Re: [ansible-project] looking for support
I totally agree with Antony. It will be easier to answer the question if you provide these details. Regarding your question, the task mentioned before the 'Cordon and Drain Node' task failed with a non-zero return value and the failed ('Cordon and Drain Node') task in the screenshot is expecting zero return code with JSON output. On Sun, Jul 24, 2022 at 7:49 PM Antony Stone < antony.st...@ansible.open.source.it> wrote: > On Sunday 24 July 2022 at 15:56:46, Shyju Krishnan wrote: > > > [image: image.png] > > Please: > > 1. Copy and paste text, don't post screenshots (especially in > difficult-to-read > colour combinations) > > 2. Show us the command you ran before getting the error > > 3. Show us the text of the error in as readable a format as possible > > 4. Show us your playbook (if it's small) or the relevent section of it (if > it's big) > > 5. Consider using pastebin or similar if you want to show us more than > arounnd > 25 lines of playbook. > > > Thanks, > > > Antony. > > -- > Schrödinger's rule of data integrity: the condition of any backup is > unknown > until a restore is attempted. > >Please reply to the > list; > please *don't* CC > me. > > -- Thanks, Abhijeet Kasurde -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFwWkHqt0QBmeeNUrLRL%3D3cQq4_th-snDh3LxwStk%3DYt2ZskLg%40mail.gmail.com.
[ansible-project] AWS VPN is not taking IP address as defined in ansible VPN module
i'm looking for assistance for Tunnel IP address assignment defined by my own in aws for 'ec2_vpc_vpn' but somehow aws is taking its own address ( 169.254.87.200/30 & 169.254.164.108/30 ) rather than i have returned facts for tunnel ip.. how can i override with custom returned value ? ansible_module: *https://docs.ansible.com/ansible/latest/collections/community/aws/ec2_vpc_vpn_module.html* *- name: Create prefix within NetBox with only required information netbox_prefix: netbox_url: "{{ netbox_url }}" netbox_token: "{{ netbox_token }}" data: parent: 169.254.0.0/16 prefix_length: 30 site: DC tenant: 'network' status: Reserved #state: present custom_fields:prefix_ticket_number: "{{ ticket }}"prefix_account_id: "{{ account_no }}" prefix_role: ipsec-p2p description: "aws-{{ region }}-{{ account_no }}-{{ application }}" state: present first_available: "{{ item }}" validate_certs: noregister: prefixswith_items:- yes- yes - name: tunnel_1_cidrset_fact:tunnel_1_cidr_30: '{{ prefixs.results[0].prefix.prefix | ipmath(1) }}/30' - name: debug tunnel1 debug:msg: "{{ tunnel_1_cidr_30 }}"- name: tunnel_2_cidrset_fact:tunnel_2_cidr_30: '{{ prefixs.results[1].prefix.prefix | ipmath(1) }}/30' - name: debug tunnel2 debug:msg: "{{ tunnel_2_cidr_30 }}" - name: create a VPN connectionec2_vpc_vpn: state: present vpn_gateway_id: "vgw-" customer_gateway_id: 'cgw-' static_only: true region: '{{ region }}' routes:- 10.0.0.0/8 aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" tunnel_options:- PreSharedKey: '{{ pre_shared_key }}'- TunnelInsideCidr: "{{ tunnel_1_cidr_30 }}" ## tunnel address- TunnelInsideCidr: "{{ tunnel_2_cidr_30 }}". ## tunnel 2 address tags: name: '{{ vpn_tag }}'* return value: TASK [tunnel_1_cidr] ok: [localhost] TASK [debug tunnel1] ok: [localhost] => { *"msg": "169.254.0.45/30"* } TASK [tunnel_2_cidr] ok: [localhost] TASK [debug tunnel2] ok: [localhost] => { *"msg": "169.254.0.49/30"* TASK [create a VPN connection] ** ok: [localhost] PLAY RECAP ** localhost : ok=8 changed=1 unreachable=0 failed=0 skip -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/81032d68-96a1-4689-94ea-fa08c50d4653n%40googlegroups.com.
Re: [ansible-project] looking for support
On Sunday 24 July 2022 at 15:56:46, Shyju Krishnan wrote: > [image: image.png] Please: 1. Copy and paste text, don't post screenshots (especially in difficult-to-read colour combinations) 2. Show us the command you ran before getting the error 3. Show us the text of the error in as readable a format as possible 4. Show us your playbook (if it's small) or the relevent section of it (if it's big) 5. Consider using pastebin or similar if you want to show us more than arounnd 25 lines of playbook. Thanks, Antony. -- Schrödinger's rule of data integrity: the condition of any backup is unknown until a restore is attempted. Please reply to the list; please *don't* CC me.
[ansible-project] looking for support
[image: image.png] -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAN3_iPuuXj8e_Y5gnWenwk3UUMx5ZUq6MG_o1p_3E3Jsfmd1ww%40mail.gmail.com.
