Re: [ansible-project] user change

2020-06-12 Thread Asiful Haque 
https://docs.ansible.com/ansible/latest/user_guide/become.html

Br,
Md Asiful Haque


From: Asiful Haque 
Sent: Saturday, June 13, 2020 8:03:51 AM
To: ansible-project@googlegroups.com 
Subject: Re: [ansible-project] user change

Here is the documentation for switching user or privilege escalation

Br,
Md Asiful Haque


From: Asiful Haque 
Sent: Saturday, June 13, 2020 7:54:48 AM
To: ansible-project@googlegroups.com 
Subject: Re: [ansible-project] user change

You can use
become: yes
become_user: your user
become_method: sudo/su (default sudo)

Br,
Md Asiful Haque

From: ansible-project@googlegroups.com  on 
behalf of Rajeeb sahoo 
Sent: Saturday, June 13, 2020 3:20:57 AM
To: Ansible Project 
Subject: [ansible-project] user change

user change form root to new_user at the time of playbook running

like a user created and one service will run under root and 2 nd service will 
run as new_user




--
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26fff221-0e73-4dc1-b198-5933569ef2e8o%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/DB7PR02MB4156F77DB8293AE65B768A07A29E0%40DB7PR02MB4156.eurprd02.prod.outlook.com.

Re: [ansible-project] user change

2020-06-12 Thread Asiful Haque 
Here is the documentation for switching user or privilege escalation

Br,
Md Asiful Haque


From: Asiful Haque 
Sent: Saturday, June 13, 2020 7:54:48 AM
To: ansible-project@googlegroups.com 
Subject: Re: [ansible-project] user change

You can use
become: yes
become_user: your user
become_method: sudo/su (default sudo)

Br,
Md Asiful Haque

From: ansible-project@googlegroups.com  on 
behalf of Rajeeb sahoo 
Sent: Saturday, June 13, 2020 3:20:57 AM
To: Ansible Project 
Subject: [ansible-project] user change

user change form root to new_user at the time of playbook running

like a user created and one service will run under root and 2 nd service will 
run as new_user




--
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26fff221-0e73-4dc1-b198-5933569ef2e8o%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/DB7PR02MB4156B3CF7336F681611E3A04A29E0%40DB7PR02MB4156.eurprd02.prod.outlook.com.

Re: [ansible-project] user change

2020-06-12 Thread Asiful Haque 
You can use
become: yes
become_user: your user
become_method: sudo/su (default sudo)

Br,
Md Asiful Haque

From: ansible-project@googlegroups.com  on 
behalf of Rajeeb sahoo 
Sent: Saturday, June 13, 2020 3:20:57 AM
To: Ansible Project 
Subject: [ansible-project] user change

user change form root to new_user at the time of playbook running

like a user created and one service will run under root and 2 nd service will 
run as new_user




--
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26fff221-0e73-4dc1-b198-5933569ef2e8o%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/DB7PR02MB4156A1EABB2D1D0B68EC8791A29E0%40DB7PR02MB4156.eurprd02.prod.outlook.com.

Re: [ansible-project] ansible tower - command works BUT playbook fails to connect to the host via ssh

2020-06-12 Thread Thanh Nguyen Duc 
Try to run with sudo?

Sent from my iPhone

> On Jun 12, 2020, at 23:55, Stefan Hornburg (Racke)  wrote:
> 
> On 6/12/20 5:31 PM, Laci wrote:
>> In my ansible tower I can execute a command successfully on a remote server, 
>> however when I try to run a playbook I get:
>> 
>> {
>> "msg": "Failed to connect to the host via ssh: Warning: Permanently 
>> added 'hostname,10.1.4.66' (ECDSA) to the list
>> of known hosts.\r\nPermission denied 
>> (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).",
>> "unreachable": true,
>> "changed": false
>> }
>> 
>> Seems to be a weird issue, did someone saw and solved this before?
> 
> This group is dedicated to Ansible itself, not Tower or AWX.
> 
> Please contact RedHat support.
> 
> Regards
>Racke
> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to
>> ansible-project+unsubscr...@googlegroups.com 
>> .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/7ea6e452-bd00-408f-a1eb-36378bff57deo%40googlegroups.com
>> .
> 
> 
> -- 
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/b6428221-639a-5a9e-f0d2-506515df0792%40linuxia.de.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6558A5DB-373C-4747-A220-1D5A020CDB63%40gmail.com.

