Re: [ansible-project] Help on ec2 creation using ansible

[Alfred Kamga]

Thank you brother,m you made me mile. now i know what to do

On Thursday, August 13, 2020 at 5:45:12 PM UTC-4 dick@geant.org wrote:

> Your code uses a templates variable as the image, which fails.
> Then you supply a list, which also fails.
> This is correct as the image parameter requires a simple string:
> https://docs.ansible.com/ansible/latest/modules/ec2_module.html
>
> Follow that documentation.
>
> There might be more issues ahead, I haven't looked at that...
>
>
>
> On Thu, 13 Aug 2020 at 23:22, Alfred Kamga  wrote:
>
>> Hello guys, 
>>
>> I have an issue with my ansible file.:
>>
>> ---
>>
>> - hosts: localhost
>>   #user: root
>>   #connection: local
>>   gather_facts: no
>>   become: no
>> #  ignore_errors: yes
>>   tasks:
>>
>>  - name: Install python-pip
>>yum:
>> name: python-pip
>> state: present
>>
>>  - name: Install boto
>>pip:
>> name: boto
>> state: present
>>
>>  - name: Provision Ec2 instance
>>ec2:
>>  region: [ 'us-east-1' ]
>>  vpc_subnet_id: [ 'vpc-1509766f' ]
>>  image: "{{ ami-02354e95b39ca8dec }}"
>>  aws_access_key_ID: [ 'AKIARTQFUHGRKH2LPZVM' ]
>>  aws_secret_access_key: [ 
>> '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' ]
>>  ## group: "{{ ansible_group }}" ##
>>  key_name: [ 'Dockerkeypair' ]
>>  instance_type: [ 't2.micro' ]
>>  wait: [ 'yes' ]
>>  count: 1
>>  assign_public_ip: [ 'yes' ]
>>register: ec2
>>
>> I am trying to create an ec2 instance using ansible and it throws me 
>> errors as follow. 
>> fatal: [localhost]: FAILED! => {"msg": "template error while templating 
>> string: unexpected char u'e' at 12. String: {{ ami-02354e95b39ca8dec }}"}
>>
>> Could someone help me please ? even when i changed to [  
>> 'ami-02354e95b39ca8dec'  ]
>> it is still not working.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> -- 
>>
>>
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>>
>>
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com.
>>
>>
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/7e17e9e0-7c19-4ae9-a165-09879ca7bb5cn%40googlegroups.com
>>  
>> 
>> .
>>
>>
>> -- 
> Sent from a mobile device - please excuse the brevity, spelling and 
> punctuation.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/94542c7b-e5f0-4ef8-bc3a-1a4a8efc7338n%40googlegroups.com.

Re: [ansible-project] Help on ec2 creation using ansible

[Dick Visser]

Your code uses a templates variable as the image, which fails.
Then you supply a list, which also fails.
This is correct as the image parameter requires a simple string:
https://docs.ansible.com/ansible/latest/modules/ec2_module.html

Follow that documentation.

There might be more issues ahead, I haven't looked at that...



On Thu, 13 Aug 2020 at 23:22, Alfred Kamga  wrote:

> Hello guys,
>
> I have an issue with my ansible file.:
>
> ---
>
> - hosts: localhost
>   #user: root
>   #connection: local
>   gather_facts: no
>   become: no
> #  ignore_errors: yes
>   tasks:
>
>  - name: Install python-pip
>yum:
> name: python-pip
> state: present
>
>  - name: Install boto
>pip:
> name: boto
> state: present
>
>  - name: Provision Ec2 instance
>ec2:
>  region: [ 'us-east-1' ]
>  vpc_subnet_id: [ 'vpc-1509766f' ]
>  image: "{{ ami-02354e95b39ca8dec }}"
>  aws_access_key_ID: [ 'AKIARTQFUHGRKH2LPZVM' ]
>  aws_secret_access_key: [
> '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' ]
>  ## group: "{{ ansible_group }}" ##
>  key_name: [ 'Dockerkeypair' ]
>  instance_type: [ 't2.micro' ]
>  wait: [ 'yes' ]
>  count: 1
>  assign_public_ip: [ 'yes' ]
>register: ec2
>
> I am trying to create an ec2 instance using ansible and it throws me
> errors as follow.
> fatal: [localhost]: FAILED! => {"msg": "template error while templating
> string: unexpected char u'e' at 12. String: {{ ami-02354e95b39ca8dec }}"}
>
> Could someone help me please ? even when i changed to [
> 'ami-02354e95b39ca8dec'  ]
> it is still not working.
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7e17e9e0-7c19-4ae9-a165-09879ca7bb5cn%40googlegroups.com
> 
> .
>
>
> --
Sent from a mobile device - please excuse the brevity, spelling and
punctuation.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwN2gXNR14i5rSvnKzRh1VWSamnSLcDCqUT5OvJaBx8GyQ%40mail.gmail.com.

[ansible-project] Re: run cmd using password

[nage...@gmail.com]

Hi just modify the file, getting below error 

role task :

 name: SDDC Health
  command: sudo /opt/vmware/sddc-support/sos --health-check
  register: find_output
- debug:
  var: find_output
~

Playbook:


---
- name: sddc_health
  hosts: sddc_mgr
  become: yes
  become_user: root
  become_method: su
  roles:
 - role: sddc_health

error:

TASK [Gathering Facts] 
**
Thursday 13 August 2020  21:24:32 + (0:00:01.683)   0:00:01.889 
***
fatal: [sddc_mgr]: FAILED! => {"msg": "Timeout (12s) waiting for privilege 
escalation prompt: "}



On Thursday, August 13, 2020 at 4:08:14 PM UTC-5 nage...@gmail.com wrote:

>   Hi Team,
>
> i would like to run this cmd with sudo with vcf password how i can run the 
> cmd with vcf user and password ?
>
> how i can achieve this ? i am not getting proper answer from the google
>
> Playbook:
>
> ---
> - name: sddc_health
>   hosts: sddc_mgr
>   tasks:
>- name: heleth check
>  command: sudo /opt/vmware/sddc-support/sos --health-check
>
> host file
>
> sddc_mgr ansible_user=vcf ansible_password='test1234!@#$' 
> ansible_ssh_host=10.47.20.4
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f1f711b8-67f9-4449-a086-2a909c1b11a6n%40googlegroups.com.

