: sdt
>   fullpath: ALL_DEVICES/_ALL_MAN
>   duration: 3000
>   starttime: '2019-08-04 05:06'
>
> [image: anisble-err.JPG]
>   company=: '{{ company }}'
>   user: '{{ user }}'
>   password: '{{ password }}'
>
> When i run these playbook it shows module error 
>
>
>
> ===
>
>
>
>
>
>
>
> On Monday, 5 August 2019 14:00:29 UTC+5:30, Pramod Thombare wrote:
>>
>> give me a moment will post u with print screen 
>>
>>
>> On Monday, 5 August 2019 13:53:08 UTC+5:30, Dick Visser wrote:
>>>
>>> Hi 
>>>
>>> Could you please tell clearly: 
>>>
>>> What you are trying to achieve 
>>> How you are doing this 
>>> What errors/problems you encounter (copied as text, not as binary 
>>> attachments/screenshots) 
>>> What the relevant tasks/playbooks/code/variables look like 
>>>
>>> thx 
>>>
>>> On Mon, 5 Aug 2019 at 09:34, Pramod Thombare  
>>> wrote: 
>>> > 
>>> > Hello Team , 
>>> > 
>>> >  i want to SDT logic monitor devices and device group via ansible , 
>>>  using the ansible doc i created playbook for same . but it shows module 
>>> error , any one here can help me out of these issue . 
>>> > 
>>> > Regards, 
>>> > Pramod Thombare 
>>> > 
>>> > -- 
>>> > You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group. 
>>> > To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible...@googlegroups.com. 
>>> > To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/6d4ea397-ce1f-49db-a885-829daa5faea2%40googlegroups.com.
>>>  
>>>
>>>
>>>
>>>
>>> -- 
>>> Dick Visser 
>>> Trust & Identity Service Operations Manager 
>>> GÉANT 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ca6a5f4b-abda-412b-997a-dc16e7724f9b%40googlegroups.com.

[ansible-project] Ansible VMWare Dynamic inventory script pulling Cluster IP instead of server IP

[Ankit]

I have been testing VMWare Dynamic inventory script (which ships with AWX 
4.0.0.0) and recently noticed an issue where the sync results in the 
dynamic inventory script pulling and updating the IP address for the server 
as the cluster IP of the server (for the servers which are built in cluster 
but works fine for all other servers). 

Is there any parameter which can be used to force the dynamic script to 
avoid this?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b5aa55c6-abb2-43b5-b95d-fad32728fad2%40googlegroups.com.

[ansible-project] tasks to manage repos

[Keith Mills]

I need you to add a task to manage repos into the base role. The task 
should perform actions to create the necessary repository entries in the 
host, then trigger an “update packages” type call to verify the host is 
running the latest packages. Repo files are currently located under 
library/repos/*

Care should be taken with the RHEL systems since they have a rolling-update 
model. Performing an update against the LinuxCOE content on a RHEL6 host 
will update everything and in turn, make a RHEL6.2 host into a RHEL6e host. 
I would leave RHEL alone until the end.

For the SLES hosts, the service pack level should normally be maintained. 
SP2 should receive the SP2 repo definition. The errata hosts should receive 
the errata repo. Errata servers should have a marker file located at 
/etc/buildadmin with content errata

This is what I have so far:

---
- hosts: buildservers
  remote_user: root


  tasks:
  - name: add epel repo
yum_repository:
  name: epel_repo
  description: EPEL YUM repo
  baseurl: file:///srv/repos/local
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-6.6Server-x86_64/RPMS.os
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/linuxcoe/Fedora-EPEL/6Server/x86_64
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-6.2Server-x86_64/RPMS.os
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/RedHat-yum/6.2Server/en/os/x86_64
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-6.4Server-x86_64/RPMS.os
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/Fedora-EPEL/6/x86_64
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/Fedora-EPEL/6/x86_64
  baseurl: file:///srv/repos/local
  baseurl: https://rpm.nodesource.com/pub_6.x/el/7/$basearch
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-ALT-7.4Server-aarch64/RPMS.os/
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-7.4Server-x86_64/RPMS.os
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/RedHat-updates-yum/7.4Server/en/os/x86_64
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-7.0Server-x86_64/RPMS.os
  baseurl: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/RedHat-updates-yum/7.0Server/en/os/x86_64
  baseurl: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/RHEL-8.0-BaseOS_Snapshot-4Server-x86_64/RPMS.os/
when:
  - (ansible_distribution|lower == "rhel" and 
ansible_distribution_major_version|int >= 6)
  - name: add apt repo
apt_repository:
  repo: deb 
http://sdgxfs.sde.rdlabs.hpecorp.net/snapshots/ftp.debian.org/2011.11.26 
squeeze main contrib
  repo: deb http://archive.debian.org/debian wheezy main contrib
  repo: deb http://deb.debian.org/debian/ jessie main contrib non-free
  state: present
when:
  - (ansible_distribution|lower == "debian" and 
ansible_distribution_major_version|int >= 6)
  - name: add zypper repo
zypper_repository:
  name: zypper_repository
  repo: file:/srv/repos/plaindir
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-11-SP4-SDK-x86_64/disc1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-updates/SLES11-SP4-Updates/sle-11-x86_64/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-11-SDK-x86_64/disc1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/x86_64/SLE-11-SDK/CD1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/x86_64/SLE-11-SDK/CD2/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/x86_64/SLES11/CD1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/x86_64/SLES11/CD2/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-11-SP1-SDK-x86_64/disc1/
  repo: baseurl=http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLES-11-SP1-x86_64/disc1/
  repo: baseurl=http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-updates/SLES11-SP1-Updates/sle-11-x86_64/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-yum/x86_64/SLES11-SP1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/i386/SLES11-SP1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE/i386/SLE11-SDK-SP1/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-11-SP2-SDK-x86_64/disc1/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLES-11-SP2-x86_64/disc1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-updates/SLES11-SP2-Updates/sle-11-x86_64/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-yum/x86_64/SLES11-SP2/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-11-SP3-SDK-x86_64/disc1/
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLES-11-SP3-x86_64/disc1/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-updates/SLES11-SP3-Updates/sle-11-x86_64/
  repo: http:
//linuxcoe9.houston.hpecorp.net/LinuxCOE/SuSE-yum/x86_64/SLES11-SP3/
  repo: file:/srv/repos/plaindir
  repo: http:
//blofly.us.rdlabs.hpecorp.net/mrepo/SLE-12-SP3-SDK-x86_64/disc1/
   

[ansible-project] Variable within variable

[Spiro Mitsialis]

I have the following and there may be several vlans per switch.  
"cisco_ios.vlans": {
"35": {
"id": "35",
"mtu": "1500",
"name": "CC_internal_subnet_35",
"ports": [
"GigabitEthernet1/0/1",
"GigabitEthernet1/0/2",
"GigabitEthernet1/0/20"
],
"status": "active"
},
"499": {
"id": "499",
"mtu": "1500",
"name": "Lync_VoIP_Burnside1",
"ports": [
""
],
"status": "active"
}
}

I want to be able to reference the data in here.  Example, I am looking to 
loop through al *.ports.  I'm trying to do the following which does not work

 vars:
   old_vlan: 35
   new_vlan: 45

  - name: Change vlan old_vlan to new_vlan for all ports in list
debug:
  msg: "Old VLAN is {{ old_vlan }} and port {{ item }} needs to be 
changed"
loop: '{{ cisco_ios.vlans["{{ old_vlan }}"].ports }}'

The following work:  loop: '{{ cisco_ios.vlans["35"].ports }}'
but how do I substitute 35 with the variable old_vlan which contains 35? 


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cd37806b-f4ce-4313-9043-6a33b1d1f638%40googlegroups.com.