[ansible-project] user change

2020-06-12 Thread Rajeeb sahoo 
user change form root to new_user at the time of playbook running

like a user created and one service will run under root and 2 nd service 
will run as new_user



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26fff221-0e73-4dc1-b198-5933569ef2e8o%40googlegroups.com.

[ansible-project] chaining psrp through multiple bastion hosts

2020-06-12 Thread Simon Tyler 
Hello Ansible Citizens,

I am able to connect to a windows machine through a linux bastion host. 
This is a central jump server that is connected to all of our client 
networks. Each client network has it's own linux jump server.

To review the current configuration:

Example in the Ansible hosts file:

[dr_win]
DR-MGMT01-WIN

[dr_win:vars]
ansible_user=
ansible_password=
ansible_connection=psrp
ansible_port=5985
ansible_psrp_protocol=http
ansible_psrp_proxy=socks5h://10.x.x.x:1234
ansible_winrm_server_cert_validation=ignore

The /etc/hosts file has an entry for DR-MGMT01-WIN.

So does the central jump server.

This works; I am able to win_ping successfully.

Now I want to set up similar connectivity to another windows host in DR but 
there is an extra hop. I have connectivity from Ansible to DR MGMT subnet. 
I want to chain the jump servers together.
I have done this successfully with linux machines and ssh, but now I need a 
way to do this for windows machines.

So right now it looks like:

Ansible -> Central_bastion:1234 (ssh listener) -> DR-MGMT01-WIN:5985 
(successful)

I want:

Ansible -> Central_bastion:1234 -> DR-MGMT-LIN:22 -> DR-SERVER-WIN:5985

How do I configure Ansible to be aware of this chain or how do I set this 
chain up? There must be a way but it is not clear.
I understand that this is not fully secure; once connectivity is 
established and I understand the process I can add layers of security.

Regards,

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d8398cef-9d96-4bbd-bf38-24cc0b6f9809o%40googlegroups.com.

Re: [ansible-project] group_by with random key values

2020-06-12 Thread Vladimir Botka 
On Fri, 12 Jun 2020 08:20:45 -0700 (PDT)
"'Mark Tovey' via Ansible Project"  wrote:

> The problem I have is in grouping servers within the playbook.  I need to 
> be able to separate out servers in an inventory file by their environment 
> group and run the play once for each of those groups.

If the top-down decomposition is too complicated I'd suggest to try bottom-up
approach. Let the remote hosts periodically check for updates, including
passwords
https://docs.ansible.com/ansible/latest/cli/ansible-pull.html

-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200612193507.50148a6b%40gmail.com.


pgp2Dt6WUovoA.pgp
Description: OpenPGP digital signature

Re: [ansible-project] ansible tower - command works BUT playbook fails to connect to the host via ssh

2020-06-12 Thread Stefan Hornburg (Racke) 
On 6/12/20 5:31 PM, Laci wrote:
> In my ansible tower I can execute a command successfully on a remote server, 
> however when I try to run a playbook I get:
> 
> {
>     "msg": "Failed to connect to the host via ssh: Warning: Permanently added 
> 'hostname,10.1.4.66' (ECDSA) to the list
> of known hosts.\r\nPermission denied 
> (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).",
>     "unreachable": true,
>     "changed": false
> }
> 
> Seems to be a weird issue, did someone saw and solved this before?

This group is dedicated to Ansible itself, not Tower or AWX.

Please contact RedHat support.