[ansible-project] Help on ec2 creation using ansible

[Alfred Kamga]

Hello guys, 

I have an issue with my ansible file.:

---

- hosts: localhost
  #user: root
  #connection: local
  gather_facts: no
  become: no
#  ignore_errors: yes
  tasks:

 - name: Install python-pip
   yum:
name: python-pip
state: present

 - name: Install boto
   pip:
name: boto
state: present

 - name: Provision Ec2 instance
   ec2:
 region: [ 'us-east-1' ]
 vpc_subnet_id: [ 'vpc-1509766f' ]
 image: "{{ ami-02354e95b39ca8dec }}"
 aws_access_key_ID: [ 'AKIARTQFUHGRKH2LPZVM' ]
 aws_secret_access_key: [ 
'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' ]
 ## group: "{{ ansible_group }}" ##
 key_name: [ 'Dockerkeypair' ]
 instance_type: [ 't2.micro' ]
 wait: [ 'yes' ]
 count: 1
 assign_public_ip: [ 'yes' ]
   register: ec2

I am trying to create an ec2 instance using ansible and it throws me errors 
as follow. 
fatal: [localhost]: FAILED! => {"msg": "template error while templating 
string: unexpected char u'e' at 12. String: {{ ami-02354e95b39ca8dec }}"}

Could someone help me please ? even when i changed to [  
'ami-02354e95b39ca8dec'  ]
it is still not working.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7e17e9e0-7c19-4ae9-a165-09879ca7bb5cn%40googlegroups.com.

[ansible-project] run cmd using password

[nage...@gmail.com]

  Hi Team,

i would like to run this cmd with sudo with vcf password how i can run the 
cmd with vcf user and password ?

how i can achieve this ? i am not getting proper answer from the google

Playbook:

---
- name: sddc_health
  hosts: sddc_mgr
  tasks:
   - name: heleth check
 command: sudo /opt/vmware/sddc-support/sos --health-check

host file

sddc_mgr ansible_user=vcf ansible_password='test1234!@#$' 
ansible_ssh_host=10.47.20.4



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/606d7f28-c058-47e5-b176-d4d1931ce3a9n%40googlegroups.com.

[ansible-project] New release: ansible-base 2.10.0

[Rick Elrod]

Hi all- we're happy to announce that the new ansible-base 2.10 package
is now available! The ansible-base package consists of only the Ansible
execution engine, related tools (e.g. ansible-galaxy, ansible-test),
and a very small set of built-in plugins.

The ansible-base package is the culmination of several years of
effort to decouple Ansible engine releases from Ansible content
releases, by splitting most module and plugin content from the core
Ansible repositories and distribution into Ansible Collections. The
collections can be released on independent timelines, driven by
the needs of their constituent communities. This decoupled model
allows content creators to develop against more purpose-built Ansible
environments, by starting with just the ansible-base package and using
ansible-galaxy to install and maintain only the collections needed by
their automation. For users that prefer a batteries-included model,
the "ansible" package in most distribution channels will be updated in
the coming weeks to a curated snapshot of collections that depends on
the ansible-base package. This will provide a one-stop installation
experience, similar to all previous versions of Ansible, and should
allow previously-built Ansible content to run unmodified. The release
schedule for the Ansible community distribution can be found at
https://docs.ansible.com/ansible/devel/roadmap/COLLECTIONS_2_10.html#release-schedule


How to get it
-

$ pip install ansible-base==2.10.0 --user

The tar.gz of the release can be found here:

* ansible-base 2.10.0
  
https://pypi.python.org/packages/source/a/ansible-base/ansible-base-2.10.0.tar.gz
  SHA256: 9d015bc042c9547adc68e7863359fe7a2eb764e7fb02dc50514c65ca6b8c08d9


What's new in ansible-base 2.10.0
-

In addition to numerous bugfixes, most new Ansible engine features in this
release enhance Ansible's support for external plugins via collections. They
include:

* Collection declaration of supported/tested Ansible versions
* Transparent redirection of plugins formerly included in Ansible to their
  destination collections
* Installation of collections from git repositories
* Various enhancements of test tooling

These features support our goal of allowing Ansible content that was written for
previous versions of Ansible to run unmodified under 2.10, once the necessary
collections are installed.


The full changelog is at:

* 2.10.0
  
https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst


What's the schedule for future maintenance releases?


Future maintenance releases will occur approximately every 4 weeks.


Porting Help


We've published a porting guide at
https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.10.html
to help migrate your content to 2.10.



Thanks!

-Rick Elrod

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAMuUyjR0RdkAndkt99fMzpGmksom59WQx_qp6NtCprukAKTr3w%40mail.gmail.com.

Re: [ansible-project] Re: 2 levels nested loop with variables

[Nick-H]

Thanks Racke, I should have had some context. policy_name can vary, 
actually in the real task I have other policies with other names, hence the 
use of a loop for item.name and item.policy .
Just this specific one named rds_foo_bar  needs the nested arguments from 
my vars list(or dict I am not sure) .
Although I can create a dedicate task just for that policy if that is too 
complicated, I just thought I could do some nested loop over variables.
Interesting facts, with nested it actually loop over each character in the 
key:value 
*Couldn't create policy rds-dev-[[u'r', u'e', u'g', u'i', u'o', u'n', 
u's'], [u'r', u'o', u'l', u'e']]* 
the actual play  looks like: 

iam_managed_policy:
policy_name: "{{ item.name }}"
policy: "{{ item.policy }}"
state: present
  loop:
- { name: rds-prod-{{ mysql_privilege }}-{{rds_region}}, policy: "{{ 
lookup('template', rds-prod.json.j2) }}" }
# - { name: rds-dev, 
policy: "{{ lookup('template', rds_dev.json.j2) }}" }
# - { name: cloudwatch, policy: "{{ lookup('template','cloudwatch.json.j2') 
}}" }
# other policies with name and policy
  vars:
mysql_privilege:
  role:
- rw
- ro
 rds_region:
- us-west-1
- us-west-2

And rds-prod.json.j2 also reuses the variables from  mysql_privilege dict 
as: 
...
"Action": [
"rds-db:connect"
],
"Resource": "arn:aws:rds-db:{{ rds_region }}{{ aws_id 
}}:dbuser:*/username-{{ role }}"
...


Le jeudi 13 août 2020 à 11:39:26 UTC-7, brae...@gmail.com a écrit :

> On 8/13/20 8:00 PM, Nick-H wrote:
> > so, I have been trying with lookup('dict')  but still not quite close to 
> the expected result 
> > I get: " An unhandled exception occurred while running the lookup plugin 
> 'dict'. Error was a  > 'ansible.errors.AnsibleError'>, original message: with_dict expects a 
> dict"
> > her is the last code :
> > 
> >   iam_managed_policy:
> > policy_name: "{{ item.name }}"
> > policy: "{{ item.policy }}"
> > state: present
> >   loop:
> > 
> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", policy: 
> "{{ lookup('template', 'template.json.j2') }}" }
> > 
> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", 
> policy: "{{ lookup('template', 'template.json.j2') }}" }
> >   vars:
> > mysql_privilege:
> > role:
> >   - rw
> >   - ro
> > regions:
> >   - us-west-1
> >   - us-west-2
> > 
>
> What are the possible values for policy_name? The value for the "policy" 
> seems to the same lookup so you don't need in
> the loop.
>
> I'm pretty sure that you are running into brick walls for a possibly 
> simple problem.
>
> So please explain / give examples how the policy_name is constructed.
>
> Regards
> Racke
>
> > 
> > 
> > 
> > Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :
> > 
> > Hi, I have been looking into /nested /, /subelements /and other /lookups 
> /with no luck to make this working , using
> > ansible 2.8. 
> > Basically , I'd like to construct a loop than can itself iterate over 
> other variables (list or dict). 
> > *  iam_managed_policy:*
> > *policy_name: "{{ item.name  }}"*
> > *policy: "{{ item.policy }}"*
> > *state: present*
> > *  loop:*
> > *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy: 
> "{{ lookup('template', template.json.j2') }}" }*
> > *  vars:*
> > *mysql_privilege:**  *
> > *- rw*
> > *- ro*
> > *regions:*
> > *- us-west-1*
> > *- us-west-2*
> > 
> > but it end up with such result:
> > "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1', 
> u'us-west-1']"
> > 
> > What i d like is each loop would build a 2 dimensions array with the 
> vars elements ( rw-us-west-1 , rw-us-west-2, 
> > ro-us-west-1, ro-us-west-2)
> > 
> > Is that even possible to achieve with ansible ? 
> > thanks
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to
> > ansible-proje...@googlegroups.com  ansible-proje...@googlegroups.com>.
> > To view this discussion on the web visit
> > 
> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com?utm_medium=email_source=footer
> >.
>
>
> -- 
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Re: [ansible-project] Re: 2 levels nested loop with variables

