[ansible-project] Possible to use more than one hostname/identifier in inventory?

[Guy Knights]

We gather most of our host inventory using the aws_ec2 inventory plugin, 
and from this each host's private IP address is used as the host 
identifier. Is there a way we can also gather and use other unique 
identifiers to refer to hosts as an alternative? 

Each of our hosts has an assigned EC2 "Name" tag that uniquely ids the host 
so it'd be handy to be able to use this in some situations, though as we've 
already been using IPs for a long time I'd prefer to just continue to keep 
this as the primary means of referencing hosts.

Is the above feasible or can hosts only have one ID?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b7365801-91d6-46f3-b681-b4ff6ba29ef1n%40googlegroups.com.

[ansible-project] Ansible config file in current directory not used

[Guy Knights]

According to the docs 
(https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations),
 
Ansible is supposed to use ansible.cfg from the current directory as the 
second option if the env var ANSIBLE_CONFIG isn't defined. However it 
doesn't appear to be working for me.

I'm in the process of creating a collection and I have a virtual env set up 
in the current directory, with Ansible 2.9 installed. When I run Ansible 
however, it is going straight to the .ansible.cfg file in my user's home 
directory and ignores the ansible.cfg file I created in the collection dir. 
The folder layout is as follows:

ansible.cfg  docs  env  galaxy.yml  hosts.yml  playbooks  plugins  README.md 
 requirements.txt  roles

My venv is enabled and when I run ansible it shows the following:

(env) root@DESKTOP-JH6A27J:~/work/knightsg/dkron# ansible --version
ansible 2.9.9
  config file = /root/.ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', 
'/usr/share/ansible/plugins/modules']
  ansible python module location = /mnt/c/Users/guy/Documents/Work/knightsg/
dkron/env/lib/python3.6/site-packages/ansible
  executable location = /mnt/c/Users/guy/Documents/Work/knightsg/dkron/env/
bin/ansible
  python version = 3.6.5 (default, May  3 2018, 10:08:28) [GCC 5.4.0 
20160609]

As you can see, it's using /root/.ansible.cfg.

If I supply ANSIBLE_CONFIG then it uses the ansible.cfg file in the current 
folder:

(env) root@DESKTOP-JH6A27J:~/work/knightsg/dkron# 
ANSIBLE_CONFIG=./ansible.cfg ansible --version
ansible 2.9.9
  config file = /mnt/c/Users/guy/Documents/Work/knightsg/dkron/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', 
'/usr/share/ansible/plugins/modules']
  ansible python module location = /mnt/c/Users/guy/Documents/Work/knightsg/
dkron/env/lib/python3.6/site-packages/ansible
  executable location = /mnt/c/Users/guy/Documents/Work/knightsg/dkron/env/
bin/ansible
  python version = 3.6.5 (default, May  3 2018, 10:08:28) [GCC 5.4.0 
20160609]

Any idea why Ansible isn't selecting the correct config file by default?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/71e2fe59-d1ba-4cdb-a799-fe3d8bb6658fo%40googlegroups.com.

[ansible-project] List of triggered tasks

[Guy Knights]

Hi all,

Is there a globally-available list of triggered tasks? I'd love to be able
to send a notification of some kind at the end of a series of playbook
runs, which would include the list of changed tasks and any other
information that might be useful.

Thanks,
Guy

-- 
<http://www.bluebatgames.com>
Guy Knights • Senior Systems Engineer
c: 778-996-2687p: 778-379-5120
<https://www.facebook.com/BlueBatGames/>
<https://www.linkedin.com/company/bluebat-games>
<https://twitter.com/BlueBatGames>  <http://www.bluebatgames.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk_nYoSpcPcs_OB%2BH0nSNRTkTh2ZCqePhRmD8Javxn0qag%40mail.gmail.com.

[ansible-project] Re: aws_ec2 and compose option

[Guy Knights]

Does anyone have any suggestions about this?

On Wednesday, December 11, 2019 at 3:06:13 PM UTC-8, Guy Knights wrote:
>
> Hi,
>
> According to the documentation for the aws_ec2 plugin, the compose option 
> can be used to create vars when the plugin is executed.
>
> I've been trying to get this to work with a simple plugin config like so:
>
> plugin: aws_ec2
> regions:
>   - us-east-1
> filters:
>   tag:Environment: prod
>   instance-state-name: running
> hostnames:
>   - private-ip-address
> compose:
>   site: 'testing'
> strict_permissions: False
> strict: False
>
> However, when I run a playbook and supply the above inventory file, the 
> 'site' var is undefined.
>
> Am I using this option correctly?
>
> Thanks,
> Guy
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/df6718d4-b33a-4863-ba3e-c93890e84a44%40googlegroups.com.

[ansible-project] aws_ec2 and compose option

[Guy Knights]

Hi,

According to the documentation for the aws_ec2 plugin, the compose option
can be used to create vars when the plugin is executed.

I've been trying to get this to work with a simple plugin config like so:

plugin: aws_ec2
regions:
  - us-east-1
filters:
  tag:Environment: prod
  instance-state-name: running
hostnames:
  - private-ip-address
compose:
  site: 'testing'
strict_permissions: False
strict: False

However, when I run a playbook and supply the above inventory file, the
'site' var is undefined.

Am I using this option correctly?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk8%3Dho8akB2UKDY_wwf70%2BTELEEpSdLsHc9XKFrH8d97oQ%40mail.gmail.com.

[ansible-project] When condition 'or' structure question

[Guy Knights]

It's possible to define a series of 'and' conditions for a task as follows:

  when:
- foo == true
- bar == true

As far as I'm aware, the only way to define 'or' conditions is in-line, as
such:

  when: foo == true or bar == true

Is there any other way to define 'or' conditions, in a way that's similar
to the first example?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk-v-71wn-10_TfmbDyHdSk7CdPaMa-91V2uxsV4ASPurg%40mail.gmail.com.

[ansible-project] Ansible's handling of string representation of complex objects

[Guy Knights]

I've run into a weird behaviour regarding how Ansible handles converting
strings to complex objects.

I have the following string representation of a list of dicts that I'm
returning from a Cloudformation stack output:

[{"id": "subnet-f3i4ven6lxvxr3eu","az": "us-east-1a"},{"id": "subnet-
0wovp0yu5sr8pnwv","az": "us-east-1b"}]

I've been using this in a playbook, passing it to the "loop" parameter in
the following task:

- name: provision instances
  ec2:
key_name: keypair1
instance_type: t2.micro
image: "{{ ami_id }}"
wait: no
exact_count: 1
count_tag:
  Name: "instance{{ loop_count + 1 }}"
  Type: type1
  AZ: "{{ item.az }}"
group_id: "{{
cf_results.stack_outputs.SecurityGroupDetails|from_json|map(attribute='id')|list
}}"
termination_protection: yes
vpc_subnet_id: "{{ item.id }}"
volumes:
  - device_name: /dev/sda1
volume_type: gp2
volume_size: 50
delete_on_termination: true
instance_tags:
  Name: "instance{{ loop_count + 1 }}"
  Type: type1
  Environment: prod
  VPC: vpc1
  Subnet: "{{ item.name }}"
  AZ: "{{ item.az }}"
monitoring: yes
region: us-east-1
  loop: "{{ cf_results.stack_outputs.SubnetDetails }}"
  loop_control:
index_var: loop_count
  register: instances

The above task works fine. However, I've been trying to use it to create
another, single EC2 instance and I'm using filters to just select the first
subnet from the list, as follows:

- name: provision vpn instance
  ec2:
key_name: keypair1
instance_type: t2.micro
image: "{{ ami_id }}"
wait: no
exact_count: 1
count_tag:
  Name: extra_instance
  Type: type2
  AZ: "{{ cf_results.stack_outputs.SubnetDetails[0].az }}"
group_id: "{{
cf_results.stack_outputs.SecurityGroupDetails|from_json|map(attribute='id')|list
}}"
termination_protection: yes
vpc_subnet_id: "{{ cf_results.stack_outputs.SubnetDetails[0].id }}"
assign_public_ip: yes
instance_tags:
  Name: extra_instance
  Type: type2
  Environment: prod
  VPC: vpc1
  Subnet: "{{ cf_results.stack_outputs.SubnetDetails[0].id }}"
  AZ: "{{ cf_results.stack_outputs.SubnetDetails[0].az }}"
monitoring: yes
region: "{{ static_config.region }}"
  register: extra_instance

When the above task is executed it fails with the following error: "The
task includes an option with an undefined variable. The error was: 'str
object' has no attribute 'az'".

I added a 'debug' task to just output the first item from the list, it
worked but as you can see it just outputs the first character in the string:

TASK [debug]
*
ok: [localhost] => {
"cf_results.stack_outputs.SubnetDetails[0]": "["
}

Is there a reason why the loop parameter successfully converts the string
to a list but the filter doesn't?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk_XWEwyaymegrQmdjUbFrCWgi05w2t2MVDsbjKNnU8s%3Dg%40mail.gmail.com.

[ansible-project] Iptables module fragment option

[Guy Knights]

I'm trying to add an iptables rule that uses the fragment option, and I
cannot work out how to get it working using Ansible's iptables module.

Here's my task:

- name: drop fragmented packets
  iptables:
jump: DROP
chain: INPUT
fragment: True
action: append
state: present

When I run this it fails with the following error:

FAILED! => {"changed": false, "cmd": "/sbin/iptables -t filter -A INPUT -j
DROP -f True", "msg": "Bad argument `True'\nTry `iptables -h' or 'iptables
--help' for more information.", "rc": 2, "stderr": "Bad argument
`True'\nTry `iptables -h' or 'iptables --help' for more information.\n",
"stderr_lines": ["Bad argument `True'", "Try `iptables -h' or 'iptables
--help' for more information."], "stdout": "", "stdout_lines": []}

So it's trying to add the 'True' as an parameter to the '-f' flag in the
iptables command.

I tried again, this time removing the 'True' from the fragment option:

- name: drop fragmented packets
  iptables:
jump: DROP
chain: INPUT
fragment:
action: append
state: present

This time it just adds the rule *without* the '-f' option to iptables, so
the rule just drops everything - obviously not the behaviour I want.

So I looked at the module's code and saw that it expects a string, so next
I tried the following:

- name: drop fragmented packets
  iptables:
jump: DROP
chain: INPUT
fragment: ''
action: append
state: present

This time, it fails with the following error:

FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call
last):\n  File \"master:/root/mitogen/ansible_mitogen/runner.py\", line
883, in _run\nself._run_code(code, mod)\n  File
\"master:/root/mitogen/ansible_mitogen/runner.py\", line 862, in
_run_code\nexec('exec code in vars(mod)')\n  File \"\", line 1,
in \n  File
\"master:/usr/local/ansible/lib/ansible/modules/system/iptables.py\", line
634, in \n  File
\"master:/usr/local/ansible/lib/ansible/modules/system/iptables.py\", line
581, in main\n  File
\"master:/usr/local/ansible/lib/ansible/modules/system/iptables.py\", line
434, in construct_rule\n  File
\"master:/usr/local/ansible/lib/ansible/modules/system/iptables.py\", line
386, in append_param\nIndexError: string index out of range\n",
"module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

The problem in this case is that the code is using the first character of
the parameter to check for the negation/! option for the -f flag in
iptables, so it fails due to the empty string.

How do I use the fragment option correctly?

Thanks,
Guy

-- 
<http://www.bluebatgames.com>
Guy Knights • Senior Systems Engineer
c: 778-996-2687p: 778-379-5120
<https://www.facebook.com/BlueBatGames/>
<https://www.linkedin.com/company/bluebat-games>
<https://twitter.com/BlueBatGames>  <http://www.bluebatgames.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk-R_asYNe24Uj0bnn0%2BieT99MukaE%2BAaCQBVbAzKVutGg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] RDS module

[Guy Knights]

What's the difference between the rds module vs the rds_instance module? It
seems like they do the same thing. I assumed that rds_instance is a
replacement for rds since it's only been added in Ansible 2.7 but I don't
see anything mentioning deprecation or replacement. Just curious more than
anything.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk8_GERi9G4VR2nohDHno5ii9eGP4zMKbPgKWz7weBfzcg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Do YAML inventory plugins support inheritance?

[Guy Knights]

Thanks Ryan, I did some tests and got this working using the constructed
plugin.

One issue I ran into though is that the inventory plugin files appear to be
loaded alphabetically, so if the constructed inventory filename is
alphabetically 'smaller', the constructed inventory file will be loaded
first, and the host inventory may not yet be populated by the other
inventory files. I found an issue logged about this:
https://github.com/ansible/ansible/issues/31405. I've got around this in
the meantime by prefixing the name of my inventory file with 'z_'. It seems
to me that Ansible's behaviour should be to always load constructed
inventory files last since they rely purely on the output of other
inventory plugins.

Anyway, just noting that extra bit of info here in case anyone stumbles
upon this thread. Thanks again for your help!

Kind regards,
Guy

On Fri, 19 Oct 2018 at 15:39, Ryan Brown  wrote:

> Guy,
>
> It looks like the specific case you have of filtering based on a given tag
> can be solved without having several inventories.
>
> If you use the `constructed` part of inventory plugins,
> https://docs.ansible.com/ansible/2.7/plugins/inventory/constructed.html
> which lets you do all kinds of advanced grouping based on properties such
> as tags.
>
> Also, here's an issue you can watch which is related to allowing importing
> w/ vars. It doesn't extend to config, but would be the same principal.
>
> On Tuesday, October 16, 2018 at 3:19:31 PM UTC-4, Guy Knights wrote:
>>
>> I'm experimenting with the new AWS_EC2 plugin and have been wondering if
>> there's a way to streamline the file as we have separate inventory folders
>> for dev, demo and prod. Is there a way to do something like and 'include'
>> for the bulk of the YAML file content and just have the different
>> environment filters in each inventory's specific file? eg. something like
>> this:
>>
>> Central file (central.aws_ec2.yml):
>> plugin: aws_ec2
>> regions:
>>   - us-east-1
>>   - us-east-1
>>   - us-west-1
>>   - us-west-2
>>   - ap-southeast-2
>> filters:
>>   instance-state-name: running
>> strict_permissions: False
>> hostnames:
>>   - tag:Name
>>   - private-ip-address
>> strict: False
>> keyed_groups:
>>   - prefix: ''
>> separator: ''
>> key: tags.Type
>>
>> Demo inventory file (demo.aws_ec2.yml):
>> include: central.aws_ec2.yml
>> filters:
>>   tag:Environment: demo
>>
>> Thanks,
>> Guy
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/Yu5yWu47zO0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5be0ede7-229b-4af5-9fb9-01810fe25511%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/5be0ede7-229b-4af5-9fb9-01810fe25511%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
<http://www.bluebatgames.com>
Guy Knights • Senior Systems Engineer
c: 778-996-2687p: 778-379-5120
<https://www.facebook.com/BlueBatGames/>
<https://www.linkedin.com/company/bluebat-games>
<https://twitter.com/BlueBatGames>  <http://www.bluebatgames.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk-H_BtXxBE8fFujpPhbzb87bLcoVAfE-uUHTEaNAYSVsg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Do YAML inventory plugins support inheritance?