Regards
Racke

> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7ea6e452-bd00-408f-a1eb-36378bff57deo%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b6428221-639a-5a9e-f0d2-506515df0792%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] ansible tower - command works BUT playbook fails to connect to the host via ssh

2020-06-12 Thread Laci 
In my ansible tower I can execute a command successfully on a remote 
server, however when I try to run a playbook I get:

{
"msg": "Failed to connect to the host via ssh: Warning: Permanently 
added 'hostname,10.1.4.66' (ECDSA) to the list of known 
hosts.\r\nPermission denied 
(publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).",
"unreachable": true,
"changed": false
}

Seems to be a weird issue, did someone saw and solved this before?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7ea6e452-bd00-408f-a1eb-36378bff57deo%40googlegroups.com.

Re: [ansible-project] group_by with random key values

2020-06-12 Thread 'Mark Tovey' via Ansible Project 

Unfortunately, I am under the constraint that I must use the password store 
that the company has chosen to use (Passwordstate).  I have that part 
working fine.  I am able to push passwords into it and pull them back out 
with no problem.  But the general structure of your code will probably be 
useful in laying out my playbook.
The problem I have is in grouping servers within the playbook.  I need to 
be able to separate out servers in an inventory file by their environment 
group and run the play once for each of those groups.  This all works fine 
if I run the playbook multiple times, limiting each run to just one 
environment group at a time, but we want to run the playbook just once for 
each inventory file and let it separate out the servers by environment 
group.  The "group_by" module looks like it should do this, but only if 
there is a way to dynamically specify what is specified in the following 
"hosts:" statement.
Or maybe it is a data structure problem.  I tried to set up a structure 
that looks like this:

structure:

envgroup:

account:

password: some_password


Then I can refer to it as:

{{structure['INV1_PRD'][account].password}}


Unfortunately, every server gets its own private copy of "structure", not a 
shared copy.  I need some way sharing that between all servers within an 
environment group. 
 ANy suggestions for this method?
 

 

 

 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/72892b58-7add-4362-a2ae-4bfd5d6ead70o%40googlegroups.com.

Re: [ansible-project] 'when: item not in' conditional issues?

2020-06-12 Thread Doug OLeary 
That did the trick, sir, thank you!

I didn't see that syntax anywhere in my searching.  I would've spent much 
longer on that.  Thank you again.  I appreciate it.

Doug O'Leary

On Friday, June 12, 2020 at 8:42:59 AM UTC-5, Stefan Hornburg (Racke) wrote:
>
> On 6/12/20 3:34 PM, Doug OLeary wrote: 
> > Hey; 
> > 
> > I'm trying to execute pvcreate on a disk but would like to ensure I 
> don't run it on a disk that's already defined.  I 
> > have a short playbook that gathers facts, 
> displays ansible_lvm.pvs.keys() 
> > and then: 
> > 
> > | 
> >   -name:run pvcreate 
> > command:pvcreate /dev/{{item.key}} 
> > when:item.key isnotinansible_lvm.pvs.keys() 
> > with_dict:"{{disks}}" 
> > | 
> > 
> > That particular one resulted in: 
> > 
> > The error was: template error while templating string: expected token 
> 'end of statement block', got '.'. 
> > 
> > Even if it didn't error out, I suspect it wouldn't work because the keys 
> are: 
> > 
> > | 
> > "msg":"dict_keys(['/dev/sdd', '/dev/sdb1', '/dev/sdc', 
> '/dev/sda2'])" 
> > | 
> > 
> > I've also tried "when: /dev/item.key is not in..." and 'when: 
> "/dev/item.key" is not in..." Those two result in: 
> > 
> > The error was: template error while templating string: unexpected '/'. 
> > 
> > Any hints on how to verify "/dev/{{item.key}" is not in the pvs 
> dictionary? 
>
> Please try: 
>
>   when: "( '/dev/' + item.key ) not in ansible_lvm.pvs" 
>
> Regards 
> Racke 
>
> > 
> > Thanks 
> > 
> > Doug O'Leary 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to 
> > ansible...@googlegroups.com   ansible-project+unsubscr...@googlegroups.com >. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/71ead50e-54ce-43d0-ac07-3640e68eeaedo%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/ansible-project/71ead50e-54ce-43d0-ac07-3640e68eeaedo%40googlegroups.com?utm_medium=email_source=footer>.
>  
>
>
>
> -- 
> Ecommerce and Linux consulting + Perl and web application programming. 
> Debian and Sympa administration. Provisioning with Ansible. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d572dd6b-9e84-46a0-8a8a-510b49eb7ce3o%40googlegroups.com.