[Stefan Hornburg (Racke)]

On 8/13/20 8:00 PM, Nick-H wrote:
> so, I have been trying with lookup('dict')  but still not quite close to the 
> expected result 
> I get: " An unhandled exception occurred while running the lookup plugin 
> 'dict'. Error was a  'ansible.errors.AnsibleError'>, original message: with_dict expects a dict"
> her is the last code :
> 
>   iam_managed_policy:
> policy_name: "{{ item.name }}"
> policy: "{{ item.policy }}"
> state: present
>   loop:
> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", policy: 
> "{{ lookup('template', 'template.json.j2') }}" }
> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", 
> policy: "{{ lookup('template', 'template.json.j2') }}" }
>   vars:
> mysql_privilege:
> role:
>   - rw
>   - ro
> regions:    
>   - us-west-1
>           - us-west-2
> 

What are the possible values for policy_name? The value for the "policy" seems 
to the same lookup so you don't need in
the loop.

I'm pretty sure that you are running into brick walls for a possibly simple 
problem.

So please explain / give examples how the policy_name is constructed.

Regards
 Racke

> 
> 
> 
> Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :
> 
> Hi, I have been looking into /nested /, /subelements /and other /lookups 
> /with no luck to make this working , using
> ansible 2.8. 
> Basically , I'd like to construct a loop than can itself iterate over 
> other variables (list or dict). 
> *  iam_managed_policy:*
> *policy_name: "{{ item.name  }}"*
> *policy: "{{ item.policy }}"*
> *state: present*
> *  loop:*
> *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy: "{{ 
> lookup('template', template.json.j2') }}" }*
> *  vars:*
> *mysql_privilege:**  *
> *- rw*
> *- ro*
> *regions:    *
> *- us-west-1*
> *        - us-west-2*
> 
> but it end up with such result:
> "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1', 
> u'us-west-1']"
> 
> What i d like is each loop would build a 2 dimensions array with the vars 
> elements ( rw-us-west-1 , rw-us-west-2, 
> ro-us-west-1, ro-us-west-2)
> 
> Is that even possible to achieve with ansible ? 
> thanks
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4e5341ef-8f83-34e3-41d5-21ae179b24c6%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] scan servers if package is installed and send email

[Laci]

Awesome, thank you very much!

On Thursday, August 13, 2020 at 1:47:07 PM UTC-4, Vladimir Botka wrote:
>
> Laci, 
>
> On Thu, 13 Aug 2020 08:47:31 -0700 (PDT) 
> Laci > wrote: 
>
> > ... it finds the package only if no specific version is 
> > specified. For example it will find nginx and send email but won't 
> > find nginx-1.12.2 
>
> Try this. Loop "with_together" lists of packages' names and versions. 
> In the task's vars create list of the versions "pkgv". The 
> attribute "version" of the dictionary "ansible_facts.packages" is a 
> list because there may be more versions installed. In the condition 
> "when" test the searched version "item.1" is in the list "pkgv". 
>
>   vars: 
> - pkg_list: 
> - nginx-1.12.2 
> - zip-3.0 
>   tasks: 
> - package_facts: 
> - debug: 
> msg: "Found {{ item.0 }}-{{ item.1 }}" 
>   with_together: 
> - "{{ pkg_list| 
>   map('regex_replace','^(.*)-(.*)$', '\\1')|list }}" 
> - "{{ pkg_list| 
>   map('regex_replace','^(.*)-(.*)$', '\\2')|list }}" 
>   when: pkgv|map('regex_search', '^' ~ item.1)|list|length > 0 
>   vars: 
> pkgn: "{{ ansible_facts.packages[item.0]|default([]) }}" 
> pkgv: "{{ pkgn|map(attribute='version')|list }}" 
>
> Fit the condition to your needs. It's trivial to create a list of 
> found packages in the loop test it and send an email. 
>
> -- 
> Vladimir Botka 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a99610b3-631b-4eba-8faa-3fbc9217fb43o%40googlegroups.com.

[ansible-project] Re: 2 levels nested loop with variables

[Nick-H]

so, I have been trying with lookup('dict')  but still not quite close to 
the expected result 
I get: " An unhandled exception occurred while running the lookup plugin 
'dict'. Error was a , original 
message: with_dict expects a dict"
her is the last code :

  iam_managed_policy:
policy_name: "{{ item.name }}"
policy: "{{ item.policy }}"
state: present
  loop:
- { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", policy: 
"{{ lookup('template', 'template.json.j2') }}" }
# - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", policy: 
"{{ lookup('template', 'template.json.j2') }}" }
  vars:
mysql_privilege:
role:
  - rw
  - ro
regions:
  - us-west-1
  - us-west-2




Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :

> Hi, I have been looking into *nested *, *subelements *and other *lookups 
> *with 
> no luck to make this working , using ansible 2.8. 
> Basically , I'd like to construct a loop than can itself iterate over 
> other variables (list or dict). 
> *  iam_managed_policy:*
> *policy_name: "{{ item.name  }}"*
> *policy: "{{ item.policy }}"*
> *state: present*
> *  loop:*
> *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy: 
> "{{ lookup('template', template.json.j2') }}" }*
> *  vars:*
> *mysql_privilege:*  
> *- rw*
> *- ro*
> *regions:*
> *- us-west-1*
> *- us-west-2*
>
> but it end up with such result:
> "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1', 
> u'us-west-1']"
>
> What i d like is each loop would build a 2 dimensions array with the vars 
> elements ( rw-us-west-1 , rw-us-west-2,  ro-us-west-1, ro-us-west-2)
>
> Is that even possible to achieve with ansible ? 
> thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com.