[Guy Knights]

I'm experimenting with the new AWS_EC2 plugin and have been wondering if 
there's a way to streamline the file as we have separate inventory folders 
for dev, demo and prod. Is there a way to do something like and 'include' 
for the bulk of the YAML file content and just have the different 
environment filters in each inventory's specific file? eg. something like 
this:

Central file (central.aws_ec2.yml):
plugin: aws_ec2
regions:
  - us-east-1
  - us-east-1
  - us-west-1
  - us-west-2
  - ap-southeast-2
filters:
  instance-state-name: running
strict_permissions: False
hostnames:
  - tag:Name
  - private-ip-address
strict: False
keyed_groups:
  - prefix: ''
separator: ''
key: tags.Type

Demo inventory file (demo.aws_ec2.yml):
include: central.aws_ec2.yml
filters:
  tag:Environment: demo

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3199f5c1-ce55-4a87-9492-af87246035d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: AWS_EC2 plugin keyed_groups suffix option

[Guy Knights]

Never mind, I worked out that if I include the region (but not the 
boto_profile parameter) then it works. Not sure why it's not using the 
profile region defined in ~/.aws/config but it's not a big deal.

On Monday, 15 October 2018 17:28:52 UTC-7, Guy Knights wrote:
>
> Great, thanks! That seems to have worked.
>
> One other question related to aws_ec2 - I usually pass the AWS_PROFILE var 
> on the command line when I call ansible, eg. "AWS_PROFILE=myawsprofile 
> ./ansible-playbook -i inventory/prod/ playbooks/site.yml". However, with my 
> aws_ec2 inventory file, if I leave out the boto_profile and regions 
> variables the inventory list returns nothing. I have to explicitly include 
> these two parameters with a specific profile name and region in order for 
> it to return a list of my instances. I tried setting boto_profile: 
> 'env:AWS_PROFILE' or just 'AWS_PROFILE' (in addition to just leaving it 
> out) but it doesn't work. What am I doing wrong?
>
> Thanks again,
> Guy
>
> On Mon, 15 Oct 2018 at 17:07, flowerysong  wrote:
>
>> On Monday, October 15, 2018 at 7:45:15 PM UTC-4, Guy Knights wrote:
>>>
>>> Is there any way to specify a suffix for the keyed_groups option in the 
>>> aws_ec2 inventory plugin? I'm looking at migrating from Ansible 2.4 to 2.6 
>>> and would like to switch from the old ec2 dynamic inventory script. 
>>> However, we currently specify our host groups as "_servers", 
>>> eg. "web_servers". Is there any way I can replicate this host group format 
>>> in the aws_ec2 plugin or am I out of luck?
>>>
>>> I know I could change the format of our host groups but I'd prefer not 
>>> to have to do that if possible as there are conditional includes, etc I'd 
>>> have to adjust as well.
>>>
>>
>> Sure, just include the suffix in the key.
>>
>> keyed_groups:
>>   - prefix: ''
>> separator: ''
>> key: tags.Class ~ '_servers'
>>
>>  
>> "all": {
>> "children": [
>> "aws_ec2", 
>> "builder_servers", 
>> "ctools_mx_servers", 
>> "dev_servers", 
>> "dnsbl_servers", 
>> "egress_servers", 
>> "jail_servers", 
>> "master_servers", 
>> "mx_servers", 
>> "relay_egress_servers", 
>> "syslog_servers", 
>> "ungrouped"
>> ]
>>
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/Zp2FtD1hiqQ/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/2bb67f08-245e-41df-95d2-de695b47914b%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/2bb67f08-245e-41df-95d2-de695b47914b%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> <http://www.bluebatgames.com> 
> Guy Knights • Senior Systems Engineer
> c: 778-996-2687p: 778-379-5120
> <https://www.facebook.com/BlueBatGames/>  
> <https://www.linkedin.com/company/bluebat-games>  
> <https://twitter.com/BlueBatGames>  <http://www.bluebatgames.com>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/17b2be1a-bf6a-4a06-875d-056c021a7cef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: AWS_EC2 plugin keyed_groups suffix option

[Guy Knights]

Great, thanks! That seems to have worked.

One other question related to aws_ec2 - I usually pass the AWS_PROFILE var
on the command line when I call ansible, eg. "AWS_PROFILE=myawsprofile
./ansible-playbook -i inventory/prod/ playbooks/site.yml". However, with my
aws_ec2 inventory file, if I leave out the boto_profile and regions
variables the inventory list returns nothing. I have to explicitly include
these two parameters with a specific profile name and region in order for
it to return a list of my instances. I tried setting boto_profile:
'env:AWS_PROFILE' or just 'AWS_PROFILE' (in addition to just leaving it
out) but it doesn't work. What am I doing wrong?

Thanks again,
Guy

On Mon, 15 Oct 2018 at 17:07, flowerysong  wrote:

> On Monday, October 15, 2018 at 7:45:15 PM UTC-4, Guy Knights wrote:
>>
>> Is there any way to specify a suffix for the keyed_groups option in the
>> aws_ec2 inventory plugin? I'm looking at migrating from Ansible 2.4 to 2.6
>> and would like to switch from the old ec2 dynamic inventory script.
>> However, we currently specify our host groups as "_servers",
>> eg. "web_servers". Is there any way I can replicate this host group format
>> in the aws_ec2 plugin or am I out of luck?
>>
>> I know I could change the format of our host groups but I'd prefer not to
>> have to do that if possible as there are conditional includes, etc I'd have
>> to adjust as well.
>>
>
> Sure, just include the suffix in the key.
>
> keyed_groups:
>   - prefix: ''
> separator: ''
> key: tags.Class ~ '_servers'
>
>
> "all": {
> "children": [
> "aws_ec2",
> "builder_servers",
> "ctools_mx_servers",
> "dev_servers",
> "dnsbl_servers",
> "egress_servers",
> "jail_servers",
> "master_servers",
> "mx_servers",
> "relay_egress_servers",
> "syslog_servers",
> "ungrouped"
> ]
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/Zp2FtD1hiqQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2bb67f08-245e-41df-95d2-de695b47914b%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/2bb67f08-245e-41df-95d2-de695b47914b%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
<http://www.bluebatgames.com>
Guy Knights • Senior Systems Engineer
c: 778-996-2687p: 778-379-5120
<https://www.facebook.com/BlueBatGames/>
<https://www.linkedin.com/company/bluebat-games>
<https://twitter.com/BlueBatGames>  <http://www.bluebatgames.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtmDk_UZ6gzWnaCLnUp0nTtYGbMRfq8Ly5pd%2BgSowbPeFui%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] AWS_EC2 plugin keyed_groups suffix option

[Guy Knights]

Is there any way to specify a suffix for the keyed_groups option in the 
aws_ec2 inventory plugin? I'm looking at migrating from Ansible 2.4 to 2.6 
and would like to switch from the old ec2 dynamic inventory script. 
However, we currently specify our host groups as "_servers", 
eg. "web_servers". Is there any way I can replicate this host group format 
in the aws_ec2 plugin or am I out of luck?

I know I could change the format of our host groups but I'd prefer not to 
have to do that if possible as there are conditional includes, etc I'd have 
to adjust as well.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dbdfb014-8fa4-46c2-acc0-e541877154de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: with_subelements works where loop with subelements filter fails

[Guy Knights]

Also of note: firewall6.rules doesn't exist on any of the hosts I'm running 
this playbook against, so it should be skipping the entire block, but it's 
not.

On Thursday, 11 October 2018 14:14:15 UTC-7, Guy Knights wrote:
>
> I have the following tasks in a block, which I've modified to use the new 
> 'loop' structure:
>
> - name: process ipv6 rules if they exist
>   block:
> - name: create all ipv6 firewall log statements from 'firewall' 
> variable
>   iptables:
> ip_version: ipv6
> comment: "{{ item.0.comment|default(omit) }}"
> destination: "{{ item.0.destination|default(omit) }}"
> destination_port: "{{ item.0.destination_port|default(omit) }}"
> source: "{{ item.1 }}"
> source_port: "{{ item.0.source_port|default(omit) }}"
> protocol: "{{ item.0.protocol|default(omit) }}"
> jump: "LOG"
> chain: "{{ item.0.chain|default('INPUT') }}"
> ctstate: "{{ item.0.state|default('NEW') }}"
> in_interface: "{{ item.0.in_interface|default(omit) }}"
> out_interface: "{{ item.0.out_interface|default(omit) }}"
> limit: "3/minute"
> limit_burst: 10
> # log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
> state: present
>   when: item.0.log is defined and item.0.log == 'yes'
>   loop: "{{ firewall6.rules|subelements('source') }}"
>   notify:
> - save ip6tables
>
> - name: apply ipv6 rules using 'firewall' variable defined in 
> inventory vars
>   iptables:
> ip_version: ipv6
> comment: "{{ item.0.comment|default(omit) }}"
> destination: "{{ item.0.destination|default(omit) }}"
> destination_port: "{{ item.0.destination_port|default(omit) }}"
> source: "{{ item.1 }}"
> source_port: "{{ item.0.source_port|default(omit) }}"
> protocol: "{{ item.0.protocol|default(omit) }}"
> jump: "{{ item.0.rule|default('ACCEPT') }}"
> chain: "{{ item.0.chain|default('INPUT') }}"
> ctstate: "{{ item.0.state|default(omit) }}"
> in_interface: "{{ item.0.in_interface|default(omit) }}"
> out_interface: "{{ item.0.out_interface|default(omit) }}"
> state: present
>   loop: "{{ firewall6.rules|subelements('source') }}"
>   notify:
> - save ip6tables
>
>   when: firewall6 is defined and firewall6.rules is defined
>
> When I run this I get the following error:
>
> TASK [firewall : create all ipv6 firewall log statements from 'firewall' 
> variable] *
> fatal: [172.20.0.88]: FAILED! => {"msg": "obj must be a list of dicts or 
> a nested dict"}
> fatal: [172.20.0.77]: FAILED! => {"msg": "obj must be a list of dicts or 
> a nested dict"}
> fatal: [172.20.0.55]: FAILED! => {"msg": "obj must be a list of dicts or 
> a nested dict"}
>
>
> I changed the first task to use 'with_subelements' as follows:
>
> - name: create all ipv6 firewall log statements from 'firewall' 
> variable
>   iptables:
> ip_version: ipv6
> comment: "{{ item.0.comment|default(omit) }}"
> destination: "{{ item.0.destination|default(omit) }}"
> destination_port: "{{ item.0.destination_port|default(omit) }}"
> source: "{{ item.1 }}"
> source_port: "{{ item.0.source_port|default(omit) }}"
> protocol: "{{ item.0.protocol|default(omit) }}"
> jump: "LOG"
> chain: "{{ item.0.chain|default('INPUT') }}"
> ctstate: "{{ item.0.state|default('NEW') }}"
> in_interface: "{{ item.0.in_interface|default(omit) }}"
> out_interface: "{{ item.0.out_interface|default(omit) }}"
> limit: "3/minute"
> limit_burst: 10
> # log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
> state: present
>   when: item.0.log is defined and item.0.log == 'yes'
>   with_subelements: 
> - "{{ firewall6.rules }}"
> - source
>   notify:
> - save ip6tables
>
> When I re-run the playbook it now skips the task, as intended:
>
> TASK [firewall : create all ipv6 firewall log statements from 'firewall' 
> variable] *
> skipping: [172.20.0.88]
> skipping: [172.20.0.77]
> skipping: [172.20.0.55]
>
> Can anyone tell me why this is happening?
>
> Thanks,
> Guy
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5c12525b-c603-4068-8b7e-39a22b647244%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] with_subelements works where loop with subelements filter fails

[Guy Knights]

I have the following tasks in a block, which I've modified to use the new 
'loop' structure:

- name: process ipv6 rules if they exist
  block:
- name: create all ipv6 firewall log statements from 'firewall' variable
  iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "LOG"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default('NEW') }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
limit: "3/minute"
limit_burst: 10
# log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
state: present
  when: item.0.log is defined and item.0.log == 'yes'
  loop: "{{ firewall6.rules|subelements('source') }}"
  notify:
- save ip6tables

- name: apply ipv6 rules using 'firewall' variable defined in inventory 
vars
  iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "{{ item.0.rule|default('ACCEPT') }}"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default(omit) }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
state: present
  loop: "{{ firewall6.rules|subelements('source') }}"
  notify:
- save ip6tables

  when: firewall6 is defined and firewall6.rules is defined

When I run this I get the following error:

TASK [firewall : create all ipv6 firewall log statements from 'firewall' 
variable] *
fatal: [172.20.0.88]: FAILED! => {"msg": "obj must be a list of dicts or a 
nested dict"}
fatal: [172.20.0.77]: FAILED! => {"msg": "obj must be a list of dicts or a 
nested dict"}
fatal: [172.20.0.55]: FAILED! => {"msg": "obj must be a list of dicts or a 
nested dict"}


I changed the first task to use 'with_subelements' as follows:

- name: create all ipv6 firewall log statements from 'firewall' variable
  iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "LOG"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default('NEW') }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
limit: "3/minute"
limit_burst: 10
# log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
state: present
  when: item.0.log is defined and item.0.log == 'yes'
  with_subelements: 
- "{{ firewall6.rules }}"
- source
  notify:
- save ip6tables

When I re-run the playbook it now skips the task, as intended:

TASK [firewall : create all ipv6 firewall log statements from 'firewall' 
variable] *
skipping: [172.20.0.88]
skipping: [172.20.0.77]
skipping: [172.20.0.55]

Can anyone tell me why this is happening?

Thanks,
Guy


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4f9c055e-3711-467e-8379-b74b7d602ec5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] urllib3 issue

[Guy Knights]

Is no-one else seeing this issue? It keeps coming up for me.