Re: [ansible-project] 'when: item not in' conditional issues?

2020-06-12 Thread Stefan Hornburg (Racke) 
On 6/12/20 3:34 PM, Doug OLeary wrote:
> Hey;
> 
> I'm trying to execute pvcreate on a disk but would like to ensure I don't run 
> it on a disk that's already defined.  I
> have a short playbook that gathers facts, displays ansible_lvm.pvs.keys()
> and then:
> 
> |
>   -name:run pvcreate
>     command:pvcreate /dev/{{item.key}}
>     when:item.key isnotinansible_lvm.pvs.keys()
>     with_dict:"{{disks}}"
> |
> 
> That particular one resulted in:
> 
> The error was: template error while templating string: expected token 'end of 
> statement block', got '.'.
> 
> Even if it didn't error out, I suspect it wouldn't work because the keys are:
> 
> |
>     "msg":"dict_keys(['/dev/sdd', '/dev/sdb1', '/dev/sdc', '/dev/sda2'])"
> |
> 
> I've also tried "when: /dev/item.key is not in..." and 'when: "/dev/item.key" 
> is not in..." Those two result in:
> 
> The error was: template error while templating string: unexpected '/'.
> 
> Any hints on how to verify "/dev/{{item.key}" is not in the pvs dictionary?

Please try:

  when: "( '/dev/' + item.key ) not in ansible_lvm.pvs"

Regards
Racke

> 
> Thanks
> 
> Doug O'Leary
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/71ead50e-54ce-43d0-ac07-3640e68eeaedo%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7229be73-d5d5-8115-1f80-8d2778c85731%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] 'when: item not in' conditional issues?

2020-06-12 Thread Doug OLeary 
Hey;

I'm trying to execute pvcreate on a disk but would like to ensure I don't 
run it on a disk that's already defined.  I have a short playbook that 
gathers facts, displays ansible_lvm.pvs.keys()
and then:

  - name: run pvcreate
command: pvcreate /dev/{{item.key}}
when: item.key is not in ansible_lvm.pvs.keys()
with_dict: "{{disks}}"

That particular one resulted in:

The error was: template error while templating string: expected token 'end 
of statement block', got '.'.

Even if it didn't error out, I suspect it wouldn't work because the keys 
are:

"msg": "dict_keys(['/dev/sdd', '/dev/sdb1', '/dev/sdc', '/dev/sda2'])"

I've also tried "when: /dev/item.key is not in..." and 'when: 
"/dev/item.key" is not in..." Those two result in:

The error was: template error while templating string: unexpected '/'.

Any hints on how to verify "/dev/{{item.key}" is not in the pvs dictionary?

Thanks

Doug O'Leary

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/71ead50e-54ce-43d0-ac07-3640e68eeaedo%40googlegroups.com.

[ansible-project] how to restrict scope for set_fact variable

2020-06-12 Thread Diyawary 
Hi All,

below is my playbook 
mserver: [1.1.1.1,2.2.2.2]
doamin: [3.3.3.3,4.4.4.4]
 tasks:
- include_role:
name: validateip
  when: object_type == "ip"
  with_together:
   - "{{ mserver_hostname }}"
   - "{{ domain }}"
under that role  login,validation and logout tasks are performed
validation script-
- name: Checking Network objects
  uri:
url: "https://{{item.0}}/web_api/show-objects;
validate_certs: False
method: POST
headers:
  x-chkp-sid: "{{ login.json.sid }}"
body:
  type: host
  filter: "{{ip}}"
  ip-only: true
body_format: json
  register: check_host_result
  when: item.0 != ""

- debug:
var: check_host_result
- name: Checking if Network Object exists
  set_fact:
item_ip_exists: true
obj_name: "{{ item2['name'] }}"
  loop: "{{ check_host_result.json.objects  }}"
  loop_control:
loop_var: item2
  when:
- item2['ipv4-address'] is defined and item2['ipv4-address'] == ip