Re: [ansible-project] Variable within variable

[Kai Stian Olstad]

On 05.08.2019 18:53, Spiro Mitsialis wrote:
> I have the following and there may be several vlans per switch.
>  "cisco_ios.vlans": {
>  "35": {
>  "id": "35",
>  "mtu": "1500",
>  "name": "CC_internal_subnet_35",
>  "ports": [
>  "GigabitEthernet1/0/1",
>  "GigabitEthernet1/0/2",
>  "GigabitEthernet1/0/20"
>  ],
>  "status": "active"
>  },
>  "499": {
>  "id": "499",
>  "mtu": "1500",
>  "name": "Lync_VoIP_Burnside1",
>  "ports": [
>  ""
>  ],
>  "status": "active"
>  }
>  }

Your vlans are string because of the quotes around 35 and 499.


> I want to be able to reference the data in here.  Example, I am looking to
> loop through al *.ports.  I'm trying to do the following which does not work
> 
>   vars:
> old_vlan: 35
> new_vlan: 45

You are here making variables with int.


>- name: Change vlan old_vlan to new_vlan for all ports in list
>  debug:
>msg: "Old VLAN is {{ old_vlan }} and port {{ item }} needs to be
> changed"
>  loop: '{{ cisco_ios.vlans["{{ old_vlan }}"].ports }}'

You can't have nested {{ }}, if you are in template mode you are in template 
mode so just loose the inner {{ }}.
But since your data is a string and you variable is a int you would need to 
filter you int's to a string 

  loop: '{{ cisco_ios.vlans[old_vlan | string].ports }}'

Or change old_vlan to a strings and do

  loop: '{{ cisco_ios.vlans[old_vlan].ports }}'


-- 
Kai Stian Olstad

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/acfaf6fb-d6c6-1d34-7ec8-15dd1d4a7da4%40olstad.com.

Re: [ansible-project] Ansible any_errors_fatal does not work as expected. Need Fix

[Sebastian Meyer]

Hi

On 05.08.19 18:58, Mohtashim S wrote:
> Ansible any_errors_fatal module does not work as expected. Below is my 
> ansible playbook which is expected to terminate execution as soon as it 
> encounters the first error.

your expectation is wrong. Ansible would execute any task following on
any host. E.g:

---
- hosts: all
  any_errors_fatal: True
  tasks:
- debug:
msg: 'Pseudo Error'
  failed_when: inventory_hostname == 'abc'

- debug:
msg: 'This runs nowhere'

Execution:

PLAY [all] ***
TASK [Gathering Facts] ***
ok: [abc]
ok: [def]

TASK [debug] *
fatal: [abc]: FAILED! => {
"msg": "Pseudo Error"
}
ok: [def] => {
"msg": "Pseudo Error"
}

NO MORE HOSTS LEFT ***

PLAY RECAP ***
abc : ok=1changed=0unreachable=0failed=1skipped=0
rescued=0ignored=0
def : ok=2changed=0unreachable=0failed=0skipped=0
rescued=0ignored=0

---

You could try something like this:

---
- hosts: localhost
  vars:
dirs:
  - /tmp/foo
  - /tmp/foo/bar
  - /tmp/foo/baz/bar
  - /tmp/foo/bar/baz
  - /tmp/foo/abc

  tasks:
- command: "mkdir {{ item }}"
  args:
warn: no
  register: cmd_result
  with_items:
- "{{ dirs }}"
  when:
- not cmd_result is defined or not cmd_result['failed']

Execution:

PLAY [localhost] *

TASK [Gathering Facts] ***
ok: [localhost]

TASK [command] ***
changed: [localhost] => (item=/tmp/foo)
changed: [localhost] => (item=/tmp/foo/bar)
failed: [localhost] (item=/tmp/foo/baz/bar) => {"ansible_loop_var":
"item", "changed": true, "cmd": ["mkdir", "/tmp/foo/baz/bar"], "delta":
"0:00:00.001926", "end": "2019-08-05 19:30:32.876289", "item":
"/tmp/foo/baz/bar", "msg": "non-zero return code", "rc": 1, "start":
"2019-08-05 19:30:32.874363", "stderr": "mkdir: cannot create directory
‘/tmp/foo/baz/bar’: No such file or directory", "stderr_lines": ["mkdir:
cannot create directory ‘/tmp/foo/baz/bar’: No such file or directory"],
"stdout": "", "stdout_lines": []}
skipping: [localhost] => (item=/tmp/foo/bar/baz)
skipping: [localhost] => (item=/tmp/foo/abc)

