[ansible-project] How to make an item in with_items conditional?
Take this playbook: - hosts: mt1-dummys101 tasks: - name: Install apt packages sudo: true apt: pkg={{ item }} with_items: - build-essential - libyaml-dev - python2.7-dev - "{{ 'silversearcher-ag' if ansible_distribution_major_version == '14' else '' }}" How would I make it so that silversearcher-ag is installed only on Ubuntu 14 and is omitted for other operating systems? The above gives: TASK: [Install apt packages] ** failed: [mt1-dummys101] => (item=build-essential,libyaml-dev,python2.7-dev,) => {"failed": true, "item": "build-essential,libyaml-dev,python2.7-dev,"} msg: No package matching '' is available I also tried changing the empty string `''` to `omit` but that also fails: TASK: [Install apt packages] ** failed: [mt1-dummys101] => (item=build-essential,libyaml-dev,python2.7-dev,__omit_place_holder__07ef1633a8f8d1dc718ffb780b3f0e54d7f7b02a) => {"failed": true, "item": "build-essential,libyaml-dev,python2.7-dev,__omit_place_holder__07ef1633a8f8d1dc718ffb780b3f0e54d7f7b02a"} msg: No package matching '__omit_place_holder__07ef1633a8f8d1dc718ffb780b3f0e54d7f7b02a' is available Any way to do this? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f1257535-d363-48b7-b086-49760204efd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: How to make an item in with_items conditional?
Ah, that's clever. Probably too clever for me to want to use on my colleagues, but clever nonetheless. That could be an example if anyone ever writes a book called the "The Little Ansibler" in the style of "The Little Schemer". :-) -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/caa9d0bf-8a8c-48a0-82e3-38d0c9f13fde%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: How to make an item in with_items conditional?
Yeah, this was what I went with for the time being. I'm curious if there are other ways, but this does seem to be a reasonable solution. Thanks! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b16422e8-daf0-482a-8940-8fd27eca2591%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: How to make an item in with_items conditional?
Thanks, but that doesn't work. E.g.: I used this slightly tweaked line: - "{{ (ansible_distribution_major_version == '12')|ternary('silversearcher-ag', '') }}" and if the condition is not true, then I get: TASK: [Install apt packages] ** failed: [mt1-dummys101] => (item=build-essential,libyaml-dev,python2.7-dev,) => {"failed": true, "item": "build-essential,libyaml-dev,python2.7-dev,"} msg: No package matching '' is available It seems that for this kind of thing to work, there would either need to be: - a way to tell with_items to not add the item at all (by using "omit" perhaps, which doesn't currently work in this context) - "apt" module would ignore a blank string or other sentinel value like "omit". -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1491ecf8-2971-4c8b-a0c9-df00e6e32ea5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: How to make an item in with_items conditional?
And I would think the former would be more preferable as it is more generally applicable (would work with all modules). I think of "with_items" as being analogous to a for loop in most programming languages. So I guess that means the feature that I am wishing I had here is analogous to a "continue" statement in those same programming languages. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2e119868-f370-457d-9652-e5a950e1c89d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Syntax for limiting to batches?
Using the "serial:" keyword so ansible can do hosts in batches. Wondering if there is support for addressing those batches - e.g.: -l dbservers@batch1 or something like that Use case is folks want to run a job to do half the nodes; then pause for manual QA; then run another job for the other half of the nodes. Maintaining groups with the batches in inventory seems a little cumbersome. It would be cool to leverage Ansible's ability to split the hosts into batches. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d767565c-e419-4157-9944-f9dff642832c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: How to use roles from the command line?
OK, well I ended building a little thing. I haven't played with it much. Feedback welcome. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8d686f6d-04ab-46f8-8696-29760a81fb7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: How to use roles from the command line?
Thanks, Dave! Yeah, that's what we do now. I have a very similar playbook that we use to run a single role and that one playbook keeps us from having a zillion little playbooks. It works but it feels a little weird and and perhaps too clever. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/394ed893-8028-4189-836b-bacaa51d754e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] What does XXX mean?
Trying to do: sudo: true file: path=/opt/webapp/profilesvc/enabled.txt state=file and getting: failed: [localhost] = {failed: true, path: /opt/webapp/profilesvc/enabled.txt, state: absent} msg: file (/opt/webapp/profilesvc/enabled.txt) is absent, cannot continue The directory exists: vagrant@localmonkey:~$ ls /opt/webapp/profilesvc bin include lib local pip-selfcheck.json share src Any ideas? -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0b320454-199a-4a6c-807c-61c175670461%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] How to use roles from the command line?
