Re: [ansible-project] template backups in conf.d style locations
Shouldn't such programs have a filter exclude setting? dpkg and rpm will both place temp files into .d style folders, while installing a package. I can't speak as to what temp extension rpm uses, but dpkg will create a $file.dpkg-new or $file.dpkg-old in such a folder. Plus, vim creates .$file.swp. So, it seems that these other programs will already need to have a way to exclude those files, and ansible should(or might already be) do something similar. On 10/14/2014 03:50 AM, Josef Špak wrote: I've just been auditing things and found that sometimes we used the template module with backups=yes even though it was configuring e.g. logrotate stuff in /etc/logrotate.d/ However, programs like logrotate may/will read all files in the directory, including the backups. So perhaps this would be a useful tip. I was also wondering - did anyone get burned by this? Josef -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4e462ee4-1802-44d0-905c-a8c04d4801d3%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/4e462ee4-1802-44d0-905c-a8c04d4801d3%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/543D50B0.1010402%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] No color when running ansible SSH as an argument
Use ssh -t On 10/14/2014 12:55 PM, Kevin Burton wrote: If I ssh into a box , interactively, then run ansible, I get color, without any issue. However, if I run it as a batch command, like: ssh rele...@myserver.com ansible-playbook ... Then it doesn't have color. The TERM is setup correctly and the same as when I run ssh interactively. Any advice? -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dfbf5fcd-43a4-4013-b5d9-d7f0c71fd84f%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/dfbf5fcd-43a4-4013-b5d9-d7f0c71fd84f%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/543D645D.7040803%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Unable to figure out arrays
- name: foo shell: echo {{ users[item].name }} with_items: - alice - bob On 10/10/2014 01:59 AM, Michael Bushey wrote: Thanks for your response Michael. I've already read through that page a few times. It does not work for me because I need an array of users, and then I need to be able to select which user have access to each class of server. This method would give every user access to every machine. I need to be able to specify something like with items - users.alice - users.bob and not have carol included. On Thu, Oct 9, 2014 at 11:20 PM, mvermaes mverm...@gmail.com wrote: Hi Michael, I think you want something like: --- - name: Set up users hosts: localhost gather_facts: no vars: users: alice: name: Alice Appleworth mail: al...@appleworth.com pass: ..hash... bob: name: Bob Bananarama mail: b...@bananarama.com pass: ..hash.. tasks: - name: Add user debug: msg=Add user {{ item.key }} password {{ item.value.pass }} with_dict: users Here's the section of the docs you want - http://docs.ansible.com/playbooks_loops.html#looping-over-hashes On Friday, October 10, 2014 7:36:25 AM UTC+8, Michael Bushey wrote: I would like to be able to put my users into a list and be able to select what user has access to each machine. --- - name: Set up users hosts: localhost gather_facts: no vars: - alice: name: Alice Appleworth mail: al...@appleworth.com pass: ..hash... - bob: name: Bob Bananarama mail: b...@bananarama.com pass: ..hash.. mail: tasks: - name: Add user debug: msg=Add user {{ item.key }} password {{ item.pass }} with_items: - {{ alice }} I am not able to figure out how to get the user name, ie alice as item.key is not valid. I think this is because using {{ alice }} does not preserve the name. Does anyone know how I can structure this? I've tried putting them all under users, but with_items: users.alice does not work. Thanks in advance for any help. The docs do not seem to cover this and I've Googled Ansible arrays and dicts to the point where I'm not finding any new pages. -- You received this message because you are subscribed to a topic in the Google Groups Ansible Project group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/-TzTFS57j7A/unsubscribe. To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/90226003-8d97-4e92-8bb5-c8ec56b3717c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/54380AE6.3070902%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] is it possible to maintain order within with_ loops?
Untested, but maybe this: == - shell: {{ base_dir }} {{ item }} with_items: deploy_env.keys() | sort == And then be sure to name your keys so they sort the way you need. On 10/03/2014 12:39 PM, Guy Matz wrote: not sure what you mean . . . my data comes from json that looks like this: deploy_env = { cmd_build: [ gem install rake bundler, bundle install --deployment --without development test --path $BUNDLE_DIR ], cmd_release: [ bundle exec rake deploy:release, bundle exec rake db:migrate ] } and I loop through the cmd_* hashes with my custom iterator like: - shell: {{ base_dir }}{{ item.key }} with_12fcmds: deploy_env I need the cmd_build to come before cmd_release as defined in the json, bu it seems that somewhere along the line the json is getting turned into a dict and losing its order . . . On Fri, Oct 3, 2014 at 11:57 AM, Brian Coca brianc...@gmail.com mailto:brianc...@gmail.com wrote: have you tried |sort? -- Brian Coca Stultorum infinitus est numerus 0111011100100110010101101110001001110111011000010110011101010010011100110110110101110111001001110111 Pedo mellon a minno -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project%2bunsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CADn%2BHswakpYOn%2BepvVKsTLYPCxzTpJzCH5bG_7phOYttNQrwyQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CABnTgtU-zS6Hr9_WE6w09k%3DtpgwPme1k6MwgaAWe4t2J7CugEQ%40mail.gmail.com https://groups.google.com/d/msgid/ansible-project/CABnTgtU-zS6Hr9_WE6w09k%3DtpgwPme1k6MwgaAWe4t2J7CugEQ%40mail.gmail.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/542EE087.70904%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] apt module doesn't install module with a 'when' condition
This is a total hack, but cute when used: == tasks: - name: foo set_fact: items: {{ items.remove('something') and items or items }} == This handles the case of remove() returning true or false, depending on the implementation language returning nothing, true when the list was modified, and false when it wasn't. This combines elements of ansible( set_fact ), jinga2( {{ ), and python( .remove() ) In all honesty, I really don't like these kinds of hacks. I don't like that the underlying implementation language(python) leaks into the variable expansion language(jinga2), as it makes reimplementation difficult. On 10/02/2014 02:17 PM, James Cammarata wrote: Nothing fishy at all - there is an optimization for certain modules (primarily apt and yum) where items are combined into a single execution. This makes these modules way more efficient, since the underlying package management systems are able to handle a list of package names at once just as easily. But yes, the bug appears to be that some later conditional check is incorrectly being evaluated to make the task be skipped rather than run. As Matt mentioned above, there is a per-item check with the conditional to remove individual items, which I *believe* should be the only conditional check when the items have been merged into a list like this. On Thu, Oct 2, 2014 at 1:09 PM, Josh Smift j...