PLAY RECAP 
localhost : ok=1changed=0unreachable=0failed=1skipped=0
   rescued=0ignored=0


Sebastian

-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


-- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis 
 https://openstack-tage.de (Code DOST-B1) 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d2dcd344-046f-4920-42fd-63aaaf2de29d%40b1-systems.de.

[ansible-project] import_tasks: vs include: when using when: conditional

[Bob Tanner]

Simple tasks, where I want the "Remote git configuration" task to only be 
run when  apache2_configuration == 'git'

- debug:
msg: "DEBUG: {{ apache2_configuration }}"
  tags: apache2-servers

- name: Remote git configuration
  import_tasks: remote-git.yml
  when: apache2_configuration == 'git'
  tags: apache2-servers

Running ansible, apache2_configuration is "role" but for some reason the 
import_tasks: remote-git-yml is being imported?

TASK [apache2-servers : debug] 
*
ok: [www.aws.comap.com] => {
"msg": "DEBUG: role"
}

TASK [apache2-servers : X inside remote-git.yml] 
***

Trying with include: 

- debug:
msg: "DEBUG: {{ apache2_configuration }}"
  tags: apache2-servers

- name: Remote git configuration
  include: remote-git.yml
  when: apache2_configuration == "git"
  tags: apache2-servers

TASK [apache2-servers : debug] 
*
ok: [www.aws.comap.com] => {
"msg": "DEBUG: role"
}

TASK [apache2-servers : X inside remote-git.yml] 
***

I do not understand why import_tasks: or include: is importing/including 
remote-git.yml when apache2_configuration is not equal to git.

Any help?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38b657c1-2383-443d-b9e6-e6a62993cec0%40googlegroups.com.

Re: [ansible-project] import_tasks: vs include: when using when: conditional

[Sebastian Meyer]

Hi Bob,

On 05.08.19 23:21, Bob Tanner wrote:
> Simple tasks, where I want the "Remote git configuration" task to only be 
> run when  apache2_configuration == 'git'
> 
> I do not understand why import_tasks: or include: is importing/including 
> remote-git.yml when apache2_configuration is not equal to git.
> 
> Any help?
> 

So for me the following happens:

When the when condition is false import_tasks still imports the tasks
file, but skips all tasks in it. include_tasks on the other hand is
skipped as a task itself.

include without the _tasks (which you shouldn't use anymore) behaves a
lot like import_tasks in this case. If you want it to behave like
include_tasks, you'll have to set the static: no option to the include task.

If you look at the documentation, it's in the examples:

https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/utilities/logic/import_tasks.py#L58
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/utilities/logic/include_tasks.py#L70
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/utilities/logic/include.py#L79

Playbook:

---
- hosts: localhost
  roles:
- foobar

Role:

---
# foobar/tasks/main.yml
- debug:
var: config

- import_tasks: foo.yml
  when: config == 'git'

- include_tasks: foo.yml
  when: config == 'nogit'

- debug:
msg: 'End'

---
# foobar/tasks/foo.yml
- debug:
msg: ABCDE




ansible-playbook test.yml -e config=abc

PLAY [localhost] *

TASK [Gathering Facts] ***
ok: [localhost]

TASK [foobar : debug] 
ok: [localhost] => {
"config": "abc"
}

TASK [foobar : debug] 
skipping: [localhost]

TASK [foobar : include_tasks] 
skipping: [localhost]

TASK [foobar : debug] 
ok: [localhost] => {
"msg": "End"
}

PLAY RECAP [...]

