[ansible-project] anyone know how to pass extra_vars in tower callback via curl?
Anybody any idea how to pass in extra_vars when doing a callback request to tower? https://docs.ansible.com/ansible-tower/2.2.0/html/userguide/job_templates.html#ug-provisioning-callbacks I cant see how you can combine json blob with name=value fields in a single curl request. The response i have had from ansible support is this gist https://gist.github.com/michelleperz/fcca30f11bcaa2d1c52f which i cant see as solving the problem. -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9b51fcc4-6c20-4411-a395-61cec143c60f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Actually seemed to be not related to the use of ip. In fact changing it to use domain didnt execute the callback as the new calling machine wasnt in the inventory (we set tower to use to use private ips of AWS instances for inventory) It was proot settings in the ansible tower settings file we had to change to be false Here is Ansibles response to my email. This is a local action on the Tower host, yes? Tower is constricted with proot from executing outside a narrow range of directories. /tmp wouldn't be available. Tower also executes as the awx user locally and out of the box does not have sudo access at all. So two things are preventing this playbook from running on your Tower host: 1) sudo to root on a local run and proot prevents execution outside the playbook directory locally. I don't advise giving the awx user the ability to become root locally on Tower: that could lead to users running playbooks against localhost that could essentially do anything. Since you don't need root access to modify things in temp directories, I'd remove the "sudo: true line from your playbook. As for the inability to execute outside your playbook directories (ie: manipulate files in /tmp) Tower is designed to control other hosts, but sometimes needs to access directories outside that playbook, so you can loosen these security restraints by changing the PROOT setting in /etc/tower/settings.py to "False" and restarting the Tower service: vi /etc/tower/settings.py change: AWX_PROOT_ENABLED = True to: AWX_PROOT_ENABLED = False then issue this command to restart the service (as root): ansible-tower-service restart Let us know if you have any questions. On Monday, 30 November 2015 14:15:40 UTC, Adrian Black wrote: > > Thanks Brian > I have sent them an email however i think the issue was i was using the > private aws ip of the box rather than domain name. I changed that and now > its not erroring but also doesnt seem to be executing the callback script > as that job no longer shows up, however it does seem to be calling the > inventory script. So that's a new issue. > > > On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: >> >> for tower related issues please go to http://support.ansible.com or >> email sup...@ansible.com. >> -- >> Brian Coca >> > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3bc4c901-df4e-4423-8f20-9bc2374ec5f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Thanks Brian I have sent them an email however i think the issue was i was using the private aws ip of the box rather than domain name. I changed that and now its not erroring but also doesnt seem to be executing the callback script as that job no longer shows up, however it does seem to be calling the inventory script. So that's a new issue. On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: > > for tower related issues please go to http://support.ansible.com or email > sup...@ansible.com . > -- > Brian Coca > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9570bcee-5aa0-4955-9c0d-e1717729b5a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Help with callback to tower from AWS auto scaling script
Trying to put the bits together to get an auto scaling group in aws to come
on line and create a vm that does a callback to tower for provisionment.
The bit im getting stuck with is the callback part
According
to http://docs.ansible.com/ansible-tower/2.2.0/html/userguide/job_templates.html
you use the /usr/share/awx/request_tower_configuration.sh script as a basis
this script looks like it takes arguments so should be called somethig like
./scripts/request_tower_configuration.sh ansible.myco.com
84e2d9d26c5977c1b12eb353f1a97aa1 94
I have seen the launch config script snippet like
- name: create launch config
ec2_lc:
name: "{{ site_prefix }}-lc"
...
user_data: "{{ lookup('file',
'./scripts/request_tower_configuration.sh')}}"
that takes the contents of that file as pastes it as a blob in the
user_data field on a created vm but without the arguments you need its
useless.
i did try this too but that doesnt work
user_data: "{{ lookup('file', './scripts/site_callback.sh')
ansible.idg.co.uk 84e2d9d26c5977c1b12eb353f1a97aa1 94 }}"
anyone got a working example of how this works?
thanks
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b683524f-0ffe-4ad3-b52a-c2d66126c40a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Ansible 1.9.4, AWS Auto scaling "Launching a new EC2 instance. Status Reason: The parameter SecurityGroup is not recognized. "
Im trying to do an auto scaling group in AWS
Below is my script.