Re: [ansible-project] Re: python error during task
On Sat, Jul 23, 2022 at 7:35 AM Todd Lewis wrote: > > This is the problem that Execution Environments allow you to avoid. > > Or, if you're rather more cynical, this is the type of problem that emerges > due to relying on execution environments. That's a pretty fundamental architectural issue, you're unlikely to get a lot of traction on installing a local daemon with its own functional python on every remote host for ansible execution. > RHEL7 users - myself included, paying for the privilege, thanks - might feel > put out that a supported operating system/distro doesn't have a path forward > from python2, but in fact it does: it's "move to RHEL8 or RHEL9." I shouldn't > be surprised that I can't get a Mr. Fusion adaptor for my Edsel. Technically, > python3 can "be done" on RHEL7, but why put the effort into digging your > technical debt hole even deeper. (And by "you" I mean "me", because I'm > really arguing myself into scrapping the Edsel and getting on with life.) It gets funnier that, when ansible makes demands for python modules unavailable on contemporary RHEL releases, the response for providing RPMS that include them is to violate pretty basic python packaging guidelines for Fedora and RHEL and internalize them inside the SRPM, with git commit labeled tarballs rather than release numbered tarballs. Someone out there decided to get strange and ignora Fedora guidelines. I now publish RPM update tools for those dependencies, over at https://github.com/nkadel/ansiblerepo. On RHEL 7, if you really need ansible-core 2.13.2, I think we're SOL. Building up a fresh python 3.8 or later for it is more work than most of us need. Use RHEL 8 or CentOS 8, and use the python38 packages. And the published ansible-core 2.12 is plenty for most uses there until, for example, RHEL straightens out the modularity mucked up dnf installation of the "python38-packaging" package to allow gracefully building up the dependency suite for ansible-core 2.13. I ran into that last week. I'm pretty unhappy about Red Hat allowing the RPM "modularity" pecularities near any system RPMs. > It would be easier to spin up a RHEL8 vm or an execution environment > compatible with whatever version of Ansible you want to run than building and > running a python3 application environment atop a RHEL7 installation. You're / > I'm solving the wrong problem. Or docker container. "python3" isn't so much the problem. You can install with the built-in python3 packages for RHEL 7. sudo yum install python3-devel sudo yum install python3-pip pip3 install -m ansible-core # will only provide ansible-core up to 4.11 on RHEL 7 built-in python 3.6 > -- > Todd > > On 7/22/22 3:56 PM, Michael DiDomenico wrote: > > for anyone that might come across this in the future, it looks like > this might boil down to a dependecy hell problem > > python3 and ansible2.13 require 37.0.4 which is not compatible with python2.7 > > the yum utils require python2 in order to run, which are not > compatible with cryptography or python3. so when you use 'package' in > an ansible playbook, it spawns /usr/bin/python (which is 2.7 in my) to > run the yum utils. > > you might think i could switch to ansible.builtin.dnf which is python3 > compatible, however, python3-dnf doesn't exist on rhel7, only rhel8 > > i might not have that all straight, but that's the jist of it > > > > On Fri, Jul 22, 2022 at 2:34 PM Michael DiDomenico > wrote: > > sorry for the cross post, i sent this to the devel list by mistake > --- > i have compiled a separate version of openssl 1.1.1, python 3.10.5, > and ansible 2.13.2 into my home directory. i have the > interpreter_python set in the ansible.cfg file to point to the version > of python in my home directory. > > on some hosts my playbook runs okay, but on others i'm getting the > below error. what i think the problem is, is that python is finding > modules in the 2.7 system libs on particular hosts and not others. on > the hosts that work i'm guessing python isn't picking up the 2.7 > system lib versions > > i'm new to ansible and python, so i'm not sure where the error lies. > i'm hedging a bet, it's in the way i compiled python in my home > directory. it happened when i pip installed ansible with my custom > python. but i'm not sure which or how exactly to debug this > dependency issue > > TASK [install ntpd if missing] > ** > task path: /home1/user/ansible_ccm/playbooks/ntpd/main.yml:15 > Friday 22 July 2022 11:10:46 -0700 (0:00:01.705) 0:00:01.731 > *** > Friday 22 July 2022 11:10:46 -0700 (0:00:01.706) 0:00:01.730 > *** > Running ansible.legacy.yum > Using module file > /u/user/ansible/lib/python3.10/site-packages/ansible/modules/yum.py > Pipelining is enabled. > ESTABLISH LOCAL CONNECTION FOR USER: ro
Re: [ansible-project] python error during task