@care.com mailto:j...@care.com wrote: JC Yes, here's a simple reproducer: JC JC - hosts: localhost JC gather_facts: no JC vars: JC test: ['a', 'b'] JC tasks: JC - shell: echo -e 'a\nb\nc' JC register: result JC - debug: var=result JC - name: do it JC yum: name={{item}} JC with_items: result.stdout_lines JC when: item in test JC JC The output of the do it task is: JC JC TASK: [do it] JC * JC skipping: [127.0.0.1] = (item=a,b) This seems fishy to me. Wouldn't you expect an item=a and an item=b line? Does item=a,b imply that it's checking to see if the string a,b is in test (which it isn't)? Indeed, if you replace 'yum: name={{item}}' with 'debug: var=item, you get different results: TASK: [do it] * ok: [localhost] = (item=a) = { item: a } ok: [localhost] = (item=b) = { item: b } skipping: [localhost] = (item=c) Is it surprising that debug treats the items as a list elements, but yum treats them as a comma-separated string of elements? -Josh (j...@care.com mailto:j...@care.com) This email is intended for the person(s) to whom it is addressed and may contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use, distribution, copying, or disclosure by any person other than the addressee(s) is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email and delete the message and any attachments from your system. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project%2bunsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/21549.38122.295125.36977%40gargle.gargle.HOWL. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFj6DAR0ohof_GBN9Kbx_rjnNw_5ejbxR6Jabdm7MfOLbQ%40mail.gmail.com https://groups.google.com/d/msgid/ansible-project/CAMFyvFj6DAR0ohof_GBN9Kbx_rjnNw_5ejbxR6Jabdm7MfOLbQ%40mail.gmail.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit
Re: [ansible-project] Totally Stuck...
You can't call sudo from the shell module. The play would normal be like this: tasks: - name: foo sudo: true sudo_user: root file: state=directory dest=/tcp/core On 09/29/2014 02:56 PM, Tiglath wrote: Thank you for your reply. I did not explain myself too well. Sorry. I don't need SSH authentication, only sudo. So we have two authentications. SSH proceeds without password using keys, but sudo needa a password, which I give at the prompt. What other password is it waiting for, as mentioned in the error message? On Monday, September 29, 2014 3:37:25 PM UTC-4, Timothy Gerla wrote: -- $: ansible venus - -i hosts -m shell -a mkdir /tmp/core; cd /tcp; sudo mv /tmp/core . --sudo -K sudo password: pwd Looks like you are asking to be prompted for a sudo password ('-K') but not an SSH password ('-k') -- so it's not going to be trying for password auth. -Tim -- Tim Gerla t...@gerla.net javascript: -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/12ac254d-f4bd-407d-ad46-509e9a33e2c1%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/12ac254d-f4bd-407d-ad46-509e9a33e2c1%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5429BB50.705%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: IMPORTANT HEADS UP: If running from devel branch, now using submodules
Bother. I saw those emails(one request, 2 emails). However, I was rather surprised that my 6026 pull request hadn't yet been merged. I thought it would have been rather simple. It's been over 6 months, with no updates at all, and suddenly this is closed. How do I know if I go and do even *more* work, to rebase-onto(or email-patch/import) with git, that this change won't still be completely ignored. For reference, this updated the mount task so that swap entries are treated like other filesystems, in that swapon/swapoff are called. On 09/29/2014 04:15 PM, Michael DeHaan wrote: I've just made nodes and retired a reasonably large set of tickets. You should have GitHub notifications if this affects you. Help moving things to new repos is greatly appreciated so let us know if there are questions! Thanks! On Sun, Sep 28, 2014 at 12:32 PM, Michael DeHaan mich...@ansible.com mailto:mich...@ansible.com wrote: And I've just pushed a few additional fixes (E) Ansible will be happy if there is no configured module path, before at least an empty one was required, but if there was no ansible.cfg, it got confused (F) I've fixed a problem where the powershell module 'setup' got found before the Python one. Now '.py' modules are searched unless it's a Windows module, then '.ps1' are searched, but the streams are never crossed. On Sun, Sep 28, 2014 at 11:46 AM, Michael DeHaan mich...@ansible.com mailto:mich...@ansible.com wrote: Regarding the gist, I'm going to talk through the helpful gist thing with James and Toshio Monday. Should that work out - and I'm sure it will - we can definitely include that in a stub thing, and then provide comments on all the tickets. It's pretty cool that it's been possible to get that as standardized. Still have yet to determine what to do with bug tickets, but that will probably be to look at the docs page, figure out if it's core or extras, and open it on the right repo. We also have to get ansibot also working on those repos - easy enough - to provide the usual boilerplate, and also to suggest to those opening tickets on the main project that they MAY want to open one on the others instead. On Sun, Sep 28, 2014 at 11:41 AM, Michael DeHaan mich...@ansible.com mailto:mich...@ansible.com wrote: (D) I've added the configured module path to the output of ansible --version, in case someone has configured modules in their local checkout to override modules in the checkouts, we'll be able to see what those paths are in the bug reports. On Sun, Sep 28, 2014 at 11:36 AM, Michael DeHaan mich...@ansible.com mailto:mich...@ansible.com wrote: Ok, a few things done just now: (A) merged Will's patch to docs (thanks!) (B) merged Will's patch to add --version details for the submodules, which will be huge. I also tweaked it to understand what to do if there were no submodules. (C) I've tweaked the runtime code if a module is not found to look for the 'ping' module. If the 'ping' module can't be found, we know that submodule updates never happened. This should prevent development branch users who use GitHub, but don't know about this list, from getting confused about module paths not working -- which should make things rather self documenting. On Sun, Sep 28, 2014 at 11:18 AM, Michael DeHaan mich...@ansible.com mailto:mich...@ansible.com wrote: Awesome, digging in on these now. On Sat, Sep 27, 2014 at 9:10 PM, Will Thames w...@thames.id.au mailto:w...@thames.id.au wrote: Raised https://github.com/ansible/ansible/pull/9185 for the trivial doc fix (thanks Brian for the tip) I've managed to update all my module based PRs - it's definitely not easy to reproduce a set of commits from one repo to another (to be honest it's probably just easier to copy the fix and commit log if it's only a single commit which most PRs will typically be) - I only had two PRs which were module affecting though. The instructions in my gist do include rebasing against a currently quite recent version of devel (i.e. the last before the modules were removed from core) and if they
Re: [ansible-project] Progress bars