On Tuesday, August 28, 2018 at 10:23:15 AM UTC-7, Guy Knights wrote:
>
> We're using Ubuntu (14.04) but yes, we do weekly upgrades.
>
> On Monday, August 27, 2018 at 7:30:50 PM UTC-7, Bharath Kumar wrote:
>>
>> Hi Guy,
>>
>> Where this servers patched recently? 
>>
>> "yum update/upgrade"
>>
>> On Mon, Aug 27, 2018 at 7:01 PM Guy Knights  wrote:
>>
>>> Using Ansible 2.4, we suddenly started getting an error on a random 
>>> assortment of our servers today:
>>>
>>> ERROR! Unexpected Exception, this is probably a bug: Requests dependency 
>>> 'urllib3' must be version >= 1.21.1, < 1.22!
>>>
>>> Some servers running exactly the same task and also with version 1.23 of 
>>> urllib3 installed worked fine. I rolled back urllib3 to 1.22 on the failing 
>>> servers and it fixed the issue. Anyone know what the problem is and why 
>>> only some of the servers are failing with this error?
>>>
>>> Thanks,
>>> Guy
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com
>>>  
>>> <https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a04ff64a-833a-49ff-aaa8-1704b47c0453%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] urllib3 issue

[Guy Knights]

We're using Ubuntu (14.04) but yes, we do weekly upgrades.

On Monday, August 27, 2018 at 7:30:50 PM UTC-7, Bharath Kumar wrote:
>
> Hi Guy,
>
> Where this servers patched recently? 
>
> "yum update/upgrade"
>
> On Mon, Aug 27, 2018 at 7:01 PM Guy Knights  > wrote:
>
>> Using Ansible 2.4, we suddenly started getting an error on a random 
>> assortment of our servers today:
>>
>> ERROR! Unexpected Exception, this is probably a bug: Requests dependency 
>> 'urllib3' must be version >= 1.21.1, < 1.22!
>>
>> Some servers running exactly the same task and also with version 1.23 of 
>> urllib3 installed worked fine. I rolled back urllib3 to 1.22 on the failing 
>> servers and it fixed the issue. Anyone know what the problem is and why 
>> only some of the servers are failing with this error?
>>
>> Thanks,
>> Guy
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/14131a4a-1fc2-46e6-b0d1-2368c6c6ade1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] DNS lookup not working

[Guy Knights]

Ahh, right I guess didn't properly read that very first paragraph on the 
lookups documentation page! Ok, thanks for info everyone.

Cheers,
Guy

On Monday, August 27, 2018 at 3:32:15 PM UTC-7, Kai Stian Olstad wrote:
>
> On Tuesday, 28 August 2018 00.07.31 CEST Jonathan Lozada De La Matta 
> wrote: 
> > agreed. So you need to add connection: local or delegate_to 
>
> That wont work. 
> The block in file is needed on the remote host, and that is fine. 
> Since lookup plugins run on localhost, dnspython is needed on Ansible 
> controller not the remote host. 
>
> If DNS lookup has to be done on the remote host a command/shell module 
> with dig or some other DNS utilities is required. 
>
>
> -- 
> Kai Stian Olstad 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e5d83181-86df-44cd-87de-4f17d844cd1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] urllib3 issue

[Guy Knights]

Using Ansible 2.4, we suddenly started getting an error on a random
assortment of our servers today:

ERROR! Unexpected Exception, this is probably a bug: Requests dependency
'urllib3' must be version >= 1.21.1, < 1.22!

Some servers running exactly the same task and also with version 1.23 of
urllib3 installed worked fine. I rolled back urllib3 to 1.22 on the failing
servers and it fixed the issue. Anyone know what the problem is and why
only some of the servers are failing with this error?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mv%3Ds%2BAgfgjj_%2BVj-DztMYF_2d6kwk8NwN8BmMTJVZc6EQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] DNS lookup not working

[Guy Knights]

I have a task that uses the dig lookup to resolve a DNS record, but it
fails with the error, "An unhandled exception occurred while running the
lookup plugin 'dig'. Error was a ,
original message: The dig lookup requires the python 'dnspython' library
and it is not installed".

However, the dnspython library is definitely installed on the host. Here's
the task definition:

- blockinfile:
dest: ~/.ssh/config
marker: "# {mark} ANSIBLE MANAGED BLOCK - SVN MIRROR"
block: |
  Host XX
HostName {{ lookup('dig', '') }}
User XXX
Port 22
IdentityFile ~/.ssh/svn_key
IdentitiesOnly yes
RSAAuthentication yes
StrictHostKeyChecking no
create: yes

Here's the output of pip freeze on the host where the task fails:

Cheetah==2.4.4
Landscape-Client==14.12
PAM==0.4.2
PyYAML==3.13
Twisted-Core==13.2.0
Twisted-Names==13.2.0
Twisted-Web==13.2.0
apt-xapian-index==0.45
argparse==1.2.1
awscli==1.16.1
backports.ssl-match-hostname==3.5.0.1
boto==2.49.0
boto3==1.8.1
botocore==1.11.1
certifi==2018.8.13
chardet==3.0.4
cloud-init==0.7.5
colorama==0.3.9
configobj==4.7.2
dnspython==1.15.0
docker-py==1.9.0
docutils==0.14
futures==3.2.0
html5lib==0.999
httplib2==0.8
idna==2.7
iotop==0.6
ipaddress==1.0.22
jmespath==0.9.3
jsonpatch==1.3
jsonpointer==1.0
oauth==1.0.1
prettytable==0.7.2
pyOpenSSL==0.13
pyasn1==0.4.4
pycurl==7.19.3
pyserial==2.6
python-apt==0.9.3.5ubuntu3
python-dateutil==2.7.3
python-debian==0.1.21-nmu2ubuntu2
requests==2.19.1
rsa==3.4.2
s3transfer==0.1.13
six==1.11.0
ssh-import-id==3.21
urllib3==1.23
virtualenv==16.0.0
websocket-client==0.49.0
wheel==0.24.0
wsgiref==0.1.2
zope.interface==4.0.5

Any idea why it fails?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msrV0Bq6CMi-rvF9t4VrDrvVi%2ByDBqu97UmV5DTVjggGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Pip module does nothing when state=absent

[Guy Knights]

Right after I posted this I tried uninstalling ndg-httpsclient manually 
(should've tried that first I guess) and I got this error:

Not uninstalling ndg-httpsclient at /usr/lib/python2.7/dist-packages, owned 
by OS

This was while logged in as root too. Anyway, I ended up having to manually 
remove the package files in /usr/lib/python2.7/dist-packages which finally 
worked.

Just noting this here in case it's useful info.

Thanks,
Guy

On Wednesday, April 18, 2018 at 1:59:56 PM UTC-7, Guy Knights wrote:
>
> I recently upgraded to Ansible 2.4 and have run into a weird problem. I 
> added a task to remove a python package that was breaking pip on one of our 
> servers, the task is below:
>
> - name: Remove pip package ndg-httpsclient as it breaks pip
>   pip:
> name: ndg-httpsclient
> state: absent
>
> When this task is run on a server that definitely has ndg-httpsclient 
> installed (as per pip freeze), it does not register a change. If I check 
> the package list after the run, it's still listed as installed (and pip is 
> still broken).
>
> Here's a screenshot of the output of pip freeze before the ansible run:
>
>
> <https://lh3.googleusercontent.com/-Mq2uxZVLrZc/WtexMOrAZHI/EGE/CsZt-f13YZYF5WauLMa7Xp0EPTI3XyEkwCLcBGAs/s1600/server_pip_package_before.png>
>
> Here's the task output from the ansible run:
>
>
> <https://lh3.googleusercontent.com/-p3L_npDnAds/WtexbLkOMiI/EGI/0VUahB4zDlQEfB1UJzK_PxNaVZ48mjIvwCLcBGAs/s1600/ansible_pip_run.png>
>
> Here's the output of pip freeze after the run:
>
>
> <https://lh3.googleusercontent.com/-Fz8xHE_bUKg/Wtexi3V7spI/EGM/b25LdhMcMPgZZHYhNT-byOr3LChwOvB1gCLcBGAs/s1600/server_pip_package_after.png>
>
>
> Can anyone explain why state: absent isn't working as expected?
>
>
> Thanks,
>
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f47a09ba-2942-4876-9e37-f8c28ad875ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Pip module does nothing when state=absent

[Guy Knights]

I recently upgraded to Ansible 2.4 and have run into a weird problem. I 
added a task to remove a python package that was breaking pip on one of our 
servers, the task is below:

- name: Remove pip package ndg-httpsclient as it breaks pip
  pip:
name: ndg-httpsclient
state: absent

When this task is run on a server that definitely has ndg-httpsclient 
installed (as per pip freeze), it does not register a change. If I check 
the package list after the run, it's still listed as installed (and pip is 
still broken).

Here's a screenshot of the output of pip freeze before the ansible run:



Here's the task output from the ansible run:



Here's the output of pip freeze after the run:




Can anyone explain why state: absent isn't working as expected?


Thanks,

Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/289332f7-bc67-40c4-8afd-bd5e637fb9bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Pip module reinstalls packages every time

[Guy Knights]

A task I have uses the pip module in conjunction with 'with_items' to 
install different ansible packages, like so:

- name: install ansible versions
  pip:
name: ansible
version: "{{ item }}"
extra_args: "--install-option=\"--prefix=/opt/ansible/ansible-{{ item 
}}\""
state: present
  with_items:
- 2.2.1.0
- 2.3.0.0
- 2.3.1.0
- 2.4.2.0
- 2.4.4.0

Every time we run the playbook Ansible reinstalls the packages even though 
they are definitely there on the host. Any ideas why?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/65a149b7-4139-4d34-8674-55139f6b8478%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Viewing mixed encrypted/unencrypted inventory files

[Guy Knights]

Hi,

Will it eventually be possible to view the contents of inventory vars files
that have mixed encrypted/unencrypted content? At the moment it doesn't
seem to be possible outside of copying the encrypted content to a new file
and then using 'ansible-vault view '.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtSLCv4PUQUqJ1Lx%2BHYVrP4zSR9EOfA%3DmVsMu9pH03W%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Problem with variable interpolation in conditional

[Guy Knights]

Never mind - of course I worked this out right after I sent my initial post.

The solution is to use when: "'App: ' + app_id not in response.content",
for those who might also be caught out by this.

On Thu, Jul 13, 2017 at 4:44 PM, Guy Knights <guy.knig...@gmail.com> wrote:

> I'm really confused about a problem I'm having with a conditional
> statement in a playbook. The task is below:
>
> - action: fail
>   when: "'App: {{ app_id }}' not in response.content"
>
> When I run the playbook I get this error:
>
>  [WARNING]: when statements should not include jinja2 templating
> delimiters such as {{ }} or {% %}. Found: 'Client: {{
> wl_name }}' not in response.content
>
> As I suspected, when I removed the curly brackets the task failed because
> "App: app_id" was of course not in the output.
>
> How then am I supposed to interpolate the variable app_id in this when
> condition?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msj7kJD6Q7ONSYW%3DTC1CJdKviWoxW%2Betnuw5xgfXW-i4A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Problem with variable interpolation in conditional

[Guy Knights]

I'm really confused about a problem I'm having with a conditional statement
in a playbook. The task is below:

- action: fail
  when: "'App: {{ app_id }}' not in response.content"

When I run the playbook I get this error:

 [WARNING]: when statements should not include jinja2 templating delimiters
such as {{ }} or {% %}. Found: 'Client: {{
wl_name }}' not in response.content

As I suspected, when I removed the curly brackets the task failed because
"App: app_id" was of course not in the output.

How then am I supposed to interpolate the variable app_id in this when
condition?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtNZvTSO%2B_jSZ4pj5DCLs7pc5egtich20r8N0_VTzyQdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Blockinfile triggers every run

[Guy Knights]

Actually, never mind - I just realised that the problem is the loop that
I've got around each blockinfile task, which will overwrite each item in
the list until it reaches the last one.

On Fri, Jun 23, 2017 at 3:51 PM, Guy Knights <guy.knig...@gmail.com> wrote:

> I have a blockinfile task that sets some lines in /etc/ufw/before.rules,
> and which notifies handler to reload ufw if the task registers a change. I
> was running it on a host and noticed that I had the same prerouting rule
> from before.rules multiple times, so I took a closer look at the task as I
> was running it, and I noticed that it keeps triggering every time it runs.
>
> Here are mytasks the add pre and post routing rules to
> /etc/ufw/before.rules:
>
> - name: set nat and port forwarding start section
>   blockinfile:
> dest: /etc/ufw/before.rules
> marker: "# {mark} bbg nat rules"
> insertbefore: "# Don't delete these required lines, otherwise there
> will be errors"
> block: |
>   # NAT table rules
>   *nat
>   :PREROUTING ACCEPT [0:0]
>   :POSTROUTING ACCEPT [0:0]
>   when: firewall.nat is defined or firewall.pf is defined
>   notify:
> - reload ufw
>
> - name: set individual port forwarding rules if specified
>   blockinfile:
> dest: /etc/ufw/before.rules
> insertafter: "# END bbg nat rules"
> marker: "# {mark} {{ item.desc|default(omit) }}"
> block: |
>   # Forward port for {{ item.desc }}
>   -A PREROUTING -p tcp --dport {{ item.src_port }} -j REDIRECT
> --to-port {{ item.dst_port }}
>   with_items: "{{ firewall.pf|default(omit) }}"
>   when: firewall.pf is defined
>   notify:
> - reload ufw
>
> - name: set individual nat rules if specified
>   blockinfile:
> dest: /etc/ufw/before.rules
> insertbefore: "# BEGIN bbg nat rules commit"
> marker: "# {mark} {{ item.desc|default(omit) }}"
> block: |
>   # Forward traffic through {{ item.out_in|default(eth0) }} - Change
> to match you out-interface for {{ item.desc|default(omit) }}
>   -A POSTROUTING -s {{ item.source|default("0.0.0.0/0") }} -d {{
> item.dest|default("0.0.0.0/0") }} -o {{ item.out_in|default(eth0) }} -j
> MASQUERADE
>   with_items: "{{ firewall.nat|default(omit) }}"
>   when: firewall.nat is defined
>   notify:
> - reload ufw
>
> - name: set nat rules commit if specified
>   blockinfile:
> dest: /etc/ufw/before.rules
> marker: "# {mark} bbg nat rules commit"
> insertbefore: "# Don't delete these required lines, otherwise there
> will be errors"
> block: |
>   # don't delete the 'COMMIT' line or these nat table rules won't
>   # be processed
>   COMMIT
>   when: firewall.nat is defined or firewall.pf is defined
>   notify:
> - reload ufw
>
> The rule that keeps triggering is the 2nd one, set individual port
> forwarding rules if specified.
>
> I can't see that it's changing anything in the file after it initially
> adds the lines, and in fact I did a test and ran a checksum against the
> file before and after running the playbook and the checksum value was the
> same, so it hasn't changed the file in any way.
>
> Can anyone explain why it keeps triggering and running the ufw reload?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mt_NBiDm8tcTE1hL118dsAyYGjzYMAPi4umNrkbm76VcA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Blockinfile triggers every run

[Guy Knights]

I have a blockinfile task that sets some lines in /etc/ufw/before.rules,
and which notifies handler to reload ufw if the task registers a change. I
was running it on a host and noticed that I had the same prerouting rule
from before.rules multiple times, so I took a closer look at the task as I
was running it, and I noticed that it keeps triggering every time it runs.