I agree with you. I find it a bit tedious to have to create a playbook just to apply a role. You might be interested in this PR, which I just submitted: https://github.com/ansible/ansible/pull/11416 -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/41672f8a-3861-4b64-8325-728c3bea91c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Option to make No hosts matched a FATAL error?
Hi all is there a way to make it so that No hosts matched becomes a FATAL error? I'm using a CI job to kick off ansible to deploy something and in this case if it cannot find a host to deploy to, I want that to be a fatal error. Right now, ansible returns a zero exit code so the CI job succeeds and then people ask my why the job succeeded but the new code wasn't deployed. Marc -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a1e921fc-3bc5-4d5a-86fe-6626abf85424%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Option to make No hosts matched a FATAL error?
One stab at fixing this: https://github.com/ansible/ansible/pull/11350 -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/62de09e7-bb5c-40ce-9e31-09a124f8b071%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Making it easier to get submodules
So I had a slight hiccup the other day when I tried to contribute to ansible. I have contributed in the past, but it was before the ansible modules were split out into separate core and extras git repos. So when I tried to run the tests, I was missing the proper git submodules. My attempt at making this easier for people who want to contribute: https://github.com/ansible/ansible/pull/9597 Serge raised some concerns about it possibly hurting some other workflows, which I hopefully handled, but it would be good to get more eyes on it. To be honest, I'm not sure that `hacking/env-setup` is the right place to add this, but this is pirobably because in my ideal world, there would be no `hacking/env-setup` in the first place. I would love to just create a virtualenv and do `pip install -e .`. Last time I tried this, it didn't work because ansible was installing modules globally in /usr/share and such. But I noticed that there were a lot of changes in how stuff is organized since then, so it might be possible now out of the box or perhaps with a little work. If that were true, then I wouldn't need `hacking/env-setup`, but I would still need something to initialize the git submodules. So perhaps there's some other place where that can be done? Marc -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dfd87bf8-91b7-4b8c-b3e2-b18323515cdc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Possible to have --list-tasks be aware of variable names?
I have this playbook: --- - hosts: localhost roles: - { role: webserver, tags: ['webserver'], app_role: 'webserver' } - { role: dbserver, tags: ['dbserver'], app_role: 'dbserver' } The two roles have a task with a name that has {{ app_role }} in it. E.g.: $ cat roles/webserver/tasks/main.yml --- - name: Show this is the {{ app_role }} role debug: msg=This is the webserver role If I execute the playbook normally, ansible shows the task names with the variable substituted in, which is great: TASK: [webserver | Show this is the webserver role] TASK: [dbserver | Show this is the dbserver role] But with --list-tasks, it doesn't do the variable substitution: $ ansible-playbook role_tags.yml --tags=dbserver,webserver --list-tasks playbook: role_tags.yml play #1 (localhost): Show this is the {{ app_role }} role Show this is the {{ app_role }} role Is it possible to get ansible to display the name with the variable substitutions applied when running with --list-tasks? Thanks! Marc -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/82be82bf-e791-4419-86e0-936f96c2ca78%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Way for a role to refer to files relative to the role?
So roles have a files directory and for some actions and attributes they are evaluated relative to this directory (e.g.: the src attribute of the copy module). So with: # roles/common/tasks/main.yml - name: Copy in ssh key files copy: src=devops.pem dest=/home/{{ ansible_user_id }}/.ssh/id_rsa mode=600 tags: - ssh_key src=devops.pem will find my file in roles/common/files/devops.pem For other actions, this doesn't work -- for example: - name: Make sure that devops.pem is not group/world readable local_action: file path=devops.pem mode=600 tags: - ssh_key - ssh_key_local In this case, it will not find the file in roles/common/files/devops.pem -- it seems to look for the file relative to the playbook? How can I reference a file relative to the role I'm referencing it in? -- e.g.: something like: - name: Make sure that devops.pem is not group/world readable local_action: file path={{ current_role_dir }}/files/devops.pem mode=600 tags: - ssh_key - ssh_key_local -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3eb883b1-8c1d-4d48-8c99-f1a6e48d2944%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Way for a role to refer to files relative to the role?