Something like Play (7 of 12) Task (4 of 15). There's no way to have any kind of time estimate, but a simple X of Y count seems useful. On 09/05/2014 04:52 PM, Jason Harris wrote: On Friday, September 5, 2014 8:56:13 PM UTC+2, Michael DeHaan wrote: Thanks, I've locked the topic to save folks from trying to comment on it, as we don't see those comments. Well, at least it was a place where people could feel they could leave some sort of feedback and feel they could say Yes... we really really want this feature... I guess we just bring this up periodically in the forums then? This isn't really possible in any sort of clean way and we've explained why already on several occasions. Well surely at the top level having a progress bar for the whole playbook is possible? There is nothing technical stopping that. Right? And surely when we have async tasks right now (which I use) instead of just printing down the screen right now something like: TASK: [bitnami_rubystack | Install rubystack] * job 409801362883.2948 polling, 990s remaining job 409801362883.2948 polling, 980s remaining job 409801362883.2948 polling, 970s remaining job 409801362883.2948 polling, 960s remaining job 409801362883.2948 polling, 950s remaining job 409801362883.2948 polling, 940s remaining job 409801362883.2948 polling, 930s remaining job 409801362883.2948 polling, 920s remaining It could have a better output where there is just a single line which is counting down? Also with the async process can't the last line of the current task be captured and displayed? and just written over each time? sort of like periodically doing the async connect and grabbing 'tail --lines 1 progresslog and displaying that? I don't know the details but there must be something that can be done! and it is very very clear that users want something like this. I wanted it from practically the moment I started using ansible and it is likely my top issue with ansible. (In any case thanks for ansible, I really like most of it!) Cheers, Jas On Fri, Sep 5, 2014 at 2:40 PM, Jason Harris jason.f...@gmail.com javascript: wrote: Hi, I just wanted to bring up progress bars again and monitoring of long running tasks. There is something approaching 50 +1's to the bug report / request https://github.com/ansible/ansible/issues/3887 https://github.com/ansible/ansible/issues/3887 It would be really nice to have progress bars at various levels. When running a playbook and you are not debugging it, it would be very nice to have the option to be able to instead of getting screenfuls of output to instead have a progress bar, much like git or mercurial do (and details would just be sent to some log file). Eg to see a video of the kind of progress indicator I am talking about see: https://github.com/noamraph/tqdm https://github.com/noamraph/tqdm On the other extreme it would be nice to have progress indicators / feedback mechanisms for some of the really long running tasks to figure out if they have hung or not. I don't know any of the details of the internals of ansible or how to make this work, but from the bug report this is obviously a very highly desired feature which many people want... Other threads about this: https://groups.google.com/forum/#!msg/ansible-devel/cvbyUMspqE0/DMLaYR8DfUoJ https://groups.google.com/forum/#%21msg/ansible-devel/cvbyUMspqE0/DMLaYR8DfUoJ Thanks, Jason -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com javascript:. To post to this group, send email to ansible...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dded9e93-da99-49ad-80ad-167eb21919e5%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/dded9e93-da99-49ad-80ad-167eb21919e5%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit
Re: [ansible-project] recursively create symlinks with relative paths
On debian, I could install the program 'symlinks'. I don't know if it is available elsewhere. It might be able to help. On 08/05/2014 12:05 PM, Dan Vaida wrote: Hello guys, I am trying to get my head around parsing a folder for its files and creating symlinks for those files found (depth 0) and place them in another directory. Example: parse sites-available/ and create symlinks in sites-enabled/ with relative paths. I know one can just use the command/shell modules or even create a task and register the result of a 'ls' command for example and then parse them... but what about the relative path? One could also use a script like Apache provides for example: a2ensite but what about NGINX? Trying now the 'with_fileglob' but the task just skips... Cheers. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2ef77293-7eaf-4c73-8a9e-72ca62b4aef1%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/2ef77293-7eaf-4c73-8a9e-72ca62b4aef1%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/53E10F33.6010303%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] with_items and array concatenation?
On 06/04/2014 04:47 PM, Dmitry Makovey wrote: with_items: groups[A] ansible uses jinga2. Look up that syntax. Then, off the top of my head, may not be exactly right, but: groups[A].concat(groups[B]) | set | list Some of that is python syntax(the contact, check jinga2 and python docs), and the |set|list is jinga2. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/538F94A6.1030402%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Users - passwords - not getting it
On 05/28/2014 11:32 AM, Brian Dunbar wrote: mkpasswd --method=SHA-512 That runs mkpasswd with stdin unattached. If you run it manually, you'll see it prompting for a password. If you run it multiple times, and keep hitting enter(simulating a disconnected stdin), then you'll get different values each time. This is due to a random salt being used($6 is the type of hashing, then the second $$ is the salt). -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/53861B16.2090609%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Run a command on just 1 server (like pause)
By default, ansible looks for tasks in $PWD. tasks are sent to the remote host, and don't run local. If you create ansible.cfg in $PWD, and override defaults.library, then you can have local modules; these run on the local machine. The following works when ansible is installed thru a package manager(I use debian): cat $work_tree/ansible.cfg == [defaults] library = /home/adam/code/$shared_ansible_repo/library:/usr/share/ansible roles_path = /home/adam/code/$shared_ansible_repo/roles == On 05/14/2014 04:07 PM, Michael Peters wrote: I feel like I'm missing something, but I couldn't find it in the documentation. Please feel free to RTFM me. I was just playing around with the pause module in a playbook and noticed that it only ran on a single host no matter how many hosts were being executed in the play. That makes sense because pausing on multiple machines would just be silly. The real question is how do I do that explicitly in my own tasks? I have a lot of places in playbooks where I have data that needs to be inserted on some centralized storage (like a database or files on an NFS server, etc). At best this data is pointless to insert/update multiple times. And most of the time it's difficult to make sure it's done in a idempotent way (think ALTER statements in SQL migrations). Currently I deal with this by breaking up my playbook into multiple plays where most of the tasks are in parallel, then another play is done in serial with just 1 host at a time with some pre-condition checks to see if it needs to be run and skipping it when it doesn't. This has the effect of the first host through the serial section does the work and every other host gets a turn to waste cycles checking that it actually happened. Then after the critical section is done the rest of the tasks are done in a parallel play. If I could just explicitly label a task as just run this on the first server in the group like the pause module does I'd be really happy. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5373DE76.9090803%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Run a command on just 1 server (like pause)