Re: [ansible-project] scan servers if package is installed and send email

[Vladimir Botka]

Laci,

On Thu, 13 Aug 2020 08:47:31 -0700 (PDT)
Laci  wrote:

> ... it finds the package only if no specific version is 
> specified. For example it will find nginx and send email but won't
> find nginx-1.12.2

Try this. Loop "with_together" lists of packages' names and versions.
In the task's vars create list of the versions "pkgv". The
attribute "version" of the dictionary "ansible_facts.packages" is a
list because there may be more versions installed. In the condition
"when" test the searched version "item.1" is in the list "pkgv".

  vars:
- pkg_list:
- nginx-1.12.2
- zip-3.0
  tasks:
- package_facts:
- debug:
msg: "Found {{ item.0 }}-{{ item.1 }}"
  with_together:
- "{{ pkg_list|
  map('regex_replace','^(.*)-(.*)$', '\\1')|list }}"
- "{{ pkg_list|
  map('regex_replace','^(.*)-(.*)$', '\\2')|list }}"
  when: pkgv|map('regex_search', '^' ~ item.1)|list|length > 0
  vars:
pkgn: "{{ ansible_facts.packages[item.0]|default([]) }}"
pkgv: "{{ pkgn|map(attribute='version')|list }}"

Fit the condition to your needs. It's trivial to create a list of
found packages in the loop test it and send an email.

-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200813194648.2dcdcc85%40gmail.com.


pgpaDy7Z2HfUO.pgp
Description: OpenPGP digital signature

Re: [ansible-project] What privilege required for an ansible user able to configure a server

[Stefan Hornburg (Racke)]

On 8/13/20 5:33 PM, Edison Wang wrote:
> Hi Luca: 
> 
>    I've added that command become: yes like you and Stefan said, and make my 
> playbook as simple as below for a test. But
> after I run this playbook where I didn't see any error, I still couldn't see 
> the new user "edison" created on target
> server. However if I run this playbook on my ansible control node, I can see 
> the user "edison'' created. The control
> node can login target server with ansbile_user "manager". Did I miss any 
> part? 
> 
> ---
> - hosts: all
>   become: yes
>   tasks:
>     - name: add a new user
>       user:
>         name: it-manager
>         password: 
> '$6$0r6COc71MvA$EGPPq9Tfq.BTNix2jWyDojB8qyFtKvSKiuXxCE4VRU4kiC5cgHvMwGklWxugfjUCYcc8hg2Sew1nIRMIcMgrB1'
>         shell: /bin/bash
>         state: present
>         groups: sudo
> 

That playbook is creating a user with username it-manager.

Regards
  Racke

> On Thursday, August 13, 2020 at 8:36:16 AM UTC-4, Luca 'remix_tj' Lorenzetto 
> wrote:
> 
> Hello,
> 
> On Thu, Aug 13, 2020 at 2:30 PM Edison Wang  > wrote:
> 
> Hi There,
> 
> I am pretty new in this domain and got a question to ask. My goal is 
> to create a new user "edison" on a Ubuntu
> server. Now I've already had a user "manager" which is able to ssh to 
> this Ubuntu server. This problem I got is
> after I run user creation role with user "manager" as ansbile_user, 
> the new user "edison" always failed to be
> created. Role is very simple, my question is if this issue would be 
> caused by ansible_user "manager" that
> doesn't have some privilege?  
> 
> role:
> 
> ---
>   
>   - name: manage-user - Manage user account
>   user:
>   name: "{{ user.username }}"
>   comment: "{{ user.name  }}"
>   shell: "/bin/bash"
>   groups:
>   - sudo
> 
> 
> The manager user is not root, so is not able to create users. You should 
> add
> 
> become: true
> 
> to your task, so the user module is executed with elevated privileges.
> 
> Check out this: 
> https://docs.ansible.com/ansible/latest/user_guide/become.html
> 
> 
> Luca
> 
> 
> 
> -- 
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
> 
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>  
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , 
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f2f62fc1-e59c-4f9b-8473-7d750da46f5eo%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2c19a5fe-045c-ef94-c89c-ce257d3da737%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] Running Sync using ansible

[Jay Amin]

Hello Everyone,
I am trying to run sync for /home directory and everything within this 
directory (including permissions) between Ansible Controller Node and 
Remote Node.

I would like to run this sync on Controller Node and it will basically run 
based on defined time to keep files/folders/permissions synced inside /home 
between both systems.

Any assistance would be appreciated.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2729b0d2-9c09-433e-8e44-d2dafc61a597n%40googlegroups.com.

Re: [ansible-project] Upgrade Ansible from 2.9.10 to 2.9.11 on RHEL8

[Jay Amin]

Thank you all for your responses and feedback. It definitely did put me in 
right direction.

I was able to get 2.9.11 installed/upgraded.

Basically, I had to create new custom repo and add the 2.9.11 rpm file to 
it. Then had to go into RHEL .conf files (change enabled=1 to enabled=0) so 
that it was not checking for public key and consumer identity. Once I did 
that, I clean yum cache and yum clean all.

After this, I ran 'dnf locallinstall 2.9.11*.rpm --gpgnocheck and it 
actually went through and did an upgrade and removed 2.9.10.

I am seeing some side effects, when i run simple ansible commands. I will 
post them separately for feedback.

Thanks

On Wednesday, August 12, 2020 at 10:26:23 AM UTC-4 bansalpiy...@gmail.com 
wrote:

> Hello,
>
> Apart from manual install, there is two other ways depending your 
> infrastructure apart from manual way:
>
> 1) if you have a proxy for internet then configure proxy on rhel8 ansible 
> node and then perform install via pip. If you don't have proxy already then 
> you could configure squid default proxy in some other linux flavored server.
>
> 2) create a linux/CentOS server (maybe on VMware workstation) with two 
> network interfaces one of which could connect to internet and then
> 2A) if you can access rhel8 Ansible server from your local laptop then 
> bridge the another network connection to your local laptop network adapter 
> which has reachability to the Ansible node. 
>
> OR - in this setup reachability is not working for you then try for 
> following 2B
> 2B) bridge the second network adapter of workstation CentOS/Linux vm with 
> adapter of Ansible node.
>
> OR - 
> If this is also not possible then just deploy the CentOS vm and assign two 
> network interface one of which connects to internet and another nic in same 
> subnet as your rhel8 Ansible.
>
> Once you have both reachability Ansible server and internet, from 
> rhel/centos  vm you deployed then 
>
> 3) make this custom vm as repository for rhel8 Ansible vm and then 
> download required packages or dependency on customer vm so that you could 
> trigger installation of these packages on rhel8 Ansible vm.
>
> Hope this help
>
> Thanks & Regards,
> Piyush
>
>
>
> On Wed, 12 Aug, 2020, 7:28 pm Jim Barlow,  wrote:
>
>> You can install pip yourself as a user:
>> https://pip.pypa.io/en/stable/installing/
>>
>> On Wed, Aug 12, 2020 at 9:01 AM Jay Amin  wrote:
>>
>>> Hello Lee,
>>> So I don't have access to subscription manager or PIP. I have to perform 
>>> this as localinstall and hence your above commands don't work when tried.
>>>
>>> Do you know how would I upgrade without using subscription manager or 
>>> without using pip command?
>>>
>>> Thanks
>>> Jitesh
>>>
>>> On Wed, Aug 12, 2020 at 2:25 AM Thomas Stephen Lee  
>>> wrote:
>>>
 try