Here are mytasks the add pre and post routing rules to
/etc/ufw/before.rules:

- name: set nat and port forwarding start section
  blockinfile:
dest: /etc/ufw/before.rules
marker: "# {mark} bbg nat rules"
insertbefore: "# Don't delete these required lines, otherwise there
will be errors"
block: |
  # NAT table rules
  *nat
  :PREROUTING ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  when: firewall.nat is defined or firewall.pf is defined
  notify:
- reload ufw

- name: set individual port forwarding rules if specified
  blockinfile:
dest: /etc/ufw/before.rules
insertafter: "# END bbg nat rules"
marker: "# {mark} {{ item.desc|default(omit) }}"
block: |
  # Forward port for {{ item.desc }}
  -A PREROUTING -p tcp --dport {{ item.src_port }} -j REDIRECT
--to-port {{ item.dst_port }}
  with_items: "{{ firewall.pf|default(omit) }}"
  when: firewall.pf is defined
  notify:
- reload ufw

- name: set individual nat rules if specified
  blockinfile:
dest: /etc/ufw/before.rules
insertbefore: "# BEGIN bbg nat rules commit"
marker: "# {mark} {{ item.desc|default(omit) }}"
block: |
  # Forward traffic through {{ item.out_in|default(eth0) }} - Change to
match you out-interface for {{ item.desc|default(omit) }}
  -A POSTROUTING -s {{ item.source|default("0.0.0.0/0") }} -d {{
item.dest|default("0.0.0.0/0") }} -o {{ item.out_in|default(eth0) }} -j
MASQUERADE
  with_items: "{{ firewall.nat|default(omit) }}"
  when: firewall.nat is defined
  notify:
- reload ufw

- name: set nat rules commit if specified
  blockinfile:
dest: /etc/ufw/before.rules
marker: "# {mark} bbg nat rules commit"
insertbefore: "# Don't delete these required lines, otherwise there
will be errors"
block: |
  # don't delete the 'COMMIT' line or these nat table rules won't
  # be processed
  COMMIT
  when: firewall.nat is defined or firewall.pf is defined
  notify:
- reload ufw

The rule that keeps triggering is the 2nd one, set individual port
forwarding rules if specified.

I can't see that it's changing anything in the file after it initially adds
the lines, and in fact I did a test and ran a checksum against the file
before and after running the playbook and the checksum value was the same,
so it hasn't changed the file in any way.

Can anyone explain why it keeps triggering and running the ufw reload?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mu7hexGko7oXq7SHBjLH1im0FyktxxkFrMHgsMqU01%3Dtg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Staggering unarchive module requests

[Guy Knights]

I have a task that uses the unarchive module to download a source package
from a site on the internet. However, I'm getting an HTTP 429 "Too many
requests" message when this task runs, as the parallel calls from multiple
hosts are making the request at the same time.

Is there any simple way to stagger these requests? I know the 'serial'
option exists but that only works at the playbook level and I definitely
don't want to serialise every task in this role.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9ms4vOTwzAdHwVg%2BJJvgCWBaB-N74CwLLszsrFjzP7GL2A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Suggestion: version-specific documentation

[Guy Knights]

One thing I find a little frustrating about the online documentation for
Ansible is that there's no way to look at the docs for a specific version.
I realise that a lot of people just use the devel branch but there are
those of us that stick to a specific version.

When I'm looking at the docs for a particular module it's easy to overlook
the notes specifying which version of Ansible that module or module
parameter was added as they're spread throughout the module documentation
page.

I think it would be better to have separate docs per major version, like
the Apache docs for example (https://httpd.apache.org/docs/). There could
also be a "latest" version for the devel branch.

I did a bit of a search through the mailing list and found this thread from
2013 discussing the same thing but it doesn't look like it came to fruition:

https://groups.google.com/forum/#!searchin/ansible-project/version$20documentation%7Csort:relevance/ansible-project/2Xi6xkyPEsY/ye418hhlYwwJ

Regards,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvu8bbf1S-1a4nhhi0T0rNQR_1bs7qS6xGMnZi%2B9zhSfQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Weird ec2_elb_facts error

[Guy Knights]

I'm running into a very odd problem with an ansible playbook that I'm
running from Jenkins. The playbook executes the ec2_elb_facts module
(without the names parameter). When it runs from my jenkins pipeline job, I
get the following error:

TypeError: argument of type 'NoneType' is not iterable


The exact same playbook command (ie. copied and pasted from the
jenkinsfile script) on the command line of the same jenkins server,
and it worked fine.


Has anyone else experienced this issue? Any idea what the problem might be?


Thanks,

Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9muoP_DWwxxcwoBhfSQBNOZQ53A8nsQQ4CoUFbL6EK3X%3Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Docker container fails to reload

[Guy Knights]

I pulled the latest stable-2.1 commits and after some more testing I've
discovered that Ansible isn't actually restarting the containers, but was
reporting that the task changed even though nothing changed. There was a
small period of time I was running and re-running it where it seemed to
settle down and stop reporting that the task changed, but I just tried it a
couple of times and it's started doing it again.

On Tue, Sep 13, 2016 at 10:49 AM, Bryan Hiestand <bryanhiest...@gmail.com>
wrote:

> I have also been having this issue, but haven't dug deeper at this point.
>
> On Monday, September 12, 2016 at 5:25:00 PM UTC-7, Guy Knights wrote:
>>
>> It's been a while but I figured I'd bump this to see if anyone has any
>> insight into my question above about why ansible insists on restarting
>> containers even though the task config hasn't changed.
>>
>> On Wednesday, 29 June 2016 10:01:08 UTC-7, Guy Knights wrote:
>>>
>>> Ok, I changed this to use docker_container and it seems to be working ok
>>> now.
>>>
>>> One thing I am curious about though, is that every time this task runs
>>> it registers as 'changed' even though the restart policy is explicitly set
>>> to 'no'. None of the module arguments have changed between runs, so is
>>> there a valid reason why this is happening?
>>>
>>> Thanks,
>>> Guy
>>>
>>> On Tue, Jun 28, 2016 at 4:32 PM, Guy Knights <guy.k...@gmail.com> wrote:
>>>
>>>> Hmm, no that didn't fix it for me unfortunately. I updated the
>>>> docker-engine package to the latest and also pulled the latest ansible
>>>> stable-2.1 commits, but it still fails with the same error. I'll try
>>>> changing over to the new docker_container module instead and see if that
>>>> fixes it for me.
>>>>
>>>> Thanks anyway!
>>>> Guy
>>>>
>>>> On Wed, Jun 22, 2016 at 11:42 AM, Henrique Santos Fernandes <
>>>> sf.r...@gmail.com> wrote:
>>>>
>>>>> Hello Guy,
>>>>>
>>>>> Have you updated you docker server?
>>>>> I am not sure, but i had the same problem now! and I just updated some
>>>>> one else pull requets that should solve it: https://github.com/ansible
>>>>> /ansible-modules-core/pull/4015
>>>>>
>>>>> But with older ansible, it did not showed an error, it just reloaded
>>>>> the container, i havent looked into it. I know it reloads when it should
>>>>> not, like it is reloading for a container that did not change, eitherway,
>>>>> the PR make it run again.
>>>>> If you have Labels at the Dockerfile, the container will restart if
>>>>> you did not add them to the ansible task. Not sure if this should be the
>>>>> behavior, but it is.
>>>>>
>>>>> Also i think ansible 2.2 will not have this issue, as it is
>>>>> deprecating the docker module and using a newer one.
>>>>>
>>>>> Hope that helps!
>>>>>
>>>>>
>>>>> Em terça-feira, 21 de junho de 2016 21:20:40 UTC-3, Guy Knights
>>>>> escreveu:
>>>>>>
>>>>>> Hi Johannes,
>>>>>>
>>>>>> It's a git clone of the stable-2.1 branch. I recently (like, today)
>>>>>> did a 'git pull' in addition to 'git submodule update --recursive' and
>>>>>> tried again, still got the same error.
>>>>>>
>>>>>> I just tried switching back to the stable-2.0.0.1 branch and it seems
>>>>>> to be working fine, so it appears to be a specific 2.1 issue.
>>>>>>
>>>>>> Thanks,
>>>>>> Guy
>>>>>>
>>>>>> On Thursday, June 2, 2016 at 1:31:56 AM UTC-7, Johannes Kastl wrote:
>>>>>>>
>>>>>>> On 31.05.16 21:23 Guy Knights wrote:
>>>>>>>
>>>>>>> > I only started getting this recently after I started using ansible
>>>>>>> 2.1. The
>>>>>>> > docker task in question hasn't been modified in a long time, and
>>>>>>> if I
>>>>>>> > manually remove the container from the host and re-run the
>>>>>>> playbook, it
>>>>>>> > starts the container ok.
>>>>>>>
>>>>>>> How did you install ansible 2.1? Recently there was an error because
>>

Re: [ansible-project] Docker container fails to reload

[Guy Knights]

It's been a while but I figured I'd bump this to see if anyone has any 
insight into my question above about why ansible insists on restarting 
containers even though the task config hasn't changed.

On Wednesday, 29 June 2016 10:01:08 UTC-7, Guy Knights wrote:
>
> Ok, I changed this to use docker_container and it seems to be working ok 
> now.
>
> One thing I am curious about though, is that every time this task runs it 
> registers as 'changed' even though the restart policy is explicitly set to 
> 'no'. None of the module arguments have changed between runs, so is there a 
> valid reason why this is happening?
>
> Thanks,
> Guy
>
> On Tue, Jun 28, 2016 at 4:32 PM, Guy Knights <guy.knig...@gmail.com> 
> wrote:
>
>> Hmm, no that didn't fix it for me unfortunately. I updated the 
>> docker-engine package to the latest and also pulled the latest ansible 
>> stable-2.1 commits, but it still fails with the same error. I'll try 
>> changing over to the new docker_container module instead and see if that 
>> fixes it for me.
>>
>> Thanks anyway!
>> Guy
>>
>> On Wed, Jun 22, 2016 at 11:42 AM, Henrique Santos Fernandes <
>> sf.ri...@gmail.com> wrote:
>>
>>> Hello Guy,
>>>
>>> Have you updated you docker server?
>>> I am not sure, but i had the same problem now! and I just updated some 
>>> one else pull requets that should solve it: 
>>> https://github.com/ansible/ansible-modules-core/pull/4015
>>>
>>> But with older ansible, it did not showed an error, it just reloaded the 
>>> container, i havent looked into it. I know it reloads when it should not, 
>>> like it is reloading for a container that did not change, eitherway, the PR 
>>> make it run again. 
>>> If you have Labels at the Dockerfile, the container will restart if you 
>>> did not add them to the ansible task. Not sure if this should be the 
>>> behavior, but it is.
>>>
>>> Also i think ansible 2.2 will not have this issue, as it is deprecating 
>>> the docker module and using a newer one.
>>>
>>> Hope that helps! 
>>>
>>>
>>> Em terça-feira, 21 de junho de 2016 21:20:40 UTC-3, Guy Knights escreveu:
>>>>
>>>> Hi Johannes,
>>>>
>>>> It's a git clone of the stable-2.1 branch. I recently (like, today) did 
>>>> a 'git pull' in addition to 'git submodule update --recursive' and tried 
>>>> again, still got the same error.
>>>>
>>>> I just tried switching back to the stable-2.0.0.1 branch and it seems 
>>>> to be working fine, so it appears to be a specific 2.1 issue.
>>>>
>>>> Thanks,
>>>> Guy
>>>>
>>>> On Thursday, June 2, 2016 at 1:31:56 AM UTC-7, Johannes Kastl wrote:
>>>>>
>>>>> On 31.05.16 21:23 Guy Knights wrote: 
>>>>>
>>>>> > I only started getting this recently after I started using ansible 
>>>>> 2.1. The 
>>>>> > docker task in question hasn't been modified in a long time, and if 
>>>>> I 
>>>>> > manually remove the container from the host and re-run the playbook, 
>>>>> it 
>>>>> > starts the container ok. 
>>>>>
>>>>> How did you install ansible 2.1? Recently there was an error because 
>>>>> some git submodules were not up to date and caused problems... 
>>>>>
>>>>> Johannes 
>>>>>
>>>>>
>>>>> -- 
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/d/topic/ansible-project/1UTB7O5ZvpE/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to 
>>> ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5eb48b40-08b6-4a10-a2c7-dc935c5e8829%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] UFW module issues

[Guy Knights]

I'm running into a confusing issue with the UFW module. I've been using the
same role to configure my rules for a while without any problems, but
recently I pulled the latest updates for stable-2.1 and now I'm getting the
following error for the task below:

- name: enable firewall policy if specified
  ufw:
policy: reject
state: enabled
  when: "{{ firewall.enabled }} == True"

FAILED! => {"changed": false, "failed": true, "msg": "Direction must be
specified when creating a rule on an interface"}

I haven't specified an interface so the error doesn't really make sense to
me, but all the same I tried adding a direction parameter to the above
task, and after doing so it gives me the following different error:

FAILED! => {"changed": false, "failed": true, "msg": "ERROR: Invalid
syntax\n"}

In the docs for the UFW module it has the following example which is, for
all intents and purposes, the same as my original task:

# Allow everything and enable UFW
ufw: state=enabled policy=allow

Any help would be appreciated!

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtE%2BJPEEjq%2B%2BA59EsnVUoXMKrAbOfi6EBxZ37J7rfKEUw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ec2.ini pattern_exclude and instance_filters

[Guy Knights]

Oops, just noting that I accidentally mistyped the instance_filter line in
the second error above (The filter '~Platform' is invalid").