Nope, to this one. If you want to run something on the current machine, where ansible is running, you need to write a module, which would reside in the library. Ansible doesn't look in $PWD for modules, like it does for tasks. If you are running a module on the local machine, then you can do things like pause does, where it only runs once. On 05/14/2014 05:15 PM, Michael DeHaan wrote: The multiple play method is correct because the tasks would not be executed for every host in the host loop. Pause is a bit of an exception. (Sidenote, it appears Adam is replying to another question above I think?) On Wed, May 14, 2014 at 5:21 PM, Adam Heath a...@brainfood.com mailto:a...@brainfood.com wrote: By default, ansible looks for tasks in $PWD. tasks are sent to the remote host, and don't run local. If you create ansible.cfg in $PWD, and override defaults.library, then you can have local modules; these run on the local machine. The following works when ansible is installed thru a package manager(I use debian): cat $work_tree/ansible.cfg == [defaults] library = /home/adam/code/$shared_ansible_repo/library:/usr/share/ansible roles_path = /home/adam/code/$shared_ansible_repo/roles == On 05/14/2014 04:07 PM, Michael Peters wrote: I feel like I'm missing something, but I couldn't find it in the documentation. Please feel free to RTFM me. I was just playing around with the pause module in a playbook and noticed that it only ran on a single host no matter how many hosts were being executed in the play. That makes sense because pausing on multiple machines would just be silly. The real question is how do I do that explicitly in my own tasks? I have a lot of places in playbooks where I have data that needs to be inserted on some centralized storage (like a database or files on an NFS server, etc). At best this data is pointless to insert/update multiple times. And most of the time it's difficult to make sure it's done in a idempotent way (think ALTER statements in SQL migrations). Currently I deal with this by breaking up my playbook into multiple plays where most of the tasks are in parallel, then another play is done in serial with just 1 host at a time with some pre-condition checks to see if it needs to be run and skipping it when it doesn't. This has the effect of the first host through the serial section does the work and every other host gets a turn to waste cycles checking that it actually happened. Then after the critical section is done the rest of the tasks are done in a parallel play. If I could just explicitly label a task as just run this on the first server in the group like the pause module does I'd be really happy. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project%2bunsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5373DE76.9090803%40brainfood.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzV9WFUC3v7fz0L6iYpR58T_edMNCO_dphKVLv0TNXX1A%40mail.gmail.com https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzV9WFUC3v7fz0L6iYpR58T_edMNCO_dphKVLv0TNXX1A%40mail.gmail.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5373ECF2.9070405%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] apt returns: No package matching... but apt-get install on managed host works
Multi-arch? Aka, this is a 64-bit machine, but that package is only available on i386, and the idempotent ansible apt module isn't capable of dealing with that? On 04/11/2014 01:21 PM, Todd Sampson wrote: I'm fairly new to Ansible. I really like it but can't get past this show stopper. If anyone can offer any hints, I sure would appreciate it. The package I'm trying to install is my own. Something may be wrong with it but it installs fine with apt-get. Normal packages install OK. Running */apt-get/* */install /*from the shell works but running */apt /*does not work. apt is like a black box. I can't find any way to debug it. I can find messages in /var/log/auth.log. They all look good. syslog has: Apr 11 10:56:46 station1 ansible-apt: Invoked with dpkg_options=force-confdef,force-confold upgrade=None force=False package=m9kpdc-static purge=False state=installed update_cache=False pkg=m9kpdc-static default_release=None install_recommends=True cache_valid_time=None Nothing gets written to /var/log/dpkg.log _*Versions:*_ ansible: 1.5.4 All hosts: Ubuntu 12.04LTS *_Details_* *Installing a package with apt fails:* dfr@master:~$ ansible station1 -m apt -a pkg=m9kpdc-static state=installed station1 | FAILED { failed: true, msg: *No package matching 'm9kpdc-static' is available* } *Installing a package with apt-get works:* dfr@master:~$ ansible station1 -m shell -a apt-get install m9kpdc-static -K sudo password: station1 | success | rc=0 Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: m9kpdc-static:i386 0 upgraded, 1 newly installed, 0 to remove and 37 not upgraded. Need to get 0 B/1068 kB of archives. After this operation, 0 B of additional disk space will be used. Selecting previously unselected package m9kpdc-static:i386. (Reading database ... 78241 files and directories currently installed.) Unpacking m9kpdc-static:i386 (from .../m9kpdc-static_2.2_i386.deb) ... Processing triggers for ureadahead ... Setting up m9kpdc-static:i386 (2.2) ... Post-install starting m9kpdc *Package is available:* dfr@master:~$ ansible station1 -m shell -a apt-cache search m9kpdc-static station1 | success | rc=0 m9kpdc-static - Utility Systems Phasor Data Concentrator. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com mailto:ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fea70dda-5788-4b07-a02e-a4df0788c398%40googlegroups.com https://groups.google.com/d/msgid/ansible-project/fea70dda-5788-4b07-a02e-a4df0788c398%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/53485285.2040607%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] apt returns: No package matching... but apt-get install on managed host works
It'd be nice if ansible could be smarter here, I'm certain they would take a patch. I am not a member of the project, just another user. On 04/11/2014 04:36 PM, Todd Sampson wrote: Thanks Adam! Wow. That was a big help. I forced apt to get the i386 version by setting pkg=m9kpdc-static:i386 and now it works. Thanks for taking the time to help! Todd On Fri, Apr 11, 2014 at 4:37 PM, Adam Heath a...@brainfood.com mailto:a...@brainfood.com wrote: Multi-arch? Aka, this is a 64-bit machine, but that package is only available on i386, and the idempotent ansible apt module isn't capable of dealing with that? -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/53486293.1060903%40brainfood.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Firewall Module?