Sebastian

-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


-- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis 
 https://openstack-tage.de (Code DOST-B1) 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/03758fba-ed8d-142a-2403-b52dd77189d5%40b1-systems.de.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Andrew Morgan]

ansible all -i inventory  
--private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm -k 
--become --ask-become-pass  -m command -a "/usr/sbin/useradd -s /bin/bash 
-m test"
SSH password:
BECOME password[defaults to SSH password]:
dev_jenkins | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to 54.236.183.46 closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}

I tried but nothing 

On Sunday, 4 August 2019 20:48:24 UTC-4, Sandip Bhattacharya wrote:
>
> On August 4, 2019 at 3:06:25 PM, Andrew Morgan (alonso...@gmail.com 
> (mailto:alonso...@gmail.com )) wrote: 
> > More verbose output   
> >   
> > ansible all -vvv -i inventory -m command -a "/usr/sbin/useradd -s 
> /bin/bash -m test" 
> --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm 
> --ask-become-pass -k   
>
> You are not really adding "—-become” here, even though you are supplying 
> the become password. I am not sure that supplying the become password 
> automatically enables "become”. 
>
> - Sandip 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1cbc81b3-0e23-438c-9600-78182a130c53%40googlegroups.com.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Andrew Morgan]

I tried --become, but it doesnt work either

ansible all -i inventory  
--private-key="/Users/confluencetrades/Desktop/andre.pem" -u andrewm -k 
--become --ask-become-pass  -m command -a "/usr/sbin/useradd -s /bin/bash 
-m test"
SSH password:
BECOME password[defaults to SSH password]:
dev_jenkins | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to 54.xx.183.46 closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}




On Sunday, 4 August 2019 20:48:24 UTC-4, Sandip Bhattacharya wrote:
>
> On August 4, 2019 at 3:06:25 PM, Andrew Morgan (alonso...@gmail.com 
> (mailto:alonso...@gmail.com )) wrote: 
> > More verbose output   
> >   
> > ansible all -vvv -i inventory -m command -a "/usr/sbin/useradd -s 
> /bin/bash -m test" 
> --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm 
> --ask-become-pass -k   
>
> You are not really adding "—-become” here, even though you are supplying 
> the become password. I am not sure that supplying the become password 
> automatically enables "become”. 
>
> - Sandip 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/912e179d-9382-4815-86c8-3fd2e6a26439%40googlegroups.com.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Sandip Bhattacharya]

 




On August 5, 2019 at 4:35:34 PM, Andrew Morgan 
(alonsoamor...@gmail.com(mailto:alonsoamor...@gmail.com)) wrote:

> Thank you, but I also tried that, but no luck  
>  
> > ansible all -i inventory 
> > --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm -k 
> > --become --ask-become-pass -m command -a "/usr/sbin/useradd -s /bin/bash -m 
> > test"
> > SSH password:
> 

Can you run with --debug and see the output? It shows the exact command 
executed remotely.

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d48bdfd.4d8a6eae.38c%40showmethesource.org.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Sandip Bhattacharya]

[ Yeah, it should have been -vvv and not --debug. I am missing up apps. :) My 
apologies. ] 




On August 5, 2019 at 4:45:33 PM, Andrew Morgan 
(alonsoamor...@gmail.com(mailto:alonsoamor...@gmail.com)) wrote:
> <54.236.183.46> ESTABLISH SSH CONNECTION FOR USER: andrewm
> <54.236.183.46> SSH: EXEC sshpass -d42 ssh -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o 
> 'IdentityFile="/Users/confluencetrades/Desktop/andrewm.pem"' -o 
> 'User="andrewm"' -o ConnectTimeout=10 -o 
> ControlPath=/private/var/root/.ansible/cp/a3358dc28d -tt 54.236.183.46 
> '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, 
> key=fahckbxvjwfjuwfziuxflwkbjtwbsyfl] password:" -u root /bin/sh -c 
> '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fahckbxvjwfjuwfziuxflwkbjtwbsyfl ; 
> /usr/bin/python 
> /home/andrewm/.ansible/tmp/ansible-tmp-1565048685.95-166747859799287/AnsiballZ_command.py'"'"'"'"'"'"'"'"'
>  && sleep 0'"'"''
> Escalation succeeded
> <54.236.183.46> (1, '\r\n', 'Shared connection to 54.236.183.46 closed.\r\n')
> <54.236.183.46> Failed to connect to the host via ssh: Shared connection to 
> 54.236.183.46 closed.