On Mon, Aug 22, 2016 at 11:14 AM, Guy Knights <guy.knig...@gmail.com> wrote:

> I'm trying to remove certain ec2 hosts from having ansible run on them by
> using the instance_filters and/or pattern_exclude options in the ini file
> for ec2.py, but it doesn't seem to be working. I tried using the following
> syntax for instance_filters:
>
> instance_filters = "tag:Environment=prod,!Platform=windows"
>
> However when I run a playbook it gives me the following error:
>
> The filter '!Platform' is invalid", while: getting EC2 instances
> inventory/prod/ec2.py:3: Error parsing host definition ': No closing
> quotation
>
> I removed the double quotes and I get a similar error:
>
> The filter '~Platform' is invalid", while: getting EC2 instances
> inventory/prod/ec2.py:3: Error parsing host definition ': No closing
> quotation
>
> I also tried changing them to single quotes but once again got yet another
> slightly different error:
>
> The filter ''tag:Environment' is invalid", while: getting EC2 instances
> inventory/prod/ec2.py:3: Error parsing host definition ': No closing
> quotation
>
> Meanwhile, I tried playing with pattern_exclude instead. I added the
> following:
>
> pattern_exclude = '*-ad'
>
> When I run this, it still tries to excute the playbook on servers whose
> names match the pattern 'example-ec2-ad'.
>
> What am I doing wrong here?
>
> Thanks,
> Guy
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mt%2BfTpOPawOxCOi%3D%2B5LNzA%2BzAdaXHw3KnM%3DsiETyjr-9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ec2.ini pattern_exclude and instance_filters

[Guy Knights]

I'm trying to remove certain ec2 hosts from having ansible run on them by
using the instance_filters and/or pattern_exclude options in the ini file
for ec2.py, but it doesn't seem to be working. I tried using the following
syntax for instance_filters:

instance_filters = "tag:Environment=prod,!Platform=windows"

However when I run a playbook it gives me the following error:

The filter '!Platform' is invalid", while: getting EC2 instances
inventory/prod/ec2.py:3: Error parsing host definition ': No closing
quotation

I removed the double quotes and I get a similar error:

The filter '~Platform' is invalid", while: getting EC2 instances
inventory/prod/ec2.py:3: Error parsing host definition ': No closing
quotation

I also tried changing them to single quotes but once again got yet another
slightly different error:

The filter ''tag:Environment' is invalid", while: getting EC2 instances
inventory/prod/ec2.py:3: Error parsing host definition ': No closing
quotation

Meanwhile, I tried playing with pattern_exclude instead. I added the
following:

pattern_exclude = '*-ad'

When I run this, it still tries to excute the playbook on servers whose
names match the pattern 'example-ec2-ad'.

What am I doing wrong here?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mv6HGitEjPFqRW8ME%2Be9-bsO80mCRGm%2BKC98Edsqkd%3DhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Invalid interface clause error with ufw module and log param

[Guy Knights]

I tried changing this task to not use a loop and instead just made it a 
standard task definition, as below:

- name: apply ssh rule
  ufw:
port: 22
proto: 'tcp'
src: '192.168.0.0/24'
rule: allow
direction: in
log: 'yes'
interface: eth0
state: enabled

I tried it with and without the interface parameter but I still get the 
same error, "Invalid interface clause". The only interface in this machine 
is eth0 so the interface name is correct.

Does anyone have a solution for this?

Guy

On Monday, July 4, 2016 at 5:19:54 PM UTC-7, Guy Knights wrote:
>
> I have some tasks that use the ufw module to add firewall rules, which up 
> until now have been working fine. Today however, I added the 'log' 
> parameter to the ufw task and I got the following error: "ERROR: Invalid 
> interface clause".
>
> My task definition is below:
>
> - name: apply rules using 'firewall' variable defined in inventory vars
>   ufw:
> port: "{{ item.0.port|default(omit) }}"
> proto: "{{ item.0.proto|default(omit) }}"
> src: "{{ item.1 }}"
> rule: "{{ item.0.rule }}"
> direction: "{{ item.0.direction|default(omit) }}"
> log: "{{ item.0.log|default('no') }}"
> state: enabled
>   with_subelements:
> - "{{ firewall.rules }}"
> - src
>
> The troublesome firewall variable that's failing for the task above is:
>
> firewall:
>   rules:
> ssh:
>   port: 22
>   proto: tcp
>   src: "{{ ips.ssh }}"
>   rule: allow
>   direction: in
>   log: 'yes'
>
> If I remove log: "{{ item.0.log|default('no') }}" from the ufw task it 
> works fine.
>
> Thanks,
> Guy
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/08e620fd-fdfd-43d6-a9e2-deeda2160ad3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Invalid interface clause error with ufw module and log param

[Guy Knights]

I have some tasks that use the ufw module to add firewall rules, which up
until now have been working fine. Today however, I added the 'log'
parameter to the ufw task and I got the following error: "ERROR: Invalid
interface clause".

My task definition is below:

- name: apply rules using 'firewall' variable defined in inventory vars
  ufw:
port: "{{ item.0.port|default(omit) }}"
proto: "{{ item.0.proto|default(omit) }}"
src: "{{ item.1 }}"
rule: "{{ item.0.rule }}"
direction: "{{ item.0.direction|default(omit) }}"
log: "{{ item.0.log|default('no') }}"
state: enabled
  with_subelements:
- "{{ firewall.rules }}"
- src

The troublesome firewall variable that's failing for the task above is:

firewall:
  rules:
ssh:
  port: 22
  proto: tcp
  src: "{{ ips.ssh }}"
  rule: allow
  direction: in
  log: 'yes'

If I remove log: "{{ item.0.log|default('no') }}" from the ufw task it
works fine.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtHQz9qrURUBx_dAb4E1ZFaoVNGXQ%2BrNK0NYw6fL5wabQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Docker container fails to reload

[Guy Knights]

Ok, I changed this to use docker_container and it seems to be working ok
now.

One thing I am curious about though, is that every time this task runs it
registers as 'changed' even though the restart policy is explicitly set to
'no'. None of the module arguments have changed between runs, so is there a
valid reason why this is happening?

Thanks,
Guy

On Tue, Jun 28, 2016 at 4:32 PM, Guy Knights <guy.knig...@gmail.com> wrote:

> Hmm, no that didn't fix it for me unfortunately. I updated the
> docker-engine package to the latest and also pulled the latest ansible
> stable-2.1 commits, but it still fails with the same error. I'll try
> changing over to the new docker_container module instead and see if that
> fixes it for me.
>
> Thanks anyway!
> Guy
>
> On Wed, Jun 22, 2016 at 11:42 AM, Henrique Santos Fernandes <
> sf.ri...@gmail.com> wrote:
>
>> Hello Guy,
>>
>> Have you updated you docker server?
>> I am not sure, but i had the same problem now! and I just updated some
>> one else pull requets that should solve it:
>> https://github.com/ansible/ansible-modules-core/pull/4015
>>
>> But with older ansible, it did not showed an error, it just reloaded the
>> container, i havent looked into it. I know it reloads when it should not,
>> like it is reloading for a container that did not change, eitherway, the PR
>> make it run again.
>> If you have Labels at the Dockerfile, the container will restart if you
>> did not add them to the ansible task. Not sure if this should be the
>> behavior, but it is.
>>
>> Also i think ansible 2.2 will not have this issue, as it is deprecating
>> the docker module and using a newer one.
>>
>> Hope that helps!
>>
>>
>> Em terça-feira, 21 de junho de 2016 21:20:40 UTC-3, Guy Knights escreveu:
>>>
>>> Hi Johannes,
>>>
>>> It's a git clone of the stable-2.1 branch. I recently (like, today) did
>>> a 'git pull' in addition to 'git submodule update --recursive' and tried
>>> again, still got the same error.
>>>
>>> I just tried switching back to the stable-2.0.0.1 branch and it seems to
>>> be working fine, so it appears to be a specific 2.1 issue.
>>>
>>> Thanks,
>>> Guy
>>>
>>> On Thursday, June 2, 2016 at 1:31:56 AM UTC-7, Johannes Kastl wrote:
>>>>
>>>> On 31.05.16 21:23 Guy Knights wrote:
>>>>
>>>> > I only started getting this recently after I started using ansible
>>>> 2.1. The
>>>> > docker task in question hasn't been modified in a long time, and if I
>>>> > manually remove the container from the host and re-run the playbook,
>>>> it
>>>> > starts the container ok.
>>>>
>>>> How did you install ansible 2.1? Recently there was an error because
>>>> some git submodules were not up to date and caused problems...
>>>>
>>>> Johannes
>>>>
>>>>
>>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/1UTB7O5ZvpE/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msOZNwzw3i%3D2XW6cmXsL%2B-c_smUH8apyDyhR4f8SNr54w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Docker container fails to reload

[Guy Knights]

Hmm, no that didn't fix it for me unfortunately. I updated the
docker-engine package to the latest and also pulled the latest ansible
stable-2.1 commits, but it still fails with the same error. I'll try
changing over to the new docker_container module instead and see if that
fixes it for me.

Thanks anyway!
Guy

On Wed, Jun 22, 2016 at 11:42 AM, Henrique Santos Fernandes <
sf.ri...@gmail.com> wrote:

> Hello Guy,
>
> Have you updated you docker server?
> I am not sure, but i had the same problem now! and I just updated some one
> else pull requets that should solve it:
> https://github.com/ansible/ansible-modules-core/pull/4015
>
> But with older ansible, it did not showed an error, it just reloaded the
> container, i havent looked into it. I know it reloads when it should not,
> like it is reloading for a container that did not change, eitherway, the PR
> make it run again.
> If you have Labels at the Dockerfile, the container will restart if you
> did not add them to the ansible task. Not sure if this should be the
> behavior, but it is.
>
> Also i think ansible 2.2 will not have this issue, as it is deprecating
> the docker module and using a newer one.
>
> Hope that helps!
>
>
> Em terça-feira, 21 de junho de 2016 21:20:40 UTC-3, Guy Knights escreveu:
>>
>> Hi Johannes,
>>
>> It's a git clone of the stable-2.1 branch. I recently (like, today) did a
>> 'git pull' in addition to 'git submodule update --recursive' and tried
>> again, still got the same error.
>>
>> I just tried switching back to the stable-2.0.0.1 branch and it seems to
>> be working fine, so it appears to be a specific 2.1 issue.
>>
>> Thanks,
>> Guy
>>
>> On Thursday, June 2, 2016 at 1:31:56 AM UTC-7, Johannes Kastl wrote:
>>>
>>> On 31.05.16 21:23 Guy Knights wrote:
>>>
>>> > I only started getting this recently after I started using ansible
>>> 2.1. The
>>> > docker task in question hasn't been modified in a long time, and if I
>>> > manually remove the container from the host and re-run the playbook,
>>> it
>>> > starts the container ok.
>>>
>>> How did you install ansible 2.1? Recently there was an error because
>>> some git submodules were not up to date and caused problems...
>>>
>>> Johannes
>>>
>>>
>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/1UTB7O5ZvpE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/35c5b979-55e5-497f-8ec2-188890a2346a%40googlegroups.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mu8W4Kza%3DVWCpAgLDs5uh-D9J%3DUtaV2mo_BzNWTmhG%3DsA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Environment-separated inventories ignored with cached host data

[Guy Knights]

I have my inventory separated into environment-specific directories, with
an ec2 dynamic inventory script in each inventory dir. Each ec2 inventory
script filters out instances by their "Environment" tag. I run my playbooks
by using the '-i' command-line parameter and pointing to the specific
environment inventory I want to run, which normally works.

However, I ran into an issue this morning where I was trying to run a
playbook against my staging servers but ansible-playbook was instead
running it over my prod servers. I re-ran it a few times, including
--list-hosts to confirm the instances it was trying to apply the playbook
to, but it was still using my prod inventory. I also confirmed that I was
using '-i inventory/stage/' in the command, which I was.

I had a thought, and removed both /tmp/ansible_fact_cache and
~/.ansible/tmp/* and re-ran the exact same command, and this time my
staging inventory was used correctly.

Is this a known issue? Have I configured something wrong here? I'm very
confused by this behaviour.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9muXO3G%3D1DhqzcmzffD7o706Efm%3DEXxuPt84sG93cT23Kw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Docker container fails to reload

[Guy Knights]

Hi Johannes,

It's a git clone of the stable-2.1 branch. I recently (like, today) did a 
'git pull' in addition to 'git submodule update --recursive' and tried 
again, still got the same error.

I just tried switching back to the stable-2.0.0.1 branch and it seems to be 
working fine, so it appears to be a specific 2.1 issue.

Thanks,
Guy

On Thursday, June 2, 2016 at 1:31:56 AM UTC-7, Johannes Kastl wrote:
>
> On 31.05.16 21:23 Guy Knights wrote: 
>
> > I only started getting this recently after I started using ansible 2.1. 
> The 
> > docker task in question hasn't been modified in a long time, and if I 
> > manually remove the container from the host and re-run the playbook, it 
> > starts the container ok. 
>
> How did you install ansible 2.1? Recently there was an error because 
> some git submodules were not up to date and caused problems... 
>
> Johannes 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/25c89602-1d8a-4ecc-b148-7f90bfd54bd5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Docker container fails to reload

[Guy Knights]

I keep getting this error when I run a playbook with a docker task whose
state is set to 'reloaded':

fatal: [10.0.3.22]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "", "module_stdout": "Traceback (most recent call
last):\r\n  File \"/tmp/ansible_T257mO/ansible_module_docker.py\", line
1972, in \r\nmain()\r\n  File
\"/tmp/ansible_T257mO/ansible_module_docker.py\", line 1942, in main\r\n
 reloaded(manager, containers, count, name)\r\n  File
\"/tmp/ansible_T257mO/ansible_module_docker.py\", line 1792, in
reloaded\r\nfor container in manager.get_differing_containers():\r\n
 File \"/tmp/ansible_T257mO/ansible_module_docker.py\", line 1305, in
get_differing_containers\r\nname, value = container_label.split('=',
1)\r\nValueError: need more than 1 value to unpack\r\n", "msg": "MODULE
FAILURE", "parsed": false}
I only started getting this recently after I started using ansible 2.1. The
docker task in question hasn't been modified in a long time, and if I
manually remove the container from the host and re-run the playbook, it
starts the container ok.

Does anyone know why it's doing this suddenly?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvOyB2cz6Vmx7pCMJ8e%3Dyvgdbc%3DTDwavNd2QsY%3Dcvhiug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Changing UFW rules

[Guy Knights]

Does anyone have a solution for dealing with changes to UFW rules in
Ansible? The issue is that occasionally, I have to change a rule in some
way (change IPs/networks, change port) but the old rule still remains. I
could add a separate, special rule to delete the old version but that seems
overly fiddly to me.

When I was first playing around with this, I did have a rule at the
beginning of my firewall playbook that reset UFW on every run before
applying the rule tasks but I decided to remove it because it seems like
the wrong approach.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvSrq%3DYNnN%3DNUTb0vz3Qoadu4yQ2pSTia7Jx2Rbk2c76g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Undefined variables and loops

[Guy Knights]

I've run into a deprecation error related to an undefined variable in a
with_items loop. The task definition is below:

name: template syslog config snippets
template:
  src: "{{ item }}.conf.j2"
  dest: "/etc/rsyslog.d/{{ item }}.conf"
  mode: 0644
with_items: "{{ syslog.snippets|default(1) }}"
when: syslog is defined
notify:
  - restart rsyslog

The "when" clause was originally 'when: syslog is defined and
syslog.snippets is defined', but I was getting the deprecation warning for
both syslog and syslog.snippets and I found various threads which explained
the issue with when clauses and loops, so I adjusted it as suggested.
However, because the list I'm referencing is actually a value of a dict
key, I still need to test that 'syslog' is defined, but I'm still getting
the deprecation warning about 'syslog' not being defined.