It runs and almost completes (it sets up lb, asg and lc in AWS) but times
out with
"msg: Waited too long for new instances to become viable. Mon Nov 16
15:35:31 2015"
Under AWS "Activity History" on Auto Scaling Group i get
"Launching a new EC2 instance. Status Reason: The parameter SecurityGroup
is not recognized. Launching EC2 instance failed."
I have tried looking for that message with only 2 hits in all of google so
its not a common error.
Anything im doing wrong in the below or any idea about the message?
Thanks
---
- name: sets up site on a vm on aws
hosts: localhost
connection: local
gather_facts: false
roles:
- common
- awskeys
- awsvars
vars:
machine_type: t2.medium
site_prefix: pca
server_min_size: 1
server_max_size: 2
server_desired_size: 1
aws_site_security_groups: ['http/https', 'ssh' , 'smtp']
aws_elb_security_groups: ['http/https']
tasks:
- debug: var="{{ aws_region }}"
- name: create elastic load balancer
local_action:
module: ec2_elb_lb
name: "{{ site_prefix }}-elb"
state: present
security_group_ids: 'sg-577f9933' #http/s
region: "{{ aws_region }}"
zones:
- "{{ aws_region }}a"
listeners:
- protocol: http
load_balancer_port: 80
instance_port: 80
health_check:
ping_protocol: http # options are http, https, ssl, tcp
ping_port: 80
ping_path: "/" # not required for tcp or ssl
response_timeout: 5 # seconds
interval: 30 # seconds
unhealthy_threshold: 2
healthy_threshold: 10
- name: create launch config
ec2_lc:
name: "{{ site_prefix }}-lc"
image_id: "{{ aws_vm_image }}"
region: "{{ aws_region }}"
security_groups: ['http/https']
instance_type: "{{ machine_type }}"
key_name: BOB
assign_public_ip: yes
- name: create auto scaling group
ec2_asg:
name: "{{ site_prefix }}-asg"
launch_config_name: "{{ site_prefix }}-lc"
health_check_period: 60
health_check_type: ELB
replace_all_instances: yes
min_size: "{{ server_min_size }}"
max_size: "{{ server_max_size }}"
desired_capacity: "{{ server_desired_size }}"
region: "{{ aws_region }}"
load_balancers: "{{ site_prefix }}-elb"
#needed if public ip is required
vpc_zone_identifier:
- 'subnet-1448e94d'
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/31e135c4-de1f-4226-b9c7-54519c4d89a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Ansible 1.9.4, AWS Auto scaling "Launching a new EC2 instance. Status Reason: The parameter SecurityGroup is not recognized. "
I think the issue was security_groups: ['http/https'] on ec2_lc Changed to use ids though doco isnt very clear on this in either wording "A list of security groups into which instances should be found" or example ['group1', 'group2'] http://docs.ansible.com/ansible/ec2_lc_module.html -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/519ea106-3f4d-40aa-842f-aff57a800419%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] issue with aws cli command to associate elastic ip to new instance
Ah ok.
I have changed it to
shell python3 -E /usr/bin/aws ec2 associate-address --instance-id={{ item.id }}
--allocation-id eipalloc-b9df00dc
and get
Unable to locate credentials. You can configure credentials by running "aws
configure".
so just need to solve that now. I configured aws for ubuntu user but i
guess i need to configure for user that runs this shell command.