 $ sudo subscription-manager repos --enable 
 ansible-2.9-for-rhel-8-x86_64-rpms

 and

 $ sudo dnf upgrade ansible

 --
 Lee

 On Tue, Aug 11, 2020 at 11:50 PM Jay Amin  wrote:

> Hello,
> Can anyone tell me how do I upgrade Ansible v2.9.10 to 2.9.11 or 
> 2.9.12 on RHEL 8?
>
> I cannot use since system is not connected to any subscription manager 
> or repo. I use local repo. I cannot use PIP either.
>
> I downloaded ansible-2.9.11-1.el8.noarch.rpm but now need help on how 
> to upgrade to this version.
>
> Thanks
> Jay
>
> -- 
> You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/e7704d73-8111-4ae4-9571-31f6672ef560n%40googlegroups.com
>  
> 
> .
>
 -- 
 You received this message because you are subscribed to a topic in the 
 Google Groups "Ansible Project" group.
 To unsubscribe from this topic, visit 
 https://groups.google.com/d/topic/ansible-project/714c4a1D-BM/unsubscribe
 .
 To unsubscribe from this group and all its topics, send an email to 
 ansible-proje...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/ansible-project/CAG7s96UnKSXy%2B03OWxzb_Xg3OYKxpGVQn9UT3pj_xprUgYTFkw%40mail.gmail.com
  
 
 .

>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-proje...@googlegroups.com.
>>> To 

Re: [ansible-project] scan servers if package is installed and send email

[Laci]

Thank you Vladimir!

This looks almost good, it finds the package only if no specific version is 
specified.
For example it will find nginx and send email but won't find nginx-1.12.2

On Thursday, August 13, 2020 at 11:09:22 AM UTC-4, Vladimir Botka wrote:
>
> On Thu, 13 Aug 2020 07:20:51 -0700 (PDT) 
> Laci > wrote: 
>
> > I'm looking for a playbook which would scan all servers and if a 
> particular 
> > package (ex: kernel-3.10.0-1062 or nginx-1.12.2-2) is installed would 
> send 
> > an email with the hostname. 
> > Did anyone do something alike? 
>
> Collect "pkg_facts" and "intersect" the lists. For example 
>
>   vars: 
> - pkg_list: 
> - linux-image-5.4.0-42-generic 
> - nginx-1.12.2 
>   tasks: 
> - package_facts: 
> - mail: 
> subject: Packages found 
> body: "{{ send_pkg_list }}" 
>   when: send_pkg_list|length > 0 
>   vars: 
> send_pkg_list: "{{ ansible_facts.packages.keys()| 
>intersect(pkg_list) }}" 
>
>
>
> -- 
> Vladimir Botka 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c90de5b8-7441-46ac-8912-83990d6395dao%40googlegroups.com.

Re: [ansible-project] What privilege required for an ansible user able to configure a server

[Edison Wang]

Hi Luca: 

   I've added that command become: yes like you and Stefan said, and make 
my playbook as simple as below for a test. But after I run this playbook 
where I didn't see any error, I still couldn't see the new user "edison" 
created on target server. However if I run this playbook on my ansible 
control node, I can see the user "edison'' created. The control node can 
login target server with ansbile_user "manager". Did I miss any part? 

---
- hosts: all
  become: yes
  tasks:
- name: add a new user
  user:
name: it-manager
password: 
'$6$0r6COc71MvA$EGPPq9Tfq.BTNix2jWyDojB8qyFtKvSKiuXxCE4VRU4kiC5cgHvMwGklWxugfjUCYcc8hg2Sew1nIRMIcMgrB1'
shell: /bin/bash
state: present
groups: sudo

On Thursday, August 13, 2020 at 8:36:16 AM UTC-4, Luca 'remix_tj' 
Lorenzetto wrote:
>
> Hello,
>
> On Thu, Aug 13, 2020 at 2:30 PM Edison Wang  > wrote:
>
>> Hi There,
>>
>> I am pretty new in this domain and got a question to ask. My goal is to 
>> create a new user "edison" on a Ubuntu server. Now I've already had a user 
>> "manager" which is able to ssh to this Ubuntu server. This problem I got is 
>> after I run user creation role with user "manager" as ansbile_user, the new 
>> user "edison" always failed to be created. Role is very simple, my question 
>> is if this issue would be caused by ansible_user "manager" that doesn't 
>> have some privilege?  
>>
>> role:
>>
>> ---
>> - name: manage-user - Manage user account
>> user:
>> name: "{{ user.username }}"
>> comment: "{{ user.name }}"
>> shell: "/bin/bash"
>> groups:
>> - sudo
>>
>
> The manager user is not root, so is not able to create users. You should 
> add
>
> become: true
>
> to your task, so the user module is executed with elevated privileges.
>
> Check out this: 
> https://docs.ansible.com/ansible/latest/user_guide/become.html
>
> Luca
>
>
>
> -- 
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>  
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net ,  >
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f2f62fc1-e59c-4f9b-8473-7d750da46f5eo%40googlegroups.com.

[ansible-project] files from .gitignore not found

[Кирилл Старостин]

Hi there! I want to use git-project in Ansible tower. I successfully 
created Git Project and template based on role /roles/mytest/. However I 
dont want to store  /roles/mytest/files in the github, so I created  
/roles/mytest/files/.gitignore. 

Then I created manually file test.txt in the folder 
/var/lib/awx/projects/_8__test_git/roles/mytest/files/. Then I start 
playbook:

- name: list files
  local_action: command ls -Ra ./
  register: zzz

- name: debug
  debug:
msg: "{{zzz.stdout_lines}}"

Unfortunally, file test.txt wasn't found in result list. What can I do? I 
want to use git, but I dont want to store any folders (such as /files/, 
etc) in the git. Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d5970853-905e-4f62-beda-daf5e91abb2fn%40googlegroups.com.

Re: [ansible-project] scan servers if package is installed and send email

[Vladimir Botka]

On Thu, 13 Aug 2020 07:20:51 -0700 (PDT)
Laci  wrote:

> I'm looking for a playbook which would scan all servers and if a particular 
> package (ex: kernel-3.10.0-1062 or nginx-1.12.2-2) is installed would send 
> an email with the hostname.
> Did anyone do something alike?

Collect "pkg_facts" and "intersect" the lists. For example

  vars:
- pkg_list:
- linux-image-5.4.0-42-generic
- nginx-1.12.2
  tasks:
- package_facts:
- mail:
subject: Packages found
body: "{{ send_pkg_list }}"
  when: send_pkg_list|length > 0
  vars:
send_pkg_list: "{{ ansible_facts.packages.keys()|
   intersect(pkg_list) }}"



-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200813170904.52992803%40gmail.com.


pgpgziW8Zxw1V.pgp
Description: OpenPGP digital signature

[ansible-project] scan servers if package is installed and send email

[Laci]

I'm looking for a playbook which would scan all servers and if a particular 
package (ex: kernel-3.10.0-1062 or nginx-1.12.2-2) is installed would send 
an email with the hostname.
Did anyone do something alike?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/18a34bc0-1368-4f97-9d05-bc8a15f70d66o%40googlegroups.com.