At this point, the only possible problem I can think of is sudo restrictions.

Are you sure you can run arbitrary commands via sudo on your box. My workplace 
doesn't let me execute shells via sudo, for example. We use a workaround to 
make sensible work.

e.g. Can you run on your remote box something like this?

    sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "

- Sandip


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d48c3d0.2073a8e4.38c%40showmethesource.org.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Sandip Bhattacharya]

On Mon, Aug 5, 2019, at 5:34 PM, Andrew Morgan wrote:
> Ahh, you are right, I am getting the error:
> 
> Sorry, user andrewm is not allowed to execute '/bin/sh -c echo hello from 
> bash; python -c 'print "hello"' ' as root on ip-10-0-0-162
> 
> but in ansible I am becoming root! Now when I become the root user I am able 
> to :
> # sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "
hello from bash
hello
> 
> 
> How can I fix this issue?


You need to change your sudo config to allow executing /bin/sh. This has always 
been an Ansible requirement - to be able to use privilege escalation, you need 
to let sudo run arbitrary commands.

The relevant config to fix  should be somewhere in /etc/sudoers or some file in 
/etc/sudoers.d. The specific config varies from installation to installation, 
and changing it has security implications. So if you have a different person 
handling system level setup (you mentioned in your first mail that there are 
certain security requirements at work) you should definitely work with them to 
change this, else you can leave your system vulnerable in an unexpected way. 
Else if you can do this yourself, look up "man sudoers" to understand the 
current config and change it.

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6b26a7ca-7d14-49d9-9bfb-5dac07401434%40www.fastmail.com.

Re: [ansible-project] Ansible [Errno 13] Permission denied

[Andrew Morgan]

Thanks! great info, it worked.

On Mon, 5 Aug 2019 at 21:17, Sandip Bhattacharya <
sand...@showmethesource.org> wrote:

>
>
> On Mon, Aug 5, 2019, at 5:34 PM, Andrew Morgan wrote:
> > Ahh, you are right, I am getting the error:
> >
> > Sorry, user andrewm is not allowed to execute '/bin/sh -c echo hello
> from bash; python -c 'print "hello"' ' as root on ip-10-0-0-162
> >
> > but in ansible I am becoming root! Now when I become the root user I am
> able to :
> > # sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "
> hello from bash
> hello
> >
> >
> > How can I fix this issue?
>
>
> You need to change your sudo config to allow executing /bin/sh. This has
> always been an Ansible requirement - to be able to use privilege
> escalation, you need to let sudo run arbitrary commands.
>
> The relevant config to fix  should be somewhere in /etc/sudoers or some
> file in /etc/sudoers.d. The specific config varies from installation to
> installation, and changing it has security implications. So if you have a
> different person handling system level setup (you mentioned in your first
> mail that there are certain security requirements at work) you should
> definitely work with them to change this, else you can leave your system
> vulnerable in an unexpected way. Else if you can do this yourself, look up
> "man sudoers" to understand the current config and change it.
>
> - Sandip
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAH6WU94PbBU6o8nytju-iNzA9Q-XJJ4Ks9Gj6V3%2BSZPw6O-kmg%40mail.gmail.com.

[ansible-project] Re: Ansible [Errno 13] Permission denied

[Andrew Morgan]

Issue was with my sudo permissions file. Thanks to Sandip , he was a great 
help.