There are too many ways of maintaining a firewall, across all types of admins, OS, etc. However, I make use of a firewall role, I set ports when I attach it to a host, and then, I made an executive decision that the 'app' I'm configuring will use a particular type of firewall software. However, I still allow for some variant across at least debian and redhat; I use a when: in my role, and key off ansible_pkg_mgr(== 'yum' or 'apt'). I really don't think it would be possible to have a completely generic 'firewall' module that handles all cases. On 03/04/2014 10:51 AM, Aaron Hunter wrote: Plus, the aforementioned groups that want to maintain their own firewall configurations, which we suggest, and you can see an example of here: https://github.com/ansible/ansible-examples/blob/master/lamp_haproxy/roles/common/templates/iptables.j2 https://github.com/ansible/ansible-examples/blob/master/lamp_haproxy/roles/common/templates/iptables.j2 I disagree with the approach taken in this link because I do not want to use the persistence file (ferm or ufw are much better) and because I don't think their use of if/then is good design (see http://www.refactoring.com/catalog/replaceConditionalWithPolymorphism.html). But this isn't really important. I think the ferm approach used here is the best approach: http://wiki.gema-soft.de/doku.php?id=it-administration:tools:ansible:ferm Having each role add its own ferm snippet maintains encapsulation (no hard to maintain if/then blocks) and uses a proper firewall management tool. The problem is that since there is no global notification there is no way to signal to Ansible to run the handler at the end. That is why I asked about a module. A chinstrap role that James mentions could work but it has no way of knowing that a change has taken place (ie., a new snippet was added, changed, or removed). At least none that I know of. The alternative is simply to make the chinstrap role at the end always fire which would work but you then lose idempotency. A global notify would enable this. This is at least one case where it is needed. There are probably more cases in which a final run cleanup step could be useful. In fact, global handlers would have come in useful many times in my experience. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/15300865-3d24-4675-a270-92a24baaa49c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/53160699.8010603%40brainfood.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Specify host for a playbook task
delegate_to: On 03/03/2014 02:51 PM, Michael Mahemoff wrote: Is there any way to override the current host for a given task? I want to set up a recurring database copy, so I need to run some commands within a playbook (all of which apply only if a variable is turned on at the command-line). This sequence would begin by dumping the source database and copying it, so it needs to be a different hostname from the one being processed. I tried host hosts hostnames but none worked. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9563e962-9298-48ad-87df-162b63f126cd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5314ED1A.3020606%40brainfood.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Re: YUM: Much slower in ansible than on the cli
For yum, I disable fastestmirror, set hard-coded repo sites, then configure an http_proxy. For apt, I set hard-coded repo sites, then configure an http_proxy. This seems much lighter weight then cloning an entire OS distribution, when most packages aren't going to be installed anyways. ps: if you leave fastestmirror enabled, then the download site will change randomly, so a proxy is worthless. Also, the centralized site that fastestmirror talks to seems to be highly unstable, and returns spurious errors, which cause the ansible yum module to abort, but only sometimes. This isn't a bug in ansible, but in the yum python module that ansible uses. On 02/27/2014 07:15 AM, Michael DeHaan wrote: We've been through this discussion a bit before, and we believe the repoquery needs to be there. I'm a bit more curious about why you are spending so much time in the operation and most people are not. When using yum in any sort of important setup, I almost always create a yum mirror with reposync, etc, and even in our testing, we're not seeing any major timing issues with the yum options at all. yum_rhn_plugin can sometimes be a very very different story (hence even more reason to mirror content). -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/530F7A50.8070902%40brainfood.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Re: YUM: Much slower in ansible than on the cli
Sure, but it's easier in debian, as snapshot/backports are also mirrored. On 02/27/2014 12:17 PM, Michael DeHaan wrote: Was talking about yum. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/530F818E.8060006%40brainfood.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Resolve nested variable in template
On 02/19/2014 10:11 AM, Serge van Ginderachter wrote: On 19 February 2014 15:03, Khuong Dinh Pham khuon...@gmail.com mailto:khuon...@gmail.com wrote: Vars: environements: [trunk, dev01] my_trunk_port: 8080 my_dev01_port: 8180 Template: {{ my_{{ env }}_port }} try something like this: {{ hostvars[inventory_hostname][ my_ + env + _port] }} Hmm, much better than my convoluted example. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Re: Resolve nested variable in template
vars: port_vars: my_trunk_port: 8080 my_dev01_port: 8180 my_dev02_port: 8280 my_dev03_port: 8480 - set_fact: my_ports: {} - pause: seconds=0 when: (my_ports[item[0].substring(3).substring(0,len(item[0]) - 3)] = item[1]) and false or false with_items: port_vars.items() - debug: msg={{ my_ports['trunk'] }} On 02/19/2014 10:05 AM, Khuong Dinh Pham wrote: Hi Thx for the answer. But this is not a option here. The vars is already defined in this format: my_trunk_port: 8080 my_dev01_port: 8180 my_dev02_port: 8280 my_dev03_port: 8480 and then I have an env var [trunk, dev01, dev02..] to construct the final var name Den onsdag den 19. februar 2014 15.03.59 UTC+1 skrev Khuong Dinh Pham: Hi I want to generate the variable names based on another variable value. Something like this: Vars: environements: [trunk, dev01] my_trunk_port: 8080 my_dev01_port: 8180 Template: {{ my_{{ env }}_port }} -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Custom item output
I find this annoying too. +1 on my vote. On 02/12/2014 12:55 PM, Rumen Telbizov wrote: Hello ansible list, Here's a quick question that I was trying to find an answer for. Maybe I am missing the obvious but I can't find a way to control the output of the item variable during a loop (with_items) while the playbook is running. Example: changed: [s1.server.com http://s1.server.com] = (*item=/path/to/something*) This shows what the current item of the current loop iteration looks like. It might be a very large json object and could clobber the output screen with unnecessary information. I would like to be able to control exactly what is been output. Is it possible to do this? Thank you in advance, -- Rumen Telbizov Unix Systems Administrator http://telbizov.com -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] ERROR: AsciiDoc 'a2x' command is not installed but is required to build