Re: [ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Dick Visser]

The problem might be in the way you invoke ansible-playbook in the gitlab CI.
So, what does your .gitlab-ci.yml look like?

On Thu, 13 Aug 2020 at 13:09, Papanito  wrote:
>
> I already checked 
> https://docs.ansible.com/ansible/latest/user_guide/vault.html but I don't see 
> where the problem is.
>
> I use a shared gitlab runner: 
> https://docs.gitlab.com/ee/ci/runners/README.html
>
> Well, in the end it's a docker image so you think is still a ci issue or can 
> it be related to python/ansible versions?
>
> On Thursday, August 13, 2020 at 12:17:29 PM UTC+2 dick@geant.org wrote:
>>
>> This seems to be a problem specific to your CI tool, so a logical
>> place would be to consult the support channels of that CI tool
>> (whichever it was - you didn't tell).
>> Either way, how ansible-vault works is explained here:
>> https://docs.ansible.com/ansible/latest/user_guide/vault.html.
>> Fix your CI so that it uses ansible-vault using those instructions.
>>
>> On Thu, 13 Aug 2020 at 12:07, Papanito  wrote:
>> >
>> > Even so I explicitly set python3 as default, I still get the same error as 
>> > mentioned. This is what I do on my ci-server
>> >
>> > - apt-get install python3.7 python3-apt -qy
>> > - update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
>> > - update-alternatives --set python /usr/bin/python3.7
>> >
>> > I can confirm that on my ci-server python 3.7 is installed as default
>> >
>> > python --version
>> > Python 3.7.3
>> > On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote:
>> >>
>> >> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I 
>> >> have python 3.
>> >>
>> >> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:
>> >>>
>> >>> I am using ansible 2.9.11 on my dev machine (arch linux) where I 
>> >>> encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a 
>> >>> password file. I have commited the file to source control.
>> >>>
>> >>> I can run the playbook without issues on my dev-machine i.e. decryption 
>> >>> works
>> >>>
>> >>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the 
>> >>> run of the playbook fails with
>> >>>
>> >>>
>> >>> Tried to use the vault secret (default) to decrypt 
>> >>> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
>> >>> failed. Error: HMAC verification failed: Signature did not match digest.
>> >>> fatal: [node003]: FAILED! => {
>> >>> "msg": "Decryption failed (no vault secrets were found that could 
>> >>> decrypt) on 
>> >>> /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
>> >>>
>> >>> I can confirm that I have the password-file on the ci-machine and the 
>> >>> password in it is correct. So what's going on here? Why decryption does 
>> >>> not work?
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > email to ansible-proje...@googlegroups.com.
>> > To view this discussion on the web visit 
>> > https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com.
>>
>>
>>
>> --
>> Dick Visser
>> Trust & Identity Service Operations Manager
>> GÉANT
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/3e275609-575c-44c9-b79c-a2d246c89dacn%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwO6TiiYqz7Nz0HHLGv84iakL%3DN9KkG31NCof8E9kRv1sw%40mail.gmail.com.

Re: [ansible-project] What privilege required for an ansible user able to configure a server

[Luca 'remix_tj' Lorenzetto]

Hello,

On Thu, Aug 13, 2020 at 2:30 PM Edison Wang 
wrote:

> Hi There,
>
> I am pretty new in this domain and got a question to ask. My goal is to
> create a new user "edison" on a Ubuntu server. Now I've already had a user
> "manager" which is able to ssh to this Ubuntu server. This problem I got is
> after I run user creation role with user "manager" as ansbile_user, the new
> user "edison" always failed to be created. Role is very simple, my question
> is if this issue would be caused by ansible_user "manager" that doesn't
> have some privilege?
>
> role:
>
> ---
> - name: manage-user - Manage user account
> user:
> name: "{{ user.username }}"
> comment: "{{ user.name }}"
> shell: "/bin/bash"
> groups:
> - sudo
>

The manager user is not root, so is not able to create users. You should add

become: true

to your task, so the user module is executed with elevated privileges.

Check out this:
https://docs.ansible.com/ansible/latest/user_guide/become.html

Luca



-- 
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
lorenzetto.l...@gmail.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKuX69rmmtXbCwWj5kznda6Bra2m8doE1bVNR3HgGo4iaJ3%2BdQ%40mail.gmail.com.

Re: [ansible-project] What privilege required for an ansible user able to configure a server

[Stefan Hornburg (Racke)]

On 8/13/20 2:30 PM, Edison Wang wrote:
> Hi There,
> 
> I am pretty new in this domain and got a question to ask. My goal is to 
> create a new user "edison" on a Ubuntu server.
> Now I've already had a user "manager" which is able to ssh to this Ubuntu 
> server. This problem I got is after I run user
> creation role with user "manager" as ansbile_user, the new user "edison" 
> always failed to be created. Role is very
> simple, my question is if this issue would be caused by ansible_user 
> "manager" that doesn't have some privilege?  

That is the most likely cause of the error which you failed to post here.

Add "become: yes" to your playbook (or to this task).

Regards
  Racke

> 
> role:
> 
> ---
>   
>   - name: manage-user - Manage user account
>   user:
>   name: "{{ user.username }}"
>   comment: "{{ user.name }}"
>   shell: "/bin/bash"
>   groups:
>   - sudo
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9fa919b4-74d8-4a44-8d58-6361da986e94o%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a7462d37-a2b7-4fe9-d286-5c4bc89280ef%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] What privilege required for an ansible user able to configure a server

[Edison Wang]

Hi There,

I am pretty new in this domain and got a question to ask. My goal is to 
create a new user "edison" on a Ubuntu server. Now I've already had a user 
"manager" which is able to ssh to this Ubuntu server. This problem I got is 
after I run user creation role with user "manager" as ansbile_user, the new 
user "edison" always failed to be created. Role is very simple, my question 
is if this issue would be caused by ansible_user "manager" that doesn't 
have some privilege?  

role:

---
- name: manage-user - Manage user account
user:
name: "{{ user.username }}"
comment: "{{ user.name }}"
shell: "/bin/bash"
groups:
- sudo

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9fa919b4-74d8-4a44-8d58-6361da986e94o%40googlegroups.com.