- debug:
msg: "Network Object exists with name [{{obj_name}}]"
  when: item_ip_exists is defined
- debug:
msg: " Network Object ({{ip}}) will be created"
  when: item_ip_exists is not defined

I am facing issue  for set_fact variable  like obj_name  and item_ip_exists 
so when loop runs on  first item and if object is present so it set both 
the variable  (obj_name  and item_ip_exists ) and print the correct debug 
messages.
but when 2nd item executed and there if object is not present so it is 
printing the wrong debug message due to the set_fact variables( obj_name 
and item_ip_exists) which has already the value from the first items 
execution
so how i can restrict the scope of set_fact variables ( obj_name and 
item_ip_exists ) so when second item execute the variables take the value 
from there not from previously set_fact values.
I am totally stuck here.
Please help me. Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e988d79-cc88-415e-a535-0205a4c0101ao%40googlegroups.com.

[ansible-project] Re: accessing yaml dictionary in playbook

2020-06-12 Thread Doug OLeary 
Never mind, I got it.  Amazing how often I ask the question then 
immediately find the answer...

The trick is:

  tasks:
  - debug:
  msg: "disk name: {{item.key}}"
with_dict: "{{disks}}"

Theoretically, this should work too:

loop:
  - "{{lookup('dict', disks)}}"

Hopefully, that'll help someone.

Thanks

Doug  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73d45129-cfa4-4cd7-a519-7f4fe597fe1fo%40googlegroups.com.

Re: [ansible-project] accessing yaml dictionary in playbook

2020-06-12 Thread Stefan Hornburg (Racke) 
On 6/12/20 2:35 PM, Doug OLeary wrote:
> Hi
> 
> I have a dictionary of disks in my host vars:
> 
> |
> disks:
>   sdc:
>     dev: sdc
>     vg: vg01
>     lv: app
>     mp: '/opt/app'
>   sdd:
>     dev: sdd
>     vg: vg02tmp
>     lv: shared
>     mp: '/opt/app/oracle/shared'
> |
> 
> A **very** basic playbook, just to access the dictionary::
> 
> |
>   tasks:
>   -debug:
>       msg:"disk name: {{item}}"
>     loop:
>       -"{{disks}}"
> 
> |
> 
> shows good results so I'm pretty sure I have the dictionary defined correctly:
> 
> |
> TASK
> [debug]**
> ok:[mynewhost]=>(item=[{'key':'sdc','value':{'dev':'sdc','vg':'vg01','lv':'app','mp':'/opt/app'}},{'key':'sdd','value':{'dev':'sdd','vg':'vg02tmp','lv':'shared','mp':'/opt/app/oracle/shared'}}])=>{
>     "msg":"disk name: [{'key': 'sdc', 'value': {'dev': 'sdc', 'vg': 'vg01', 
> 'lv': 'app', 'mp': '/opt/app'}}, {'key':
> 'sdd', 'value': {'dev': 'sdd', 'vg': 'vg02tmp', 'lv': 'shared', 'mp': 
> '/opt/app/oracle/shared'}}]"
> }
> |
> 
> How do I loop over the dictionary key?  in this case, it'd be sdc and sdd...  
> I've been trying iteration of
> {{item.key}}, and {{disks.key}} but nothing has worked yet.  
> 
> Thanks for any hints/tips/suggestions.

Old style:

with_dict: "{{ disks }}"

New style:

loop: "{{ disks | dict2items }}"

In both cases the key is in item.key and values can be accessed with 
item.value, e.g item.value.dev.

Reference: 
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#iterating-over-a-dictionary

Regards
  Racke

> 
> Doug O'Leary 
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/70b7a9d0-45a9-424f-8757-c46b17401e32o%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c8575e46-6e3e-39c6-47a4-649ffa0b0a5c%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] accessing yaml dictionary in playbook

2020-06-12 Thread Doug OLeary 
Hi

I have a dictionary of disks in my host vars:

disks:
  sdc:
dev: sdc
vg: vg01
lv: app
mp: '/opt/app'
  sdd:
dev: sdd
vg: vg02tmp
lv: shared
mp: '/opt/app/oracle/shared'