[DEPRECATION WARNING]: Skipping task due to undefined Error, in the future
this will be a fatal error.: 'syslog' is undefined.
This
feature will be removed in a future release.

Is there a way to test for this effectively, or is my only option to define
a 'fake' syslog var for servers that don't have it, so that it passes the
test for syslog, but not syslog.snippets?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvCU6x1kgZa%2Bt3Zu4ZO%2B6n4%2BoNAd8HM99tbz-D7SWa3kw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Apps/utilities to store facts?

[Guy Knights]

Are there any apps out there designed to store facts from ansible runs,
kind of like puppetdb? I think it would be kind of useful to have this info
readily available to view/query outside of playbook runs.

Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvW924agwyRkkmitD7aiYtTJOEYA-wK4Fqmpid4H0hfBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Random "'ansible_hostname' is undefined" errors

[Guy Knights]

I have a weird issue where occasionally when I run a playbook that has a
task which uses the {{ ansible_hostname }} variable in it, I get an
error "'ansible_hostname' is undefined". In most cases, if I re-run the
playbook again right after I see the errors, it works fine and I don't see
these errors.

Does anyone know why this might be happening?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msH0Qa79nirc9QHx1qhQp04ibh8h1%3DOMS4Cmz77jubKgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Docker container always reloaded

[Guy Knights]

I have a particular task that starts a docker container, and for some 
reason every time it runs it reloads the container. The task definition is 
below:

docker:
name: zabbix
image: "zabbix/zabbix-{{ zabbix.version }}"
state: reloaded
pull: always
expose:
  - 80
  - 10051
ports:
  - "80:80"
  - "10051:10051"
env:
  TZ: "{{ timezone }}"
  ENVIRONMENT: "{{ env }}"
  ZS_DBHost: "{{ zabbix.db.host }}"
  ZS_DBUser: "{{ zabbix.db.user }}"
  ZS_DBPassword: "{{ zabbix.db.password }}"

None of the above options have changed between runs so I'm not sure why it 
decides to reload every time. I have other docker tasks that (correctly) 
only reload the container when the parameters have changed.

I saw a thread about adding 'net: bridge' to stop this behaviour which I 
tried, but it didn't work. Does anyone have any suggestions as to how I can 
make it operate correctly?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e87059bc-08a0-491a-9e30-d8c62aa5ee49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Docker module giving error after image is pulled

[Guy Knights]

I figured it out - I didn't realise, but the installation instructions for 
docker on Ubuntu have changed. I went through the instructions 
at https://docs.docker.com/engine/installation/linux/ubuntulinux/ and the 
issue is now fixed. I guess the older lxc-docker package was configured to 
use the v1 registry endpoint. After installing the new docker-engine 
package my docker tasks are working again.

On Monday, February 29, 2016 at 3:16:21 PM UTC-8, Guy Knights wrote:
>
> For the record, this was working fine a couple of hours ago.
>
> On Monday, February 29, 2016 at 3:13:45 PM UTC-8, Guy Knights wrote:
>>
>> I have a role that runs nginx in a docker container using the official 
>> nginx image from docker hub. The docker task returns the following error 
>> after it pulls the image:
>>
>> "failed": true, "msg": "Unrecognized status from pull.", "status": "
>> docker.io/library/nginx: this image was pulled from a legacy registry. 
>>  Important: This registry version will not be supported in future versions 
>> of docker."
>>
>> I tried completely removing the image and associated containers from the 
>> machines that were running it and then I re-ran the playbook that executes 
>> this task, but it still gives the same error.
>>
>> Does anyone know a way to fix this?
>>
>> Thanks,
>> Guy
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/71ab180e-3407-439e-906a-336dab6285c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Docker module giving error after image is pulled

[Guy Knights]

For the record, this was working fine a couple of hours ago.

On Monday, February 29, 2016 at 3:13:45 PM UTC-8, Guy Knights wrote:
>
> I have a role that runs nginx in a docker container using the official 
> nginx image from docker hub. The docker task returns the following error 
> after it pulls the image:
>
> "failed": true, "msg": "Unrecognized status from pull.", "status": "
> docker.io/library/nginx: this image was pulled from a legacy registry. 
>  Important: This registry version will not be supported in future versions 
> of docker."
>
> I tried completely removing the image and associated containers from the 
> machines that were running it and then I re-ran the playbook that executes 
> this task, but it still gives the same error.
>
> Does anyone know a way to fix this?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/27206035-21cf-4886-b08f-56788f97530c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Docker module giving error after image is pulled

[Guy Knights]

I have a role that runs nginx in a docker container using the official 
nginx image from docker hub. The docker task returns the following error 
after it pulls the image:

"failed": true, "msg": "Unrecognized status from pull.", "status": 
"docker.io/library/nginx: this image was pulled from a legacy registry. 
 Important: This registry version will not be supported in future versions 
of docker."

I tried completely removing the image and associated containers from the 
machines that were running it and then I re-ran the playbook that executes 
this task, but it still gives the same error.

Does anyone know a way to fix this?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/715dfb8b-0674-4d48-9935-876727fa8f7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] "Cannot start container" when running docker task

[Guy Knights]

Ok, thanks Greg. I'll follow up your lead.

On Thu, Jan 28, 2016 at 7:05 PM, Greg DeKoenigsberg <g...@ansible.com>
wrote:

> On Thu, Jan 28, 2016 at 7:53 PM, Guy Knights <guy.knig...@gmail.com>
> wrote:
> > I occasionally get the following error in some of my docker tasks, which
> > stops ansible-playbook dead:
> >
> > "changed": true, "failed": true, "msg": "Docker API Error: Cannot start
> > container
> 1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565:
> > Error getting container
> > 1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565 from
> driver
> > devicemapper: Error mounting
> >
> '/dev/mapper/docker-202:1-153569-1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565'
> > on
> >
> '/var/lib/docker/devicemapper/mnt/1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565':
> > no such file or directory"
> >
> > More often than not, if I re-run the same ansible-playbook command again
> it
> > works fine. Has anyone encountered this, and if so did you manage to
> resolve
> > it?
>
> If you're getting a transient Docker API error, that's almost
> certainly not an issue with Ansible; it's likely that you're running
> Docker frequently enough to trigger some transient error. My guess is
> that you'd be running into that problem if you ran Docker repeatedly
> on the command line.
>
> In fact, this issue looks a lot like what you're seeing:
>
> https://github.com/docker/docker/issues/4036
>
> Looks like a Docker race condition.
>
> --g
>
> > Thanks,
> > Guy
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to ansible-project+unsubscr...@googlegroups.com.
> > To post to this group, send email to ansible-project@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/916b194a-4181-4567-8e0f-680cf14959de%40googlegroups.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Greg DeKoenigsberg
> Ansible Community Guy
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/Jxcvw0-udjo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAM1FbhE903QY0YvS3U5h8uC7UCOtNPUS%3DRKx3%2BNfNGKQh5eFrw%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mubWxQPFmLrMLwLNH7kL6bgStq8GSodduu6%3DPN8J2aaUA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] "Cannot start container" when running docker task

[Guy Knights]

I occasionally get the following error in some of my docker tasks, which 
stops ansible-playbook dead:

"changed": true, "failed": true, "msg": "Docker API Error: Cannot start 
container 1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565: 
Error getting container 
1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565 from 
driver devicemapper: Error mounting 
'/dev/mapper/docker-202:1-153569-1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565'
 
on 
'/var/lib/docker/devicemapper/mnt/1117bfd50795c71278d75e6f97ef1a1d67b5758658b57a5803ceffb28dea8565':
 
no such file or directory"

More often than not, if I re-run the same ansible-playbook command again it 
works fine. Has anyone encountered this, and if so did you manage to 
resolve it?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/916b194a-4181-4567-8e0f-680cf14959de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Confusing "variable is undefined" error

[Guy Knights]

I still haven't found the source of this issue, and I've just discovered 
another variable that is showing the same behaviour. I might also mention 
the structure of my group_vars folder; these vars I'm having trouble with 
are in separate files within *inventory/group_vars/all/*. As I understand 
it, using this pattern should be fine, and as I mentioned above I've tried 
dumping the contents of other variables from within the 
*inventory/group_vars/all/*.yml* files and they are fine. So it's really 
just these two specific variables that don't seem to be recognised.

For the record, the two vars I'm having trouble with are called *mysql* and 
*ips*. I thought maybe it was an issue where these are reserved words in 
Ansible, so I changed the var names but it didn't fix the problem.

If anyone has any suggestions, I'm all ears. I've been playing with this 
for a few days now and it's starting to do my head in.

Thanks,
Guy

On Thursday, January 14, 2016 at 1:50:04 PM UTC-8, Guy Knights wrote:
>
> Sorry, I should also mention that I'm on the devel branch. I tried it 
> using stable-2.0 but it did the same thing.
>
> On Thursday, January 14, 2016 at 1:49:28 PM UTC-8, Guy Knights wrote:
>>
>> I have a variable defined in group_vars that I'm trying to use in a task 
>> but it is failing for me. So I created a debug task to dump the contents of 
>> this variable so I can see what ansible thinks is defined. If I try the 
>> following:
>>
>> - debug: var=mysql
>>
>> It outputs "mysql": "VARIABLE IS NOT DEFINED!". I changed the above debug 
>> task to:
>>
>> - debug: var=hostvars[inventory_hostname]['mysql']
>>
>> When I run it with the change above I get instead:
>>
>> "hostvars[inventory_hostname]['mysql']": {
>> "dbs": [
>> {
>> "backup": {
>> "retention": 3,
>> "window": "06:00-06:30"
>> },
>> "name": "db1",
>> "size": 100,
>> "type": "rds",
>> "users": [
>> {
>> "host": "127.0.0.1",
>> "name": "db1user",
>> "password": "userpass",
>> "privs": [
>> "db1.*:ALL"
>> ]
>> }
>> ]
>> },
>> {
>> "name": "db2",
>> "type": "mysql",
>> "users": [
>> {
>> "host": "127.0.0.1",
>> "name": "root",
>> "password": "testpass",
>> "privs": [
>> "*.*:ALL"
>> ]
>> },
>> {
>> "host": "::1",
>> "name": "root",
>> "password": "testpass",
>> "privs": [
>> "*.*:ALL"
>> ]
>> },
>> {
>> "host": "localhost",
>> "name": "root",
>> "password": "testpass",
>> "privs": [
>> "*.*:ALL"
>> ]
>> },
>> {
>> "host": "{{ 
>> hostvars[inventory_hostname][ansible_hostname] }}",
>> "name": "root",
>> "password": "testpass",
>> "privs": [
>> "*.*:ALL"
>> ]
>> },
>> {
>> "host": "127.0.0.1",
>> "name": "db2user",
&

[ansible-project] Re: Confusing "variable is undefined" error

[Guy Knights]

Sorry, I should also mention that I'm on the devel branch. I tried it using 
stable-2.0 but it did the same thing.

On Thursday, January 14, 2016 at 1:49:28 PM UTC-8, Guy Knights wrote:
>
> I have a variable defined in group_vars that I'm trying to use in a task 
> but it is failing for me. So I created a debug task to dump the contents of 
> this variable so I can see what ansible thinks is defined. If I try the 
> following:
>
> - debug: var=mysql
>
> It outputs "mysql": "VARIABLE IS NOT DEFINED!". I changed the above debug 
> task to:
>
> - debug: var=hostvars[inventory_hostname]['mysql']
>
> When I run it with the change above I get instead:
>
> "hostvars[inventory_hostname]['mysql']": {
> "dbs": [
> {
> "backup": {
> "retention": 3,
> "window": "06:00-06:30"
> },
> "name": "db1",
> "size": 100,
> "type": "rds",
> "users": [
> {
> "host": "127.0.0.1",
> "name": "db1user",
> "password": "userpass",
> "privs": [
> "db1.*:ALL"
> ]
> }
> ]
> },
> {
> "name": "db2",
> "type": "mysql",
> "users": [
> {
> "host": "127.0.0.1",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "::1",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "localhost",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "{{ 
> hostvars[inventory_hostname][ansible_hostname] }}",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "127.0.0.1",
> "name": "db2user",
> "password": "userpass",
> "privs": [
> "db2.*:ALL"
> ]
> }
> ]
> },
> {
> "name": "db3",
> "type": "mysql",
> "users": [
> {
> "host": "127.0.0.1",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "::1",
> "name": "root",
> "password": "testpass",
> "privs": [
> "*.*:ALL"
> ]
> },
> {
> "host": "localhost",
> 

[ansible-project] Confusing "variable is undefined" error

[Guy Knights]

I have a variable defined in group_vars that I'm trying to use in a task 
but it is failing for me. So I created a debug task to dump the contents of 
this variable so I can see what ansible thinks is defined. If I try the 
following:

- debug: var=mysql

It outputs "mysql": "VARIABLE IS NOT DEFINED!". I changed the above debug 
task to:

- debug: var=hostvars[inventory_hostname]['mysql']

When I run it with the change above I get instead:

"hostvars[inventory_hostname]['mysql']": {
"dbs": [
{
"backup": {
"retention": 3,
"window": "06:00-06:30"
},
"name": "db1",
"size": 100,
"type": "rds",
"users": [
{
"host": "127.0.0.1",
"name": "db1user",
"password": "userpass",
"privs": [
"db1.*:ALL"
]
}
]
},
{
"name": "db2",
"type": "mysql",
"users": [
{
"host": "127.0.0.1",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "::1",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "localhost",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "{{ 
hostvars[inventory_hostname][ansible_hostname] }}",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "127.0.0.1",
"name": "db2user",
"password": "userpass",
"privs": [
"db2.*:ALL"
]
}
]
},
{
"name": "db3",
"type": "mysql",
"users": [
{
"host": "127.0.0.1",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "::1",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "localhost",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "{{ 
hostvars[inventory_hostname][ansible_hostname] }}",
"name": "root",
"password": "testpass",
"privs": [
"*.*:ALL"
]
},
{
"host": "127.0.0.1",
"name": "db3user",
"password": "userpass",
"privs": [
"db3.*:ALL"
]
}
]
}
]
}

So, it works when I reference the var from the hostvars, but when I 
reference it as a standalone variable it doesn't. I also checked with some 
other vars that are defined in the exact same way within my group_vars, and 
they output fine whichever method I use.

What's the issue here? Am I missing something?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4aff846a-12f2-438a-810e-7764faf23737%40googlegroups.com.
For more 

Re: [ansible-project] ansible-playbook hangs during execution

[Guy Knights]

Just an update, I used this method and was able to isolate the host that 
was causing the issue. It turned out to be an issue with my AWS VPC setup 
where the host didn't have a path to the internet and apt was hanging while 
trying to install packages.