Re: [ansible-project] how to share variables between hosts

[Stefan Hornburg (Racke)]

On 8/13/20 1:49 PM, Gabriel Sousa wrote:
> i have this:
> 
> ---
> - hosts: all
>   vars:
>   - site: "{{ ansible_hostname | regex_replace('^(.{2}).*' ,'\\1' ) }}"
>   - datavg: DATAVG
>   - datavgpvs: /dev/sdb
>   - lv_int:
>     - { lv: app, size: "{{appS}}", vg: "{{datavg}}", fs: xfs, mount: "/app" }
> 
>  
> - hosts:
>   - a
>   become: yes
>   become_method: sudo
>   vars:
>   - appS: 30G
> 
>   tasks:
>   - name: Setup datavg LVs
>     lvol: lv={{item.lv}} state=present vg={{datavg}} size={{item.size}}
>     with_items: "{{ hostvars[all].lv_inst }}"
> 
> 
> but i have error in hostvars "' 'all' is undefined"

It's unclear why you don't loop over lv_int:

with_items: "{{ lv_int }}"

Otherwise use group variables to share variables between hosts.

Regards
Racke

> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e70ab19c-bd04-494c-bfca-887bfbb361dbn%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0334addf-84e2-cd9f-2de8-27f223861c32%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

[ansible-project] how to share variables between hosts

[Gabriel Sousa]

i have this:

---
- hosts: all
  vars:
  - site: "{{ ansible_hostname | regex_replace('^(.{2}).*' ,'\\1' ) }}"
  - datavg: DATAVG
  - datavgpvs: /dev/sdb
  - lv_int:
- { lv: app, size: "{{appS}}", vg: "{{datavg}}", fs: xfs, mount: "/app" 
}

 
- hosts:
  - a
  become: yes
  become_method: sudo
  vars:
  - appS: 30G

  tasks:
  - name: Setup datavg LVs
lvol: lv={{item.lv}} state=present vg={{datavg}} size={{item.size}}
with_items: "{{ hostvars[all].lv_inst }}"


but i have error in hostvars "' 'all' is undefined"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e70ab19c-bd04-494c-bfca-887bfbb361dbn%40googlegroups.com.

Re: [ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Papanito]

I already checked 
https://docs.ansible.com/ansible/latest/user_guide/vault.html but I don't 
see where the problem is.

I use a shared gitlab runner: 
https://docs.gitlab.com/ee/ci/runners/README.html

Well, in the end it's a docker image so you think is still a ci issue or 
can it be related to python/ansible versions?

On Thursday, August 13, 2020 at 12:17:29 PM UTC+2 dick@geant.org wrote:

> This seems to be a problem specific to your CI tool, so a logical
> place would be to consult the support channels of that CI tool
> (whichever it was - you didn't tell).
> Either way, how ansible-vault works is explained here:
> https://docs.ansible.com/ansible/latest/user_guide/vault.html.
> Fix your CI so that it uses ansible-vault using those instructions.
>
> On Thu, 13 Aug 2020 at 12:07, Papanito  wrote:
> >
> > Even so I explicitly set python3 as default, I still get the same error 
> as mentioned. This is what I do on my ci-server
> >
> > - apt-get install python3.7 python3-apt -qy
> > - update-alternatives --install /usr/bin/python python 
> /usr/bin/python3.7 1
> > - update-alternatives --set python /usr/bin/python3.7
> >
> > I can confirm that on my ci-server python 3.7 is installed as default
> >
> > python --version
> > Python 3.7.3
> > On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote:
> >>
> >> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I 
> have python 3.
> >>
> >> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:
> >>>
> >>> I am using ansible 2.9.11 on my dev machine (arch linux) where I 
> encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a 
> password file. I have commited the file to source control.
> >>>
> >>> I can run the playbook without issues on my dev-machine i.e. 
> decryption works
> >>>
> >>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the 
> run of the playbook fails with
> >>>
> >>>
> >>> Tried to use the vault secret (default) to decrypt 
> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
> failed. Error: HMAC verification failed: Signature did not match digest.
> >>> fatal: [node003]: FAILED! => {
> >>> "msg": "Decryption failed (no vault secrets were found that could 
> decrypt) on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
> >>>
> >>> I can confirm that I have the password-file on the ci-machine and the 
> password in it is correct. So what's going on here? Why decryption does not 
> work?
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com
> .
>
>
>
> -- 
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3e275609-575c-44c9-b79c-a2d246c89dacn%40googlegroups.com.

Re: [ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Adrian Wyssmann]

I am using Gitlab

On Thu, Aug 13, 2020, 12:17 Dick Visser  wrote:

> This seems to be a problem specific to your CI tool, so a logical
> place would be to consult the support channels of that CI tool
> (whichever it was - you didn't tell).
> Either way, how ansible-vault works is explained here:
> https://docs.ansible.com/ansible/latest/user_guide/vault.html.
> Fix your CI so that it uses ansible-vault using those instructions.
>
> On Thu, 13 Aug 2020 at 12:07, Papanito  wrote:
> >
> > Even so I explicitly set python3 as default, I still get the same error
> as mentioned. This is what I do on my ci-server
> >
> > - apt-get install python3.7 python3-apt -qy
> > - update-alternatives --install /usr/bin/python python
> /usr/bin/python3.7 1
> > - update-alternatives --set python /usr/bin/python3.7
> >
> > I can confirm that on my ci-server python 3.7 is installed as default
> >
> > python --version
> > Python 3.7.3
> > On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote:
> >>
> >> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I
> have python 3.
> >>
> >> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:
> >>>
> >>> I am using ansible 2.9.11 on my dev machine (arch linux) where I
> encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a
> password file. I have commited the file to source control.
> >>>
> >>> I can run the playbook without issues on my dev-machine i.e.
> decryption works
> >>>
> >>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the
> run of the playbook fails with
> >>>
> >>>
> >>> Tried to use the vault secret (default) to decrypt
> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it
> failed. Error: HMAC verification failed: Signature did not match digest.
> >>> fatal: [node003]: FAILED! => {
> >>> "msg": "Decryption failed (no vault secrets were found that could
> decrypt) on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
> >>>
> >>> I can confirm that I have the password-file on the ci-machine and the
> password in it is correct. So what's going on here? Why decryption does not
> work?
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com
> .
>
>
>
> --
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/Sbl0rexDhRs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAL8fbwO8pjU%2Beo_5yK1F8Jp4oA4EwpH01z1W15x5j%3DFCo-NGng%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPHZdn%2B5dp%3D5H-08EWY5PFVqU%2BuT3w8%2BiDJk%2Bb0ZeD43E0dXKQ%40mail.gmail.com.

Re: [ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Dick Visser]

This seems to be a problem specific to your CI tool, so a logical
place would be to consult the support channels of that CI tool
(whichever it was - you didn't tell).
Either way, how ansible-vault works is explained here:
https://docs.ansible.com/ansible/latest/user_guide/vault.html.
Fix your CI so that it uses ansible-vault using those instructions.