On Sunday, 4 August 2019 18:06:11 UTC-4, Andrew Morgan wrote:
>
> Hello All, 
>
> Can I please get some help on this issue I have been trying to figure out 
> for hours now. When I run the below command:
>
> I am trying to run the below command from my:
>
> Mac and connect to an amazon linux 2 server
> Mac has ansible 2.8.2
> Mac has Python 2.7.10
> Server has Python 2.6.9
> My setup is such where I use private keys, but still need to enter a 
> password(its security precaution at work)
>
> ansible all -i inventory  --private-key="/Users/p/andrewm.pem" -u andrewm 
> -b -k -K -m command -a "/usr/sbin/useradd -s /bin/bash -m test"
>
>
> SSH password:
> BECOME password[defaults to SSH password]:
> dev_jenkins | FAILED! => {
> "ansible_facts": {
> "discovered_interpreter_python": "/usr/bin/python"
> },
> "changed": false,
> "module_stderr": "Shared connection to 54.x.183.46 closed.\r\n",
> "module_stdout": "\r\n",
> "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
> "rc": 1
> }
>
>>
>>
> I am able to ping  successfully
> ansible all -i inventory  -m ping --private-key=
> "/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm --ask-become-pass 
> -k
> SSH password:
> BECOME password[defaults to SSH password]:
> dev_jenkins | SUCCESS => {
> "ansible_facts": {
> "discovered_interpreter_python": "/usr/bin/python"
> },
> "changed": false,
> "ping": "pong"
> }
>
>
> More verbose output
>
> ansible all -vvv -i inventory  -m command -a "/usr/sbin/useradd -s 
> /bin/bash -m test" 
> --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm 
> --ask-become-pass  -k
> ansible 2.8.2
>   config file = /WALLETHUB/ansible/ansible.cfg
>   configured module search path = [u'/var/root/.ansible/plugins/modules', 
> u'/usr/share/ansible/plugins/modules']
>   ansible python module location = 
> /Library/Python/2.7/site-packages/ansible
>   executable location = /usr/local/bin/ansible
>   python version = 2.7.10 (default, Feb 22 2019, 21:55:15) [GCC 4.2.1 
> Compatible Apple LLVM 10.0.1 (clang-1001.0.37.14)]
> Using /WALLETHUB/ansible/ansible.cfg as config file
> SSH password:
> BECOME password[defaults to SSH password]:
> host_list declined parsing /WALLETHUB/ansible/inventory as it did not pass 
> it's verify_file() method
> script declined parsing /WALLETHUB/ansible/inventory as it did not pass 
> it's verify_file() method
> auto declined parsing /WALLETHUB/ansible/inventory as it did not pass it's 
> verify_file() method
> Parsed /WALLETHUB/ansible/inventory inventory source with ini plugin
> META: ran handlers
> <54.x.183.46> ESTABLISH SSH CONNECTION FOR USER: andrewm
> <54.x.183.46> SSH: EXEC sshpass -d43 ssh -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o 
> 'IdentityFile="/Users/confluencetrades/Desktop/andrewm.pem"' -o 
> 'User="andrewm"' -o ConnectTimeout=10 -o 
> ControlPath=/private/var/root/.ansible/cp/a3358dc28d 54.x.183.46 '/bin/sh 
> -c '"'"'echo ~andrewm && sleep 0'"'"''
> <54.2x.183.46> (0, '/home/andrewm\n', '')
> <54.x.183.46> ESTABLISH SSH CONNECTION FOR USER: andrewm
> <54.x.183.46> SSH: EXEC sshpass -d43 ssh -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o 
> 'IdentityFile="/Users/confluencetrades/Desktop/andrewm.pem"' -o 
> 'User="andrewm"' -o ConnectTimeout=10 -o 
> ControlPath=/private/var/root/.ansible/cp/a3358dc28d 54.x.183.46 '/bin/sh 
> -c '"'"'( umask 77 && mkdir -p "` echo 
> /home/andrewm/.ansible/tmp/ansible-tmp-1564955687.71-187487933428397 `" && 
> echo ansible-tmp-1564955687.71-187487933428397="` echo 
> /home/andrewm/.ansible/tmp/ansible-tmp-1564955687.71-187487933428397 `" ) 
> && sleep 0'"'"''
> <54.x.183.46> (0, 
> 'ansible-tmp-1564955687.71-187487933428397=/home/andrewm/.ansible/tmp/ansible-tmp-1564955687.71-187487933428397\n',
>  
> '')
>  Attempting python interpreter discovery
> <54.x.183.46> ESTABLISH SSH CONNECTION FOR USER: andrewm
> <54.2x.183.46> SSH: EXEC sshpass -d43 ssh -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o 
> 'IdentityFile="/Users/confluencetrades/Desktop/andrewm.pem"' -o 
> 'User="andrewm"' -o ConnectTimeout=10 -o 
> ControlPath=/private/var/root/.ansible/cp/a3358dc28d 54.2x.183.46 '/bin/sh 
> -c '"'"'echo PLATFORM; uname; echo FOUND; command -v 
> '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v 
> '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND &&