root@urk:~# apt-file search bin/a2x asciidoc: /usr/bin/a2x And yum search asciidoc comes up with results. Does rpm.spec have a way to list a series of build dependencies? I'm a Debian guy, and that would be done thru debian/control:Build-Depends On 02/05/2014 11:28 AM, Yuri Lukyanov wrote: The recent devel branch requires a2x to make rpm. sed s/%VERSION%/1.5/ docs/man/man1/ansible-pull.1.asciidoc.in docs/man/man1/ansible-pull.1.asciidoc ERROR: AsciiDoc 'a2x' command is not installed but is required to build docs/man/man1/ansible.1 docs/man/man1/ansible-playbook.1 docs/man/man1/ansible-pull.1 docs/man/man1/ansible-doc.1 make: *** [docs/man/man1/ansible-pull.1] Error 1 rm docs/man/man1/ansible-pull.1.asciidoc What am I supposed to do about that? -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] ERROR: AsciiDoc 'a2x' command is not installed but is required to build
On 02/05/2014 12:30 PM, Michael DeHaan wrote: Asciidoc produces no results on what platform? Confused by your apt-file command above. == apt-get install apt-file apt-file update == This will download the Contents-$arch.gz files from your debian mirror, then build an index of file-package mapping. I used this to guess as to which package might contain that program, because I don't know how to do the same on redhat-based machines. I then jumped onto a CentOS install, and did a search for the asciidoc package, to verify it was available. It could be added to BuildRequires, though this is more for packaging relative to the tarball. Yes, that's what he was attempting. If a required package is needed, then it should be added to the distributation-specific way. For reference, this *is* specified in debian/control:Build-Depends in current ansible-git master. On debian, dpkg-checkbuiddeps will read debian/control, and tell you what you need to install. I don't know if rpm has something similar. The build system will attempt to do this prior to building the RPM (and we are ok with this, because RPM is only one of many things we use and should not drive the build system) Sure. But if someone actually *does* want to build an rpm, shouldn't the requirements for doing so be documented? I'm confused by what you meant here. We do make rpm from checkout, which calls the docs target. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] ERROR: AsciiDoc 'a2x' command is not installed but is required to build
On 02/05/2014 12:31 PM, C. Morgan Hamill wrote: Excerpts from Adam Heath's message of 2014-02-05 13:24:48 -0500: root@urk:~# apt-file search bin/a2x asciidoc: /usr/bin/a2x And yum search asciidoc comes up with results. Does rpm.spec have a way to list a series of build dependencies? I'm a Debian guy, and that would be done thru debian/control:Build-Depends In the spec file, 'BuildRequires: asciidoc' in the metadata section at the top of the file. == 12:46:49 -0600 adam@ansible-bf[7]:~/code/ansible/eigood-ansible(work)$ grep asciidoc -c packaging/rpm/ansible.spec 0 == So there you go. Debian has it listed for a dependency, but the rpm spec does not. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Configuring Ansible to run play books through a bastion host on aws/ec2
I've had musings on that too. Currently, I think you'd have to manually configure $HOME/.ssh/config, with ProxyCommand. However, I just had a thought. What if there was an ansible_ssh_proxy=$other_inventory_host feature? When set, ansible would auto-add the -o ProxyCommand=$something. This is just some random brainstorm ramblings. On 02/05/2014 12:59 PM, Jeff Lord wrote: Hello, I am building out an env in AWS using ansible and would like to configure all of my hosts by running through a single bastion host which has port 22 open. Laptop - AWS Bastion - AWS private network instances Is there a good example of how to configure the proxy around? Thank You in advance, -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Configuring Ansible to run play books through a bastion host on aws/ec2
I just looked over ssh.py and ssh_old.py; if I were to actually want to sit down and do this, I would factor those 2 classes, into a common base class, then introduce a third version that supported ProxyCommand. ps: I notice something odd in the two files above: == -def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=False, su_user=None): +def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False): == Why is the order of the last 2 args reversed for those two files? Seems like it might cause some confusion. On 02/05/2014 01:51 PM, Adam Heath wrote: I've had musings on that too. Currently, I think you'd have to manually configure $HOME/.ssh/config, with ProxyCommand. However, I just had a thought. What if there was an ansible_ssh_proxy=$other_inventory_host feature? When set, ansible would auto-add the -o ProxyCommand=$something. This is just some random brainstorm ramblings. On 02/05/2014 12:59 PM, Jeff Lord wrote: Hello, I am building out an env in AWS using ansible and would like to configure all of my hosts by running through a single bastion host which has port 22 open. Laptop - AWS Bastion - AWS private network instances Is there a good example of how to configure the proxy around? Thank You in advance, -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Configuring Ansible to run play books through a bastion host on aws/ec2
On 02/05/2014 02:31 PM, Matt Martz wrote: I use bastions for nearly all of my communication with servers. It is all done via my ~/.ssh/config file. Something like: Host bastion User myuser HostName bastion.example.org ProxyCommand none IdentityFile ~/.ssh/id_rsa BatchMode yes PasswordAuthentication no Host * ServerAliveInterval60 TCPKeepAlive yes ProxyCommand ssh -qaY bastion 'nc -w 14400 %h %p' ControlMaster auto ControlPath~/.ssh/mux-%r@%h:%p ControlPersist 8h In ~/.ansible.cfg I then have [ssh_connection] ssh_args = -o ControlPersist=15m -F ~/.ssh/config scp_if_ssh = True control_path = ~/.ssh/mux-%%r@%%h:%%p Nothing else required. I execute ansible and all my connections go through the bastion. Your Host * might benefit from being more targeted. In any case, I also have to use these same configs for normal SSH access, so for me it makes sense to just have them in my ssh config. I really don't see a need to modify anything within Ansible to do this. When ansible is configured to auto-create a cluster of brand new virtual machines, all connected to a brand new auto-generated vlan, and all behind a single front-end router(again, also a virtual machine), then a series of test cases are run on this isolated universe of machines, then the entire virtualized cluster is thrown away. The machines in the isolated cluster will have the exact same address as *real* internet servers, so it's not possible at all to connect to them directly. You'd have to auto-generate the config file for ssh in this case. ps: Someone kick me later to publish my opennebula dynamic inventory script, and opennebula task(support for template instantiate, vm delete) I'd need to rewrite the the former from perl to python, and the later from shell to python. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Conditionals - when: var1 and var2 is defined works in a weird way