On Monday, November 30, 2015 at 10:10:44 AM UTC-8, Guy Knights wrote:
>
> Sounds like a solid plan, I'll give it a go. Thanks!
>
> On Fri, Nov 27, 2015 at 11:01 PM, J Hawkesworth <
> j.r.hawkeswo...@googlemail.com> wrote:
>
>> Perhaps using -l to limit the playbook run to one host at a time would at 
>> least help you isolate the problem? I think -l takes group names and 
>> patterns if you have lots of hosts.
>>
>> -v might give you a clue what is going on too.
>>
>> --
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/78KLq9b9pCc/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/e8c31e5b-293b-42f5-9592-bf36afab5967%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f9789a0d-670a-424c-bc30-50d7db75446f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible-playbook hangs during execution

[Guy Knights]

Sounds like a solid plan, I'll give it a go. Thanks!

On Fri, Nov 27, 2015 at 11:01 PM, J Hawkesworth <
j.r.hawkeswo...@googlemail.com> wrote:

> Perhaps using -l to limit the playbook run to one host at a time would at
> least help you isolate the problem? I think -l takes group names and
> patterns if you have lots of hosts.
>
> -v might give you a clue what is going on too.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/78KLq9b9pCc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e8c31e5b-293b-42f5-9592-bf36afab5967%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvz9ya6BUhn4HjCLDR738XT7HqnVtjhi6pXmRoTgh885A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible-playbook stops after include

[Guy Knights]

As a quick follow-up on this, I since tried rolling back to stable-1.9 and
also the 1.9.3 tag as well, and interestingly neither of those would
execute past a specific point in my base.yaml playbook. When it reaches the
specific task, ansible hangs...if I comment out this task and re-run, it
then gets to the next task in the order but hangs on that one.

So, the plot thickens. In any case, this is really causing problems for me
as I have to run all my playbooks individually, and I might have to look at
breaking my base.yml up into different playbooks as it now doesn't complete.

On Thu, Oct 29, 2015 at 3:13 PM, Guy Knights <guy.knig...@gmail.com> wrote:

> Here's the content of my parent playbook:
>
> ---
> # file: playbooks/site.yml
> - include: base.yml
> - include: monitoring.yml
> - include: loadbalancer.yml
> - include: appserver.yml
> - include: clientserver.yml
> - include: gitlab.yml
> - include: ci.yml
> - include: useractivity.yml
> - include: job.yml
> - include: vpn.yml
> - include: registry.yml
> - include: logging.yml
> - include: mgmtserver.yml
>
> v2.0 of ansible-playbook completes only the tasks in base.yml and then
> completes as I already described. Interestingly, it *has* run through the
> stuff in monitoring.yml when I've tried it before, but it doesn't seem to
> do it any more. With v1.9.3 of ansible-playbook, it used to run through all
> the of the above before completing.
>
> On Wed, Oct 28, 2015 at 4:32 PM, Michael Legleux <legl...@gmail.com>
> wrote:
>
>> I'm glad you joined in, I never resolved this or got back around to this
>> problem.
>> I couldn't get any useful info about what was causing it either. I made a
>> few super simple examples, but of course they ran fine.
>> Part of my experiment involved running each include individually, which
>> worked so I was stymied.
>>
>> On Monday, October 26, 2015 at 4:26:23 PM UTC-7, Guy Knights wrote:
>>>
>>> I don't mean to hijack this thread, but I thought I should mention I'm
>>> having exactly the same problem. Worked in Ansible 1.9.3, in 2.0.0 it runs
>>> through all the tasks/roles in the first couple of includes and then stops
>>> (with a play recap), all without any errors.
>>>
>>> On Thursday, September 3, 2015 at 1:21:53 PM UTC-7, Michael Legleux
>>> wrote:
>>>>
>>>> The output shows no errors, nothing seems wrong.
>>>>
>>>> Running this playbook in devel, after qt5.yml is run, execution stops.
>>>> If I reverse the order, it only runs wx_widgets.yml.
>>>> Running this playbook in v1.9.3-0.3.rc3 results with both included
>>>> playbooks being executed properly.
>>>>
>>>> I simulated the execution order with 2 simpler playbooks (simply
>>>> touching files on the desktop) and they both get executed properly in 
>>>> devel.
>>>>
>>>> So maybe it's something with the modules I'm using in wx_widgets.yml or
>>>> qt5.yml but they don't have any obvious errors, and whichever one is run
>>>> first DOES get installed properly with no errors.
>>>> The only modules the playbooks use are:
>>>> apt_repository, apt_key and apt.
>>>>
>>>> I thought maybe I was including things incorrectly, but then testing it
>>>> in 1.9.3 showed it worked they way I was trying to nest includes. So I'm
>>>> confused.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wednesday, September 2, 2015 at 10:30:46 PM UTC-7, Bob Tanner wrote:
>>>>>
>>>>>
>>>>> On Wednesday, September 2, 2015 at 4:08:30 PM UTC-5, Michael Legleux
>>>>> wrote:
>>>>>>
>>>>>> This configuration works fine with 1.9.2 though.
>>>>>>
>>>>>>
>>>>> - output shows what?
>>>>>
>>>>>
>>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/ixI71kGSNzw/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/1a26815c-1645-448b-84c4-1353ab5b906e%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/1a26815c-1645-448b-84c4-1353ab5b906e%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9msW%2BKuGadgaW-xE5CcfNZwUNmXii55y6wXJe%3DuSQfSepQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible-playbook hangs during execution

[Guy Knights]

I have a playbook (site.yml) which includes a bunch of other playbooks. 
Each of these individual playbooks includes one or more roles. I've had 
problems with site.yml hanging at a specific point during execution, so I 
ran the individual playbook in which it's hanging. It still hangs at the 
same point, which is an apt task to install git. I commented this task out, 
and ansible-playbook progresses to the next task which is also an apt task, 
where it hangs again. To me it appears to be an issue with apt task 
execution on one or more hosts.

I tried to use ANSIBLE_KEEP_REMOTE_FILES=1 and -vvv to locate the script 
where it's hanging, but the problem is that when it hangs it has only 
output the status of the run on the previous host, and when I ctrl-c it to 
quit out of the playbook execution it just outputs the full list of hosts 
in no particular order, so I don't know which host it's hanging on.

Does anyone have any suggestions as to how I can troubleshoot this issue? 
It's a real problem for me as I can't install a bunch of packages that I 
need.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/da4ca12b-71af-4888-bcff-4734ba178298%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] 2.0 host key check issues

[Guy Knights]

I've noticed since I upgraded to 2.0 that something is wrong with host key 
checks when running ansible-playbook. Previously, under 1.9, if 
ansible-playbook encountered an unknown host key during the setup phase, it 
was present the standard OpenSSH host key prompt and pause to wait for user 
input. However, since 2.0 it now seems to continue with the next host even 
without any user input. This seems to cause issues as the run progresses 
and either causes the run to hang, or it just fails for the hosts with 
unknown keys. I have seen it wait at the prompt properly from time to time, 
but mostly I see the behaviour I just described.

Has anyone else noticed this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/07a0-fd12-419e-84c4-91005532066a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible-playbook stops after include

[Guy Knights]

I don't mean to hijack this thread, but I thought I should mention I'm 
having exactly the same problem. Worked in Ansible 1.9.3, in 2.0.0 it runs 
through all the tasks/roles in the first couple of includes and then stops 
(with a play recap), all without any errors.

On Thursday, September 3, 2015 at 1:21:53 PM UTC-7, Michael Legleux wrote:
>
> The output shows no errors, nothing seems wrong.
>
> Running this playbook in devel, after qt5.yml is run, execution stops. If 
> I reverse the order, it only runs wx_widgets.yml.
> Running this playbook in v1.9.3-0.3.rc3 results with both included 
> playbooks being executed properly.
>
> I simulated the execution order with 2 simpler playbooks (simply touching 
> files on the desktop) and they both get executed properly in devel.
>
> So maybe it's something with the modules I'm using in wx_widgets.yml or 
> qt5.yml but they don't have any obvious errors, and whichever one is run 
> first DOES get installed properly with no errors.
> The only modules the playbooks use are:
> apt_repository, apt_key and apt.
>
> I thought maybe I was including things incorrectly, but then testing it in 
> 1.9.3 showed it worked they way I was trying to nest includes. So I'm 
> confused.
>
>
>
>
>
>
> On Wednesday, September 2, 2015 at 10:30:46 PM UTC-7, Bob Tanner wrote:
>>
>>
>> On Wednesday, September 2, 2015 at 4:08:30 PM UTC-5, Michael Legleux 
>> wrote:
>>>
>>> This configuration works fine with 1.9.2 though.
>>>
>>>
>> - output shows what?
>>  
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26f3aedf-a7ae-4fbd-aa91-d25f229df344%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Adding dict key + value

[Guy Knights]

Apologies, 'the car' should be 'the var', in case it's not obvious.

On Friday, October 9, 2015 at 2:41:10 PM UTC-7, Guy Knights wrote:
>
> I'm trying to add a new key to an existing dictionary but I'm having some 
> trouble. I have this set_fact task:
>
> - set_fact:
> ha.listeners.backends[item.key].servers="{{ groups[item.key] }}"
>   with_dict: ha.listeners.backends
>
> It runs through without complaining, but when I debug the car there's new 
> data isn't in the dict. Is it even possible to do what I'm trying to do?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9465ff2c-f135-4446-9498-469e0282186c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Adding dict key + value

[Guy Knights]

I'm trying to add a new key to an existing dictionary but I'm having some 
trouble. I have this set_fact task:

- set_fact:
ha.listeners.backends[item.key].servers="{{ groups[item.key] }}"
  with_dict: ha.listeners.backends

It runs through without complaining, but when I debug the car there's new 
data isn't in the dict. Is it even possible to do what I'm trying to do?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4950967a-b95a-417a-b599-43dfd9aa7926%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] EC2 module, exact_count, and loops

[Guy Knights]

I have a playbook that fires up some ec2 instances in multiple subnets 
using exact_count and count_tag to control how many instances are created. 
I'm using when to loop over the subnets I want to use - in this particular 
case, there are 2 subnets in different availability zones, and I want to 
create one instance in each AZ.

The problem is that if I set exact_count to 1, ansible creates the first 
instance and then doesn't create the second instance in the second subnet 
as exact_count is already reached. If I change exact_count to 2, it will 
create 2 instances but they're in the same subnet. Basically, the loop is 
irrelevant.

Is there any way around this issue?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cdda1cb4-c274-4503-a0d4-9af7eef16f29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: EC2 module, exact_count, and loops

[Guy Knights]

ecture": "x86_64",
"dns_name": "",
"ebs_optimized": false,
"groups": {
"sg-3684fe53": "example-sg-app",
"sg-3c84fe59": "example-sg-access"
},
"hypervisor": "xen",
"id": "i-cb3fe479",
"image_id": "ami-df6a8b9b",
"instance_type": "c4.large",
"kernel": null,
"key_name": "example_key",
"launch_time": "2015-09-28T22:39:11.000Z",
"placement": "us-west-1a",
"private_dns_name": 
"ip-10-1-2-63.us-west-1.compute.internal",
"private_ip": "10.1.2.63",
"public_dns_name": "",
"public_ip": null,
"ramdisk": null,
"region": "us-west-1",
"root_device_name": "/dev/sda1",
"root_device_type": "ebs",
"state": "running",
"state_code": 16,
"tags": {
"Environment": "prod",
"Name": "example-ec2-app",
"Subnet": "example-subnet-app",
"Type": "app",
"VPC": "example"
},
"tenancy": "default",
"virtualization_type": "hvm"
}
]
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
}
]
}
}
}

It appears to me that Ansible thinks 2 instances exist, but I only see one 
in the AWS console.

On Thursday, October 8, 2015 at 11:23:50 AM UTC-7, Guy Knights wrote:
>
> I have a playbook that fires up some ec2 instances in multiple subnets 
> using exact_count and count_tag to control how many instances are created. 
> I'm using when to loop over the subnets I want to use - in this particular 
> case, there are 2 subnets in different availability zones, and I want to 
> create one instance in each AZ.
>
> The problem is that if I set exact_count to 1, ansible creates the first 
> instance and then doesn't create the second instance in the second subnet 
> as exact_count is already reached. If I change exact_count to 2, it will 
> create 2 instances but they're in the same subnet. Basically, the loop is 
> irrelevant.
>
> Is there any way around this issue?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cbcdf00e-1979-41b3-9a81-147dedf45df0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Notifying tasks in related roles

[Guy Knights]

Actually, having thought about it a bit more I could rephrase my question 
more simply as "is there anything like Puppet's 'subscribe' relationship 
parameter?"

On Tuesday, September 15, 2015 at 11:08:12 AM UTC-7, Guy Knights wrote:
>
> I have an haproxy role that can be used for a variety of purposes (load 
> balancing, local proxying, etc), and I need to be able to notify handlers 
> in several other roles if a task in the haproxy role changes, based on 
> which of those "other" roles exist on the current node. The main reason I 
> want to do this is because the above are running in linked docker 
> containers and if the haproxy container is restarted, sometimes the ip 
> address of the haproxy container can change which means the linked 
> container can't communicate with it. That being the case, can anyone tell 
> me if there's a way to do this in Ansible?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0809c12b-a100-4957-b374-ac163c4c4ebe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Notifying tasks in related roles

[Guy Knights]

I have an haproxy role that can be used for a variety of purposes (load 
balancing, local proxying, etc), and I need to be able to notify handlers 
in several other roles if a task in the haproxy role changes, based on 
which of those "other" roles exist on the current node. The main reason I 
want to do this is because the above are running in linked docker 
containers and if the haproxy container is restarted, sometimes the ip 
address of the haproxy container can change which means the linked 
container can't communicate with it. That being the case, can anyone tell 
me if there's a way to do this in Ansible?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1c5b1155-03f3-407a-a4b2-cb74c74e79a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Error creating RDS instance

[Guy Knights]

Bump. Does anyone have any insight into what the issue might be here?

Thanks,
Guy

On Thursday, July 16, 2015 at 2:04:12 PM UTC-7, Guy Knights wrote:

 I'm getting the following in a playbook a task to create an RDS instance 
 runs:

 msg: failed to create instance: null

 This task worked fine yesterday, today I made a minor change to the VPC 
 task (below) by adding another app subnet and specifying availability zones 
 for the 2 app subnets, but this should have no effect on the RDS task. The 
 RDS task itself hasn't been changed.