Re: [ansible-project] Ansible any_errors_fatal does not work as expected. Need Fix

[Mohtashim S]

So, if I understand you correctly there is no feature to abort the entire 
playbook run incase of a single error encountered?

The only solution that seems; is to have a when condition check on every tasks 
of a playbook.

The ansible documentation in this regards have been questioned in the past and 
seems confusing.

Documentation says: The any_errors_fatal play option will mark all hosts as 
failed if any fails, causing an immediate abort:

Now, if you look at my output any_errors_fatal does not mark all hosts as 
failed if the first one errors out; but checks explicitly for all hosts and all 
tasks.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/55167c04-05bc-4415-a7f4-23ddac370c49%40googlegroups.com.

Re: [ansible-project] Ansible any_errors_fatal does not work as expected. Need Fix

[Mohtashim S]

So, if I understand you correctly there is no feature to abort the entire 
playbook run incase of a single error encountered?
The only solution that seems; is to have a when condition check on every tasks 
of a playbook.

The ansible documentation in this regards have been questioned in the past and 
seems confusing.

Documentation says: The any_errors_fatal play option will mark all hosts as 
failed if any fails, causing an immediate abort:

Now, if you look at my output any_errors_fatal does not mark all hosts as 
failed if the first one errors out; but checks explicitly for all hosts and all 
tasks. Sadly, There is no immediate abort!!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73d43e85-6f7b-4ce0-93b3-f700823068c8%40googlegroups.com.

Re: [ansible-project] Ansible any_errors_fatal does not work as expected. Need Fix

[Mohtashim S]

So, if I understand you correctly there is no feature to abort the entire 
playbook run incase of a single error encountered?
The only solution that seems; is to have a when condition check on every tasks 
of a playbook.
The ansible documentation in this regards have been questioned in the past and 
seems confusing.

Documentation says: The any_errors_fatal play option will mark all hosts as 
failed if any fails, causing an immediate abort:

Now, if you look at my output any_errors_fatal does not mark all hosts as 
failed if the first one errors out; but checks explicitly for all hosts and all 
tasks. Sadly, There is no immediate abort contrary to the documentation!!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e9a07711-4a95-4a76-8edd-8d15cd3add8a%40googlegroups.com.

Re: [ansible-project] Ansible VMWare Dynamic inventory script pulling Cluster IP instead of server IP

[Ankit Vashistha]

Hello Community Members,

Could anyone please help by providing your expert opinion on this?

*Thanks*
*Ankit*

On Mon, Aug 5, 2019 at 6:15 PM Ankit  wrote:

> I have been testing VMWare Dynamic inventory script (which ships with AWX
> 4.0.0.0) and recently noticed an issue where the sync results in the
> dynamic inventory script pulling and updating the IP address for the server
> as the cluster IP of the server (for the servers which are built in cluster
> but works fine for all other servers).
>
> Is there any parameter which can be used to force the dynamic script to
> avoid this?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b5aa55c6-abb2-43b5-b95d-fad32728fad2%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACecUhug3-hOw%3DBR1D9qNAcW4LCWFZG9xyf%2BOHOQUUroHL%3Dekw%40mail.gmail.com.