Thanks
On Friday, 25 September 2015 14:50:12 UTC+1, Brian Coca wrote:
>
> you are using python3 for a python2 app
>
>
>
> --
> Brian Coca
>
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b1658a60-7cf3-4f69-aa13-4bc92029845a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: aws ec2 module - count_tag creating more instances than required
White space issue. count_tag: role: cms seemed to fix it. -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7de8e66f-7939-4dcc-a4c1-88741ab36ba9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] aws ec2 module - count_tag creating more instances than required
Hi
Possibly im not using this correctly.
Here is the playbook snippet
key_name: "{{ aws_key_name }}"instance_type: "{{
cms_machine_type }}"image: "{{ aws_vm_image }}"wait: yes
exact_count: 1count_tag: role:cmsgroup_id: "{{
aws_cms_security_group_id }}"region: "{{ aws_region }}"
monitoring: yesassign_public_ip: yesvpc_subnet_id: "{{
aws_vpc_subnet_id }}"instance_tags: role: cms
has_shared: true register:
I want only a single instance create with role = cms but the above creates
another instance each time its run so am i doing something wrong with this
syntax?
Ansible version = 1.9.3 on Trusty Ubuntu
Thanks
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bbdb5634-f48f-48d0-ba9e-a3e7a7bca5a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] issue with aws cli command to associate elastic ip to new instance
Hi.
We are not using v2 of ansible yet so the elastic ip association isnt
available yet.
I was hoping i could do this via aws cli in the short term
I came across this post
http://engineering.ticketbis.com/how-to-use-aws-cli-from-ansible-tower/
and added task assoicate with elastic ip below.
tasks:- name: Create vm ec2:key_name: "{{ aws_key_name }}"
instance_type: "{{ cms_machine_type }}"image: "{{ aws_vm_image }}"
wait: yesexact_count: 1count_tag:role: cms
group_id: "{{ aws_cms_security_group_id }}"region: "{{ aws_region
}}"monitoring: yesassign_public_ip: yesvpc_subnet_id:
"{{ aws_vpc_subnet_id }}"instance_tags: role: cms
has_shared: true register: ec2- name: Add new instance to ansible in
memory host group add_host: hostname={{item.public_ip}} groupname=cms
with_items: ec2.instances- name: assoicate with elastic ip
local_action: module: shell aws ec2 associate-address --instance-id={{
item.id }} --allocation-id eipalloc-
The error i get is
Traceback (most recent call last):
File "/usr/bin/aws", line 15, in
import awscli.clidriver
File "/usr/share/awscli/awscli/clidriver.py", line 16, in
import botocore.session
File "/usr/lib/python3/dist-packages/botocore/session.py", line 37, in
import botocore.service
File "/usr/lib/python3/dist-packages/botocore/service.py", line 25, in
from .endpoint import get_endpoint
File "/usr/lib/python3/dist-packages/botocore/endpoint.py", line 32, in
import botocore.response
File "/usr/lib/python3/dist-packages/botocore/response.py", line 26, in
from .hooks import first_non_none_response
File "/usr/lib/python3/dist-packages/botocore/hooks.py", line 22, in
import inspect
File "/usr/lib/python3.4/inspect.py", line 35, in
import importlib.machinery
ImportError: No module named 'importlib.machinery'
Anyone seen this or know the correct way to use aws cli from playbook.
I can run the command on the linux command line adn that works fine.
Thanks
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7c7a9510-3fca-403a-8d8e-802dd549e6e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Advice on Tower with GCE and machine credential authentication
Hi I am evaluating tower on google compute engine. The dynamic inventory has been ok and that is working I managed to get it working with ansible-playbook but i cant figure out a good way to do the Machine Credentials authentication from tower for jobs. For simple ssh username and password what do i specify? Should i create a bespoke user on each machine, but then how do i do this for autoscaling - startup script, baked into snapshot disk? Just to get it working i wouldnt mind using the core user that is created when you login via the ssh option in the console but a) i dont know the password for that user or b) the private key so dont know what to put. Im new to Linux which doesnt help esp trying to understand all this authentication stuff. Anyone done this and have a best practice? Thanks -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b024481f-8663-4f99-bf05-2d62ee8bb2c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