A **very** basic playbook, just to access the dictionary::

  tasks:
  - debug:
  msg: "disk name: {{item}}"
loop:
  - "{{disks}}"


shows good results so I'm pretty sure I have the dictionary defined 
correctly:

TASK [debug] 
**
ok: [mynewhost] => (item=[{'key': 'sdc', 'value': {'dev': 'sdc', 'vg': 
'vg01', 'lv': 'app', 'mp': '/opt/app'}}, {'key': 'sdd', 'value': {'dev': 
'sdd', 'vg': 'vg02tmp', 'lv': 'shared', 'mp': '/opt/app/oracle/shared'}}]) 
=> {
"msg": "disk name: [{'key': 'sdc', 'value': {'dev': 'sdc', 'vg': 
'vg01', 'lv': 'app', 'mp': '/opt/app'}}, {'key': 'sdd', 'value': {'dev': 
'sdd', 'vg': 'vg02tmp', 'lv': 'shared', 'mp': '/opt/app/oracle/shared'}}]"
}

How do I loop over the dictionary key?  in this case, it'd be sdc and 
sdd...  I've been trying iteration of {{item.key}}, and {{disks.key}} but 
nothing has worked yet.  

Thanks for any hints/tips/suggestions.

Doug O'Leary 




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/70b7a9d0-45a9-424f-8757-c46b17401e32o%40googlegroups.com.

Re: [ansible-project] Re: how to pass same variable value multiple times in a list

2020-06-12 Thread Diyawary 
Thank You so much Brain. 

On Thursday, 11 June 2020 02:06:36 UTC+5:30, Brian Coca wrote:
>
> mserver and domain are not lists, lists use [ ]  as delimiters not  { } 
>
> -- 
> -- 
> Brian Coca 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d7f5c0e8-d84d-4b1e-8cfb-4eaca74e7f17o%40googlegroups.com.

Re: [ansible-project] Accessing Network Devices via Jump Hosts

2020-06-12 Thread Srinivas Naram 
I have a similar question. In one of the environment, Application server
(in which ansible is installed) is located in Green network and actual
network devices are located in Red Network. Connection from Green network
to Red Network is only by a VPN connection. Is there a possibility in
Ansible to connect from Green net to red net via VPN ?

On Thu, Jun 11, 2020 at 11:40 PM Dick Visser  wrote:

>
> https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to
>
>
> On Thu, 11 Jun 2020 at 19:17, Ashwajit Bhoutkar <
> bhoutkarashwa...@gmail.com> wrote:
>
>> Hi,
>>
>>
>> I've a general question related to Ansible for accessing the network
>> devices. While going through the ansible documentations, I understood that
>> the control host is directly connected to the network elements and send the
>> commands for configurations. However, in real world scenarios, these
>> network devices via a jump host, i.e the case in which the control machine
>> has to login to a linux machine first and from this linux machine, they ssh
>> is to be done to network devices. Is there a way to achieve this using
>> ansible?
>>
>>
>>
>> Thank You,
>>
>> Kind Regards,
>>
>> Ashwajit
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/f8bab3bc-1639-4be4-8f4c-48e0f45c9b9bo%40googlegroups.com
>> 
>> .
>>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAL8fbwOydCFVpT8W9pdNTQfJ%2BGv0pucrZ8npZsCtBkm4ffbNYg%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAG-N3P4Z-yGpLKt7fCX5UQm%3DbMuVogT9FYMW1M0jHA7oJvi6wA%40mail.gmail.com.