On Fri, Jul 22, 2022 at 2:35 PM Michael DiDomenico wrote: > > sorry for the cross post, i sent this to the devel list by mistake > --- > i have compiled a separate version of openssl 1.1.1, python 3.10.5, > and ansible 2.13.2 into my home directory. i have the > interpreter_python set in the ansible.cfg file to point to the version > of python in my home directory. > i'm new to ansible and python, so i'm not sure where the error lies. May I suggest you stop right there? First, you're using ansible-core 2.13.2. ansible-core is everything that really matters, including the primary ansible tools and modules. The "ansible" package is quite useless for most, a bundle of more than 100 ansible galaxy collection modules. Yes, it's confusing, I've argued before that "ansible-core" should have been left named "ansible" as it was back with ansible 2.9, and the ansible collection should match the name of the directories it actually insalls, namely "ansible_collections". But good luck trying to get *that* revised. So, if you're new to python, why are you trying to hurt yourself by building your own python and openssl? We can't even deduce where you put them and how you reference them. You're in the position of someone new to electronics who decided to make their own battery. One of the advantages of the open source and free software world is you can start from already working tools, and focus on the bits vital to your project. So why are you starting with openssl and python? Ansible is designed, when talking to remte hosts, to do a lot of deduction about the remote python and use the built-in python there. Based on your error messages, that's a RHEL environment with "/usr/bin/python" being linked to python 2.7. If you need to build your own updated ansible-core, may I strongly urge you to work from the RHEL published ansible packages, or if you need a more recent ansible-core RPM, take a look at my RPM building tools over at https:/github.com/n kadel/ansiblerepo/ ? It's quite tricky to update ansible-core past version 2.11 on RHEL 7, you need to use steps like "pip3 install -user ansible-core" > i'm hedging a bet, it's in the way i compiled python in my home > directory. it happened when i pip installed ansible with my custom > python. but i'm not sure which or how exactly to debug this > dependency issue > > TASK [install ntpd if missing] > ** > task path: /home1/user/ansible_ccm/playbooks/ntpd/main.yml:15 > Friday 22 July 2022 11:10:46 -0700 (0:00:01.705) 0:00:01.731 > *** > Friday 22 July 2022 11:10:46 -0700 (0:00:01.706) 0:00:01.730 > *** > Running ansible.legacy.yum > Using module file > /u/user/ansible/lib/python3.10/site-packages/ansible/modules/yum.py > Pipelining is enabled. > ESTABLISH LOCAL CONNECTION FOR USER: root > EXEC /bin/sh -c > 'PYTHONPATH=/u/user/ansible/lib/python3.10/site-packages/:/u/mdidome1/ansible/lib64/python3.10/site-packages/ > LD_LIBRARY_PATH=/u/user/ansible/lib:/u/user/ansible/lib64 > /u/user/ansible/bin/python3.10 && sleep 0' > The full traceback is: > Traceback (most recent call last): > File "", line 16, in > File "/usr/lib64/python2.7/runpy.py", line 176, in run_module > fname, loader, pkg_name) > File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code > mod_name, mod_fname, mod_loader, pkg_name) > File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code > exec code in run_globals > File > "/tmp/ansible_ansible.legacy.yum_payload_aa9h7s_4/ansible_ansible.legacy.yum_payload.zip/ansible/modules/yum.py", > line 405, in > File > "/tmp/ansible_ansible.legacy.yum_payload_aa9h7s_4/ansible_ansible.legacy.yum_payload.zip/ansible/module_utils/urls.py", > line 116, in > File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", > line 46, in > import OpenSSL.SSL > File "/usr/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, > in > from OpenSSL import rand, crypto, SSL > File "/usr/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in > > from OpenSSL._util import ( > File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in > > from cryptography.hazmat.bindings.openssl.binding import Binding > File > "/u/user/ansible/lib/python3.10/site-packages/cryptography/__init__.py", > line 13, in > from cryptography.utils import CryptographyDeprecationWarning > File "/u/user/ansible/lib/python3.10/site-packages/cryptography/utils.py", > line 30 > def _check_bytes(name: str, value: bytes) -> None: > ^ > SyntaxError: invalid syntax > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsu
[ansible-project] Ansible GCP dynamic Inventory Plugin How to pass Project ID
Hi Everyone, I am using the dynamic inventory file for setting up Ansible for running configurations in GCP # inventory.compute.gcp.yml plugin: gcp_compute # name the plugin you want to use (use `ansible-doc -t inventory -l` to list available plugins) projects: - # Id of your gcp project regions:# regions from your project you want to fetch inventory from (you can also use zones instead of regions if you target one or several specific zones) - filters: [] auth_kind: serviceaccount # gcp authentication kind. with service account you should provide the service account json key file to authenticate service_account_file: .json # Service account json keyfile How do I set the project_id as a variable?how can I pass the project ID from CLI when executing an ansible playbook? does ansible support jinja templating for inventory file? Please advise -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7d3c4545-9494-4535-8554-01643c604940n%40googlegroups.com.