false != false. You have a string/boolean issue. Aka, the var1 is not the boolean value false, but the string value false. On 02/03/2014 06:32 PM, Roman Revyakin wrote: Hi, I am not sure whether someone has come across this issue previously - trying to search the group for 'when' and 'is defined' did not yield me anything useful. So I am posting it as a new topic here. I have encountered that in case I use 'when:' clause where I need to test whether one variable is set to 'true' and another one is defined, the following playbook triggers action even if the first variable is 'false': cat test_playbook.yaml EOF --- - hosts: all gather_facts: false tasks: - name: Play only if var1 is true and var2 is defined local_action: command echo Yes {{ var1 }} is true and {{ var2 }} is defined when: var1 and var2 is defined EOF $ ansible-playbook -i host -v test_playbook.yaml --extra-vars var1=false var2='something' PLAY [all] TASK: [Play only if var1 is true and var2 is defined] * changed: [localhost] = {changed: true, cmd: [echo, Yes false is true and something is defined], delta: 0:00:00.003256, end: 2014-02-04 11:19:56.720699, rc: 0, start: 2014-02-04 11:19:56.717443, stderr: , stdout: Yes false is true and something is defined} PLAY RECAP localhost : ok=1changed=1unreachable=0failed=0 Only if I change the conditions to be supplied on separate 'when:' lines, it works as expected: cat test1_playbook.yaml EOF --- - hosts: all gather_facts: false tasks: - name: Play only if var1 is true and var2 is defined local_action: command echo Yes {{ var1 }} is true and {{ var2 }} is defined when: var2 is defined when: var1 EOF $ ansible-playbook -i host -v test_playbook.yaml --extra-vars var1=false var2='something' PLAY [all] TASK: [Play only if var1 is true and var2 is defined] * skipping: [localhost] PLAY RECAP localhost : ok=0changed=0unreachable=0failed=0 $ ansible-playbook -i host -v test_playbook.yaml --extra-vars var1=true var2='something' PLAY [all] TASK: [Play only if var1 is true and var2 is defined] * changed: [localhost] = {changed: true, cmd: [echo, Yes true is true and something is defined], delta: 0:00:00.002733, end: 2014-02-04 11:22:20.289360, rc: 0, start: 2014-02-04 11:22:20.286627, stderr: , stdout: Yes true is true and something is defined} PLAY RECAP localhost : ok=1changed=1unreachable=0failed=0 However in this case it fails (not skips) when the var2 is undefined and var1 is true, which is not really a desired behaviour: $ ansible-playbook -i host -v test_playbook.yaml --extra-vars var1=true PLAY [all] TASK: [Play only if var1 is true and var2 is defined] * fatal: [localhost] = One or more undefined variables: 'var2' is undefined FATAL: all hosts have already failed -- aborting PLAY RECAP to retry, use: --limit @/Users/roman/test_playbook.yaml.retry localhost : ok=0changed=0unreachable=1failed=0 The order of 'when's also matters, in case their order is reverted like follows when: var1 when: var2 is defined the playbook starts behaving like in the first example where 'when' conditions were supplied on one line using the 'and' operator. If I use when: var1==true and var2 is defined the playbook would skip the action even all conditions are satisfied: $ ansible-playbook -i host -v test_playbook.yaml --extra-vars var1=true var2='defined' PLAY [all] TASK: [Play only if var1 is true and var2 is defined] * skipping: [localhost] PLAY RECAP localhost : ok=0changed=0unreachable=0failed=0 The docs http://docs.ansible.com/playbooks_conditionals.html#the-when-statement do not shed any more light on that strange behaviour. Thanks a lot in advance, With kind regards, Roman -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to
Re: [ansible-project] different groups with different variables using the same role in the same host
I've been using variants of dict.keys(), dict.values(), and dict.items() when utilizing with_items iteration. On 01/31/2014 09:07 AM, Guillem Liarte wrote: This works however: ## --- - hosts: moscatell tasks: - debug: msg={{ project[item] }} with_items: project_list -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] register variable being truncated
debug: msg={{ commit error }} On 01/31/2014 11:55 AM, David Gethings wrote: Hi, I am working with a custom module. Sometimes it returns an error that I want to capture and then act on in another task. I have a register set and ignore_errors set to True in the playbook. However the msg returned is being truncated to I cannot perform a 'when' conditional on its value. Below output is returned by a custom module: ok: [capella] = {failure: true, item: , msg: [{:severity=\error\,\n :message=\n \WARNING: Chassis configuration for network services has been changed. A system reboot is mandatory. Please reboot the system NOW. Continuing without a reboot might result in unexpected system behavior.\}]\n This action is in a playbook: action: debug msg={{ commit_error }} Which produces this output (when using -vvv): ok: [capella] = { item: , msg: {umsg: } Any ideas why this is happening? -- Cheers Dg -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] roles with pre_tasks and post_task
Oh, oops, my bad, I wasn't aware there was a -dev list. On 01/30/2014 04:40 PM, Paul Durivage wrote: Hi Adam, I suggest taking this to the developer list for further discussion. Features and ideas are regularly discussed there with the Ansible team. https://groups.google.com/forum/#!forum/ansible-devel https://groups.google.com/forum/#!forum/ansible-devel -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ansible-project] roles with pre_tasks and post_task
I have a patch locally that enables pre and post processing for roles. The directory names are pre_tasks and post_tasks, of course. The flow is: - hosts: targets roles: - role-1 - role-2 pre_tasks: - name: one tasks: - name: two post_tasks: - name: three and evaluates as: role-1:pre_tasks role-2:pre_tasks play:pre_tasks role-1:tasks role-2:tasks play:tasks role-1:post_tasks role-2:post_tasks play:post-tasks I use it to have a role nginx-frontend, then then wants to know about ofbiz-backend and php-backend, and other hosts that then have those roles. I then have the backend role notify a handler, that then updates /etc/hosts with the address found in $hostvars. I'm wondering if this makes sense to anyone else, and if it would be wanted? I haven't yet modified docsite, because I'm asking here first. The following examples show a complex backend registration system; I hit some snags with ordering, so I added the pre/post support for roles, which should allow the main-line tasks to then query for the list of backend mappings. I haven't yet modified my backend role(shown below) with this new feature. == examples:playbook.yml - hosts: targets accelerate: true gather_facts: true roles: - etckeeper - { role: nginx-frontend, when: inventory_hostname in (groups['frontend'] | default([])) } - { role: php-backend, when: inventory_hostname in (groups['php-backend'] | default([])) } - { role: mysql-backend, when: inventory_hostname in (groups['mysql-backend'] | default([])) } - { role: postgresql-backend, when: inventory_hostname in (groups['postgresql-backend'] | default([])) } - { role: ofbiz-backend, when: inventory_hostname in (groups['ofbiz-backend'] | default([])) } - { role: image-processor, when: inventory_hostname in (groups['image-processor'] | default([])) } == examples: nginx-frontend/meta.yml dependencies: - role: backend tags: ['nginx'] args: role: nginx-frontend roles: ['ofbiz-backend', 'php-backend'] == examples: php-backend/meta.yml dependencies: - role: backend tags: ['php'] args: role: php-backend roles: ['mysql-backend'] == examples: backend/tasks.yml - set_fact: host_roles: {{host_roles is defined and (host_roles.append(args.role) or host_roles) or [args.role]}} when: args.roles is defined - set_fact: wanted_roles: {{wanted_roles is defined and (wanted_roles.extend(args.roles) or wanted_roles) or args.roles}} notify: - roles-scan {{ args.role }} == examples: backend/handlers.yml - name: roles-scan {{ args.role }} when: item[1] in wanted_roles lineinfile: dest=/etc/hosts regexp='^\S+\s+.*?{{item[1]}}.universe' line='{{item[0].ansible_eth0.ipv4.address}} {{item[1]}}.universe' notify: - etckeeper commit register: roles_scan_result with_subelements: - hostvars.values() | selectattr('host_roles', 'defined') | list - 'host_roles' == -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Not detecting whether variable for 'user' is setup.