Re: [ansible-project] ansible 2.9.4 - task with delegate_to: works, subsequent tasks fail

2020-06-12 Thread Stefan Hornburg (Racke) 
On 6/11/20 7:36 PM, Andrew Caldwell wrote:
> Hi All, hope this question makes sense. Here goes: 
> 
> Context: I have several automated patching playbooks that rely on 
> stopping/starting services on windows before patching
> a database on Linux. We are using a python script to generate a dynamic 
> inventory. We are leveraging a powershell script
> on a windows host to remotely start/stop services on various other windows 
> hosts, so we only need to delegate to the one
> single windows host that houses the powershell scripts. We are NOT naming the 
> windows host in the python script for
> dynamic inventory, and instead delegating to the FQDN of the windows host, 
> backed by a host_vars/.yml
> for connection info for ansible to use. Oh and we are using psexec because I 
> can't get win_shell to work to save my life.
> 
> Tasks:
> *- name: Pre-patching - Copy powershell script to stop service (windows)*
> *  run_once: true*
> *  become: false*
> *  win_copy:*
> *    src: ../supporting_tools/scripts/serviceshutdown{{ vmenv_result.stdout 
> }}*
> *    dest: C:\temp\serviceshutdown{{ vmenv_result.stdout }}.ps1*
> *    force: no*
> *  delegate_to: windows_server*
> *
> *
> *- name: Pre-patching - Copy psexec to stop service (windows)*
> *  run_once: true*
> *  become: false*
> *  win_copy:*
> *    src: ../supporting_tools/scripts/PsExec.exe*
> *    dest: C:\temp\PsExec.exe*
> *    force: no*
> *  delegate_to: windows_server*
> *
> *
> *- name: Pre-patching - Stop service (windows)*
> *  become: false*
> *  run_once: true*
> *  win_psexec:*
> *    command: powershell.exe -executionpolicy bypass -noninteractive -nologo 
> -file "C:\temp\serviceshutdown{{
> vmenv_result.stdout }}.ps1"*
> *    executable: C:\temp\PsExec.exe*
> *    elevated: yes*
> *    nobanner: yes*
> *    username: "{{ansible_user}}"*
> *    password: "{{ansible_password}}"*
> *    interactive: no*
> *  vars:*
> *    ansible_become_method: runas*
> *  delegate_to: windows_server*
> 
> host_vars/windows_server.yml:
> *ansible_user: ad_user
> ansible_password: password
> ansible_connection: winrm
> ansible_winrm_transport: ntlm
> ansible_winrm_server_cert_validation: ignore
> *
> *ansible_port: 5986*
> 
> 
> 
> The above role tasks run fine. Services get stopped as expected and the 
> playbook moves on. However the next role is to
> gather the current repo information from the linux server that is to be 
> patched and is a block that is a mix of
> delegate_to: 127.0.0.1 tasks and non delegated tasks (i.e.: they run on the 
> target linux server). This is where the
> playbook falls down and goes boom. The first non-delegated task after 
> delegating to the windows server above fails with
> the following error: 
> 
> fatal: [linux_server]: FAILED! => msg: The powershell shell family is 
> incompatible with the sudo become plugin
> 
> 
> The role in question is:
> 
> - name: Pre-patching - Update sw.repo block: - name: Pre-patching - gather 
> minor OS target version shell: curl -sk -u
> user:pass "https://server.fqdn.com/cgi-bin/patchmm?major={{ 
> ansible_distribution_major_version }}={{ os_shorthand }}"
> args: warn: false register: minor_version changed_when: false become: false 
> delegate_to: 127.0.0.1 - name: Pre-patching
> - gather local errata repo name shell: yum repolist | grep ERRATA_ | awk 
> '{print $1}' register: current_errata_repo
> args: warn: false changed_when: false
> 
> when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu' 
> and not (facter_os.family == "RedHat" and
> ansible_distribution_major_version == "8")
> 
> 
> The task in red is what is failing. I'm not sure why I'm getting this failure 
> message since I'm not trying to use any
> powershell commands or even target a windows server. I've tried putting 
> ansible_become_method in the host_vars file with
> no difference in results. Using win_shell to run a command to turn on or off 
> a service seems to work, but I do not want
> to have to target 8 or 9 windows servers individually (for this one 
> application alone. there are others with more
> servers behind them). Has anyone run across this before? What is the 
> resolution here? Is it because I am not targeting
> the windows host in inventory? I'd like to not do that because the entire 
> playbook and all 50 or so included roles are
> geared to linux only and I do not want to have to add when clauses everywhere.
> 

Hello Andrew,

what are your connection settings for the linux_server host?

Regards
Racke

> 
> TIA,
> 
> Andrew
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
>