 - name: provision white label vpc
   ec2_vpc:
 state: present
 cidr_block: 10.{{ wl_vpc_prefix }}.0.0/16
 resource_tags: { Name: {{ wl_name }}-bbe-vpc }
 region: us-west-1
 subnets:
   - cidr: 10.{{ wl_vpc_prefix }}.1.0/24
 resource_tags: { Name: {{ wl_name }}-bbe-public }
   - cidr: 10.{{ wl_vpc_prefix }}.2.0/24
 az: us-west-1a
 resource_tags: { Name: {{ wl_name }}-bbe-app }
   - cidr: 10.{{ wl_vpc_prefix }}.3.0/24
 az: us-west-1b
 resource_tags: { Name: {{ wl_name }}-bbe-app }
   - cidr: 10.{{ wl_vpc_prefix }}.4.0/24
 resource_tags: { Name: {{ wl_name }}-bbe-mgmt }
   - cidr: 10.{{ wl_vpc_prefix }}.5.0/24
 az: us-west-1a
 resource_tags: { Name: {{ wl_name }}-bbe-db }
   - cidr: 10.{{ wl_vpc_prefix }}.6.0/24
 az: us-west-1b
 resource_tags: { Name: {{ wl_name }}-bbe-db }
 internet_gateway: True
 route_tables:
   - subnets:
   - 10.{{ wl_vpc_prefix }}.1.0/24
 routes:
   - dest: 0.0.0.0/0
 gw: igw
   register: vpc

 Does anyone have any idea what the problem is here?

 Thanks,
 Guy


-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/88d3746d-1e13-4155-aebd-80342abfab24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error creating RDS instance

[Guy Knights]

I'm getting the following in a playbook a task to create an RDS instance 
runs:

msg: failed to create instance: null

This task worked fine yesterday, today I made a minor change to the VPC 
task (below) by adding another app subnet and specifying availability zones 
for the 2 app subnets, but this should have no effect on the RDS task. The 
RDS task itself hasn't been changed.

- name: provision white label vpc
  ec2_vpc:
state: present
cidr_block: 10.{{ wl_vpc_prefix }}.0.0/16
resource_tags: { Name: {{ wl_name }}-bbe-vpc }
region: us-west-1
subnets:
  - cidr: 10.{{ wl_vpc_prefix }}.1.0/24
resource_tags: { Name: {{ wl_name }}-bbe-public }
  - cidr: 10.{{ wl_vpc_prefix }}.2.0/24
az: us-west-1a
resource_tags: { Name: {{ wl_name }}-bbe-app }
  - cidr: 10.{{ wl_vpc_prefix }}.3.0/24
az: us-west-1b
resource_tags: { Name: {{ wl_name }}-bbe-app }
  - cidr: 10.{{ wl_vpc_prefix }}.4.0/24
resource_tags: { Name: {{ wl_name }}-bbe-mgmt }
  - cidr: 10.{{ wl_vpc_prefix }}.5.0/24
az: us-west-1a
resource_tags: { Name: {{ wl_name }}-bbe-db }
  - cidr: 10.{{ wl_vpc_prefix }}.6.0/24
az: us-west-1b
resource_tags: { Name: {{ wl_name }}-bbe-db }
internet_gateway: True
route_tables:
  - subnets:
  - 10.{{ wl_vpc_prefix }}.1.0/24
routes:
  - dest: 0.0.0.0/0
gw: igw
  register: vpc

Does anyone have any idea what the problem is here?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8777df80-2b42-4d7f-826d-b90f5b06366c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Error provisioning RDS instance

[Guy Knights]

Ahhh.thank you! That was the issue after all. I changed the instance
name and it fixed the problem. I was confused because it was talking about
parameter filters.

Thanks again,
Guy

On Wed, Jul 15, 2015 at 10:15 AM, Baraa Basata bbas...@gmail.com wrote:

 The error message here is the RDS API, and it suggests to me that the
 instance_name contains invalid characters. The API response says that RDS
 instance identifiers must have only ASCII letters, digits, and hyphens;
 and must not end with a hyphen or contain two consecutive hyphens.

 The underscore character that you have in the instance_name is not in that
 list of valid characters.

 -Baraa


 On Tuesday, July 14, 2015 at 6:23:45 PM UTC-4, Guy Knights wrote:

 I'm getting the following error when I use the rds module:

 failed: [localhost] = {failed: true, parsed: false}
 Traceback (most recent call last):
   File
 /Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds,
 line 2822, in module
 main()
   File
 /Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds,
 line 1012, in main
 invocations[module.params.get('command')](module, conn)
   File
 /Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds,
 line 645, in create_db_instance
 result = conn.get_db_instance(instance_name)
   File
 /Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds,
 line 415, in get_db_instance
 raise e
 boto.exception.JSONResponseError: JSONResponseError: 400 Bad Request
 {'RequestId': '673d1f59-2a74-11e5-af29-2dbda5511805', 'Error':
 {'Message': 'The parameter Filter: db-instance-id is not a valid
 identifier. Identifiers must begin with a letter; must contain only ASCII
 letters, digits, and hyphens; and must not end with a hyphen or contain two
 consecutive hyphens.', 'Code': 'InvalidParameterValue', 'Type': 'Sender'}}


 FATAL: all hosts have already failed -- aborting

 The task config is as follows:

 - name: provision rds master
   rds:
 command: create
 instance_name: {{ wl_name }}_db_master
 db_engine: MySQL
 db_name: {{ db_name }}
 instance_type: db.m3.large
 username: {{ db_username }}
 password: {{ wl_name}}_db_password
 size: 50
 wait: yes
 wait_timeout: 600
 multi_zone: no
 subnet: {{ wl_name }}-rds-sg
 tags:
   Application: {{ wl_name }}
   Environment: prod
 region: us-west-1

 I guess it's a problem with the lookup to check if the instance already
 exists, but I'm not sure what it's supposed to be using as the lookup
 parameter. Does anyone know why it's wrong, and how to fix it?

 Thanks,
 Guy

  --
 You received this message because you are subscribed to a topic in the
 Google Groups Ansible Project group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/ansible-project/xT1lOWalxYs/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/3386be62-9541-4003-889b-02fee49e8826%40googlegroups.com
 https://groups.google.com/d/msgid/ansible-project/3386be62-9541-4003-889b-02fee49e8826%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtWmUpgyjS%2B%2B3PzYekLdz110SZAWL0zK9mig6Fak-czSw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error provisioning RDS instance

[Guy Knights]

I'm getting the following error when I use the rds module:

failed: [localhost] = {failed: true, parsed: false}
Traceback (most recent call last):
  File 
/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds, 
line 2822, in module
main()
  File 
/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds, 
line 1012, in main
invocations[module.params.get('command')](module, conn)
  File 
/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds, 
line 645, in create_db_instance
result = conn.get_db_instance(instance_name)
  File 
/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds, 
line 415, in get_db_instance
raise e
boto.exception.JSONResponseError: JSONResponseError: 400 Bad Request
{'RequestId': '673d1f59-2a74-11e5-af29-2dbda5511805', 'Error': {'Message': 
'The parameter Filter: db-instance-id is not a valid identifier. 
Identifiers must begin with a letter; must contain only ASCII letters, 
digits, and hyphens; and must not end with a hyphen or contain two 
consecutive hyphens.', 'Code': 'InvalidParameterValue', 'Type': 'Sender'}}


FATAL: all hosts have already failed -- aborting

The task config is as follows:

- name: provision rds master
  rds:
command: create
instance_name: {{ wl_name }}_db_master
db_engine: MySQL
db_name: {{ db_name }}
instance_type: db.m3.large
username: {{ db_username }}
password: {{ wl_name}}_db_password
size: 50
wait: yes
wait_timeout: 600
multi_zone: no
subnet: {{ wl_name }}-rds-sg
tags:
  Application: {{ wl_name }}
  Environment: prod
region: us-west-1

I guess it's a problem with the lookup to check if the instance already 
exists, but I'm not sure what it's supposed to be using as the lookup 
parameter. Does anyone know why it's wrong, and how to fix it?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e53b3903-c082-4fd2-8336-cd2a7a89e09d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] module is missing interpreter line

[Guy Knights]

Thanks Brian, I'll give that a go when I get the time.

On Monday, February 16, 2015 at 5:46:35 AM UTC-8, Brian Coca wrote:

 make sure you removed the previous version, module loading changed and 
 some old file might be interfering with loading the correct module. 




 -- 
 Brian Coca 


-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0fc6dc4e-07f6-4e7f-aa54-b62ac619c1e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] module is missing interpreter line

[Guy Knights]

I'm hitting an error when I run a playbook that's spitting out the error 
module is missing interpreter line. It's dying on a task that uses the 
file module to copy a file to the remote server. I never had any trouble 
with this task until I tried to run the latest Ansible code in an attempt 
to fix an issue with a completely different task in the same playbook. 

On this system I'm using the latest release branch (1.8.2) from the ubuntu 
PPA, but to try and fix my other failing task I copied my ansible.cfg file 
and adjusted the settings as necessary so I could use a cloned copy of the 
ansible devel branch to run the playbook instead. I started seeing this new 
error once I used the devel branch, so I tried to go back and re-run my 
playbook using the 1.8.2 version already installed on my system (using the 
original config file), but the error continued. The task in question (which 
hasn't changed at all since I did all this, neither has anything else in 
the playbook) is below:

- name: install private docker registry CA cert
  sudo: yes
  copy:
src=../files/docker_registry.pem
dest=/usr/local/share/ca-certificates/docker_registry.pem
owner=root
group=root
mode=0600

I thought perhaps it might be a cached setting or module on the remote 
system that was causing the error, so I removed the entire .ansible 
directory from the remote user's home directory, but it didn't fix the 
error.

Does anyone know how I can fix this?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/35c956bc-cffd-496f-b921-422a6bdd8d37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible tower setup fails (centos 6.5)

[Guy Knights]

I just tried to run the latest ansible tower setup (2.1.0) and it failed 
installing redis with the following error:

TASK: [packages_el | install yum repositories] 
 
ok: [localhost] = 
(item=http://download.opensuse.org/repositories/home:cedric-vincent/CentOS_CentOS-6/home:cedric-vincent.repo)
 
= {changed: false, dest: /etc/yum.repos.d/home:cedric-vincent.repo, 
gid: 0, group: root, item: 
http://download.opensuse.org/repositories/home:cedric-vincent/CentOS_CentOS-6/home:cedric-vincent.repo;,
 
md5sum: 6bde4c4761979e3786e068ef764e27e7, mode: 0644, msg: OK 
(306 bytes), owner: root, secontext: 
unconfined_u:object_r:etc_t:s0, sha256sum: , size: 306, src: 
/tmp/tmpLwijnm, state: file, uid: 0, url: 
http://download.opensuse.org/repositories/home:cedric-vincent/CentOS_CentOS-6/home:cedric-vincent.repo}
failed: [localhost] = 
(item=https://copr.fedoraproject.org/coprs/jlaska/redis-28/repo/epel-6/jlaska-redis-28-epel-6.repo)
 
= {failed: true, item: 
https://copr.fedoraproject.org/coprs/jlaska/redis-28/repo/epel-6/jlaska-redis-28-epel-6.repo}

msg: Unsupported proxy scheme: https. Currently ansible only supports HTTP 
proxies.

FATAL: all hosts have already failed -- aborting

I had to edit roles/packages_el/vars/CentOS-6.yml and change the protocol 
for the URL for jlaska-redis-28-epel-6.repo to http from https to get it to 
work.

Once I fixed the above, the script continued until hitting the following 
error:

TASK: [postgres | determine if postgresql user exists] 
 
failed: [localhost] = {changed: false, cmd: [psql, postgres, 
-tAc, SELECT 1 FROM pg_roles WHERE rolname='awx'], delta: 
0:00:00.038819, end: 2015-01-08 15:09:26.522631, failed: true, 
failed_when_result: true, rc: 2, start: 2015-01-08 15:09:26.483812, 
stdout_lines: []}
stderr: psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket /tmp/.s.PGSQL.5432?
...ignoring

TASK: [postgres | create the postgresql user for awx] 
* 
failed: [localhost] = {failed: true}
msg: unable to connect to database: could not connect to server: No such 
file or directory
Is the server running locally and accepting
connections on Unix domain socket /tmp/.s.PGSQL.5432?


FATAL: all hosts have already failed -- aborting

To fix this I edited vi roles/postgres/tasks/conf.yml and added 
state=started to the postgres service definition ('configure postgresql to 
startup automatically').

I ran setup.sh again and it got past the previous error but then the 
following happened:

TASK: [awx_install | create awx database schema] 
** 
failed: [localhost] = {changed: false, cmd: [awx-manage, syncdb, 
--noinput], delta: 0:00:03.017540, end: 2015-01-08 
15:16:46.468519, rc: 1, start: 2015-01-08 15:16:43.450979, 
stdout_lines: [Syncing...]}
stderr: Traceback (most recent call last):
  File /usr/bin/awx-manage, line 9, in module
load_entry_point('ansible-tower==2.1.0', 'console_scripts', 
'awx-manage')()
  File /usr/lib/python2.6/site-packages/awx/__init__.py, line 91, in 
manage
  File 
/usr/lib64/python2.6/site-packages/django/core/management/__init__.py, 
line 399, in execute_from_command_line
utility.execute()
  File 
/usr/lib64/python2.6/site-packages/django/core/management/__init__.py, 
line 392, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
  File /usr/lib64/python2.6/site-packages/django/core/management/base.py, 
line 242, in run_from_argv
self.execute(*args, **options.__dict__)
  File /usr/lib64/python2.6/site-packages/django/core/management/base.py, 
line 285, in execute
output = self.handle(*args, **options)
  File /usr/lib64/python2.6/site-packages/django/core/management/base.py, 
line 415, in handle
return self.handle_noargs(**options)
  File 
/usr/lib/python2.6/site-packages/awx/lib/site-packages/south/management/commands/syncdb.py,
 
line 92, in handle_noargs
syncdb.Command().execute(**options)
  File /usr/lib64/python2.6/site-packages/django/core/management/base.py, 
line 285, in execute
output = self.handle(*args, **options)
  File /usr/lib64/python2.6/site-packages/django/core/management/base.py, 
line 415, in handle
return self.handle_noargs(**options)
  File 
/usr/lib64/python2.6/site-packages/django/core/management/commands/syncdb.py, 
line 57, in handle_noargs
cursor = connection.cursor()
  File /usr/lib64/python2.6/site-packages/django/db/backends/__init__.py, 
line 162, in cursor
cursor = util.CursorWrapper(self._cursor(), self)
  File /usr/lib64/python2.6/site-packages/django/db/backends/__init__.py, 
line 132, in _cursor
self.ensure_connection()
  File /usr/lib64/python2.6/site-packages/django/db/backends/__init__.py, 
line 127, in ensure_connection
self.connect()
  File /usr/lib64/python2.6/site-packages/django/db/utils.py, line 99, in 
__exit__
six.reraise(dj_exc_type, dj_exc_value,