It's remote_user, which I think changed in 1.4. I just remember seeing that in the docs yesterday. On 01/28/2014 10:54 AM, Marcin Prączko wrote: Hi, Accually I think is still not working as expected: [vagrant@devopsadmin dir01]$ ansible --version ansible 1.4.3 Playbook: - name: Common | Ping all hosts gather_facts: no hosts: all user: {{ ssh_user }} sudo: yes vars_files: - vars/common_sshuser.yml # - # Add / Include specific task (will be run after roles) # - tasks: - ping: 0. If variable is not defined in 'vars/common_sshuser.yml' and not passed as variable in command line - ansible is trying connect with '{{ xxx }}' user to servers. 1. Setup 'error_on_undefined_vars' in ansible.cfg [vagrant@devopsadmin ansible]$ cat /etc/ansible/ansible.cfg | grep True ... error_on_undefined_vars = True Run ansible TASK: [ping ] * srv01 ESTABLISH CONNECTION FOR USER: {{ssh_user}} on PORT 22 TO srv01 srv02 ESTABLISH CONNECTION FOR USER: {{ssh_user}} on PORT 22 TO srv02 2. Use {{ssh_user | mandatory}} in play Run absible TASK: [ping ] * srv01 ESTABLISH CONNECTION FOR USER: {{ssh_user | mandatory}} on PORT 22 TO srv01 srv02 ESTABLISH CONNECTION FOR USER: {{ssh_user | mandatory}} on PORT 22 TO srv02 So for me looks like user variable in playbook is not checking whether is defined or not. Best regards, Marcin Praczko -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] git module now has sshopts and keyfile parameters
On 01/23/2014 09:37 PM, James Tanner wrote: On 01/23/2014 08:46 PM, a...@brainfood.com wrote: The accept_hostkey fails if $HOME/.ssh doesn't already exist. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. Please file a bug on github or submit a pull request. I'm new to ansible development, but not test cases, or git. I've already been installing ansible by updating my git clone, and building a fresh deb. Would such a pull request want a test case? I haven't look at all at how ansible would want that. The basic scenario is that my remote_user is root, I'm connecting to a freshly cloned opennebula centos machine, that has nothing on it, except that it allows remote root login. There is no .ssh folder, and I use no key. Later on, when I run git to check out a repo, it tries to create /root/.ssh/authorized_keys, but the folder doesn't exist. I have my own rules that create .ssh and .ssh/authoried_keys, as separate tasks, so I'm not held up; I was just trying to use the new feature. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] Re: ansible now supports su as an alternative to sudo
The following playbook doesn't do what I think it should. The su on the task stays as root. I was asked to file a bug; I could still do so. But if you think you have a handle on it, then it might just be better to past this here. cmd: ansible-playbook -i hosts.txt su-for-task-broken.yml - == hosts.txt localhost ansible_ssh_pass= current_user=adam == su-for-task-broken.yml - hosts: localhost remote_user: root tasks: - name: sudo test sudo: true sudo_user: {{ current_user }} shell: whoami register: sudo_test_result - name: su test su: true su_user: {{ current_user }} shell: whoami register: su_test_result - name: debug debug: var=sudo_test_result - name: sudo test check fail: msg=sudo didn't change to the correct user when: sudo_test_result.stdout != current_user - name: su test check fail: msg=su didn't change to the correct user when: sudo_test_result.stdout != current_user == On 01/24/2014 09:46 AM, Matt Martz wrote: I'm looking at this as well, and believe that I may have identified and fixed the issue. I'm going to talk it over with Paul (angstwad) for validation and testing. -- Matt Martz m...@sivel.net -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ansible-project] git module now has sshopts and keyfile parameters
As for tests, I have a complete test system for the internal backup tool I've written and used at $work. I basically start up a user-mode-linux instance, then mount hostfs and overlayfs, so that I can run things as root, it has no outbound network, I then start up a dummy sshd, create a dummy non-root user, then rsync/ssh to test parts of the backup tool. I had this fake-linux wrapper semi-isolated, but never actually released it. I wonder if it would help for ansible. On 01/24/2014 11:11 AM, James Tanner wrote: Tests would be really nice, but I’m not sure if we have a good pattern within the existing unit tests to accommodate this situation. If you can write something up, I would certainly review it and try it out. BTW, a bug was created this morning for the issue: https://github.com/ansible/ansible/issues/5750 On Jan 24, 2014, at 12:04 PM, Adam Heatha...@brainfood.com wrote: -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.