On Thu, 13 Aug 2020 at 12:07, Papanito  wrote:
>
> Even so I explicitly set python3 as default, I still get the same error as 
> mentioned. This is what I do on my ci-server
>
> - apt-get install python3.7 python3-apt -qy
> - update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
> - update-alternatives --set python /usr/bin/python3.7
>
> I can confirm that on my ci-server python 3.7 is installed as default
>
> python --version
> Python 3.7.3
> On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote:
>>
>> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I have 
>> python 3.
>>
>> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:
>>>
>>> I am using ansible 2.9.11 on my dev machine (arch linux) where I encrypted 
>>> ./resources/cloudflare/cert.pem. using ansible-vault with a password file. 
>>> I have commited the file to source control.
>>>
>>> I can run the playbook without issues on my dev-machine i.e. decryption 
>>> works
>>>
>>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the run 
>>> of the playbook fails with
>>>
>>>
>>> Tried to use the vault secret (default) to decrypt 
>>> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
>>> failed. Error: HMAC verification failed: Signature did not match digest.
>>> fatal: [node003]: FAILED! => {
>>> "msg": "Decryption failed (no vault secrets were found that could decrypt) 
>>> on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
>>>
>>> I can confirm that I have the password-file on the ci-machine and the 
>>> password in it is correct. So what's going on here? Why decryption does not 
>>> work?
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwO8pjU%2Beo_5yK1F8Jp4oA4EwpH01z1W15x5j%3DFCo-NGng%40mail.gmail.com.

[ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Papanito]

Even so I explicitly set python3 as default, I still get the same error as 
mentioned. This is what I do on my ci-server

- apt-get install python3.7 python3-apt -qy
- update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
- update-alternatives --set python /usr/bin/python3.7

I can confirm that on my ci-server python 3.7 is installed as default

python --version
Python 3.7.3
On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote:

> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I 
> have python 3.
>
> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:
>
>> I am using ansible 2.9.11 on my dev machine (arch linux) where I 
>> encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a 
>> password file. I have commited the file to source control.
>>
>> I can run the playbook without issues on my dev-machine i.e. decryption 
>> works
>>
>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the 
>> run of the playbook fails with
>>
>>
>> Tried to use the vault secret (default) to decrypt 
>> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
>> failed. Error: HMAC verification failed: Signature did not match digest.
>> fatal: [node003]: FAILED! => {
>> "msg": "Decryption failed (no vault secrets were found that could 
>> decrypt) on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
>>
>> I can confirm that I have the password-file on the ci-machine and the 
>> password in it is correct. So what's going on here? Why decryption does not 
>> work?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com.

Re: [ansible-project] wild card is not working for adapter_names in win_dns_client

[Prakash PMS]

Thank you. Yes. we can fetch using powershell.

I was wondering why wild card support given in the documentation is not 
working. Now I am able to use '*' like given in the first example below and 
it works. But the second example given in the documentation doesn't work.

https://docs.ansible.com/ansible/latest/modules/win_dns_client_module.html

- name: Set multiple lookup addresses on all visible adapters (usually physical 
adapters that are in the Up state), with debug logging to a file
  win_dns_client:
adapter_names: '*'
- name: Configure all adapters whose names begin with Ethernet to use 
DHCP-assigned DNS values
  win_dns_client:
adapter_names: 'Ethernet*'


On Thursday, 13 August 2020 01:43:11 UTC+5:30, J Hawkesworth wrote:
>
> You proably need to fetch the adaptor name which you can do with 
> Get-NetAdapter powershell command
>
>
> https://docs.microsoft.com/en-us/powershell/module/netadapter/get-netadapter?view=win10-ps
>
> then pass that to the module parameters.
>
> On Wednesday, August 12, 2020 at 11:39:57 AM UTC+1, Prakash PMS wrote:
>>
>>
>> ansible 2.9.6 on ubuntu 20.04
>>
>> On Wednesday, 12 August 2020 16:05:44 UTC+5:30, Dick Visser wrote:
>>>
>>> what ansible version are you running 
>>>
>>> On Wed, 12 Aug 2020 at 12:15, Prakash PMS  wrote: 
>>> > 
>>> > Hi, 
>>> > 
>>> > when wild card is used for adapter_names in win_dns_client to set DNS 
>>> in windows machines, it is not recognizing the interface. 
>>> > 
>>> >   tasks: 
>>> >   - name: Set DNS to Primary Domain Controller 
>>> > win_dns_client: 
>>> >   adapter_names: 'tap*' 
>>> >   ipv4_addresses: '{{ ad_domain_server }}' 
>>> > 
>>> > Following is the error. 
>>> > 
>>> > TASK [Set DNS to Primary Domain Controller] 
>>>  
>>> > An exception occurred during task execution. To see the full 
>>> traceback, use -vvv. The error was: at , : line 207 
>>> > fatal: [X.X.X.X]: FAILED! => {"changed": false, "msg": "Unhandled 
>>> exception while executing module: Invalid network adapter name: tap*"} 
>>> > 
>>> > The documentation says wild card is supported and also given example 
>>> for Ethernet*. When windows instances are provisioned in openstack or kvm 
>>> using redhat virtio driver, it creates interface with tapxxx format. 
>>> > 
>>> > Regards 
>>> > Prakash 
>>> > 
>>> > -- 
>>> > You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group. 
>>> > To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible...@googlegroups.com. 
>>> > To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/5b186bd8-10de-42ea-97e1-24153555914ao%40googlegroups.com.
>>>  
>>>
>>>
>>>
>>>
>>> -- 
>>> Dick Visser 
>>> Trust & Identity Service Operations Manager 
>>> GÉANT 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ace67023-fa5e-45f2-aa1b-2881e32921f7o%40googlegroups.com.

[ansible-project] Re: Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Papanito]

Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I have 
python 3.

On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote:

> I am using ansible 2.9.11 on my dev machine (arch linux) where I 
> encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a 
> password file. I have commited the file to source control.
>
> I can run the playbook without issues on my dev-machine i.e. decryption 
> works
>
> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the 
> run of the playbook fails with
>
>
> Tried to use the vault secret (default) to decrypt 
> (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
> failed. Error: HMAC verification failed: Signature did not match digest.
> fatal: [node003]: FAILED! => {
> "msg": "Decryption failed (no vault secrets were found that could decrypt) 
> on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"
>
> I can confirm that I have the password-file on the ci-machine and the 
> password in it is correct. So what's going on here? Why decryption does not 
> work?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f1c1f9db-ebbb-4621-9ede-cf3c5f403ab7n%40googlegroups.com.

[ansible-project] Decryption fails: Error: HMAC verification failed: Signature did not match digest.

[Papanito]

I am using ansible 2.9.11 on my dev machine (arch linux) where I encrypted 
./resources/cloudflare/cert.pem. 
using ansible-vault with a password file. I have commited the file to 
source control.

I can run the playbook without issues on my dev-machine i.e. decryption 
works

Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the run 
of the playbook fails with


Tried to use the vault secret (default) to decrypt 
(/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it 
failed. Error: HMAC verification failed: Signature did not match digest.
fatal: [node003]: FAILED! => {
"msg": "Decryption failed (no vault secrets were found that could decrypt) 
on /builds/papanito/infrastructure/resources/cloudflare/cert.pem"

I can confirm that I have the password-file on the ci-machine and the 
password in it is correct. So what's going on here? Why decryption does not 
work?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6c70c704-6131-4237-b55d-b81513c24785o%40googlegroups.com.