local_action: file path={{ inventory_dir }}/../roles/common/files/devops.pem mode=600 works, but hopefully there's a cleaner way that doesn't have to include ../roles/common in it...? -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/954e02fe-e454-44b6-aa37-86d86430db02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] List of Ansible default variables
On Tuesday, July 1, 2014 6:43:32 PM UTC-7, Michael DeHaan wrote: Ansible variables seem to have a global scope, because if I set one within the role it seems to be visible to all roles No exactly true for roles. Ansible variables set in one role are available in roles further down so you can have roles that describe an environment, but they do have scope. In fact, you are guaranteed access to that particular value, without it being clobbered. When you say further down, are you referring to: 1. further down in a hierarchy (i.e.: a parent/child relationship where role A depends on role B so that role B is further down than role A in a hierarchy) 2. further down in a sequential flow (i.e.: role A is applied and then role B so role B is further down in the playbook) ? Talking with a colleague, I was assuming #1 and he was assuming #2. I created a git repo that illustrates some behavior that surprised me. Most likely this is because I'm misunderstanding the paradigms at play; there's a small chance that it's a bug, but I figure the misunderstanding is more likely. https://github.com/msabramo/ansible-roles-example I would love to see an explanation of why this works the way it does so that I can have a deeper understanding of Ansible. Thanks! Marc -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d913befd-afde-4c1c-86a6-ea41523eef39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] List of Ansible default variables
On Wednesday, July 2, 2014 2:38:48 PM UTC-7, Michael DeHaan wrote: I mean Roles utilized after other roles. OK, thanks for clarifying. That's good to know, since I want to understand clearly how things work before we get deep into this and start advocating for company-wide usage. You might consider adding a note to the documentation about this (probably the Variables page). I looked around quite a bit and couldn't find anything that quite covered this inter-role behavior of variables. The basic gist being variables set in one role are available to roles that execute sequentially afterwards. I think we now understand and we've worked around our issue with a parameterized include, which we found to work by trial and error on our own. That said, you may or may not be interested to know that in the git repo that I mentioned, I actually saw behavior that looks like a role was getting a value for a variable set in a LATER role. Not a big deal to us as we're using parameterized includes now, but I mention it just in case it's interesting or surprising. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/df308498-2df8-49f1-84b6-45e66b1ff357%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] List of Ansible default variables
On Wednesday, July 2, 2014 3:49:28 PM UTC-7, Michael DeHaan wrote: I actually saw behavior that looks like a role was getting a value for a variable set in a LATER role I am occasionally incorrect. Vars do get compiled down first, tasks run in order, as variables do run in order, but I'd expect that. My apologies on not remembering correctly - I do think that's still fine due to the built-in protections around variable clobbering in roles (won't happen, etc). Cool. Mistakes happen. The important thing is that you explained why it works the way it does, so we understand what to expect. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/622de665-0048-4b90-b68b-492765da679a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] List of Ansible default variables
On Tuesday, July 1, 2014 10:19:16 AM UTC-7, John Anderson wrote: So we configure a pool for all the nodes in the addressbookweb group to listen on nginx port 6014, and then when a request to /addressbook comes into the loadbalancer it routes to that specific pool. But when we setup the addressbook nodes we also need to configure nginx properly to listen on that port. So we do this by doing: services[current_role].nginx_port But do access current_role we had to set a variable for *every* role. How about this? # roles/anonweb/tasks/main.yml { include: ../../../roles/pythonapp/tasks/main.yml, app_role: anonweb } # roles/addressbookweb/tasks/main.yml { include: ../../../roles/pythonapp/tasks/main.yml, app_role: addressbookweb } # ../../../roles/pythonapp/tasks/main.yml # do stuff nginx config stuff with {{ app_role }} Ansible variables seem to have a global scope, because if I set one within the role it seems to be visible to all roles (which surprised me as I was expecting roles to be more self-contained since they're supposed to be reusable, shared on Galaxy, etc.). All roles are referencing the same named variable are sharing the same global variable. But the parameterized roles and parameterized includes are more akin to parameter passing and so the state is not shared. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0cc40dad-47d7-4c98-b1f0-2ba1de053e3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] How to replicate local user account to remote system?
I feel like this probably comes up a lot and is a solved problem, but my Google-fu is failing me. I'm using Ansible with vagrant to create development virtual machines. The one thing that bugs me a little (and this was true with our previous Chef-based solution as well to be fair) is that I have to log into this system as a user called vagrant and I don't have my preferred dotfiles and what-not. So this means my vim isn't the way I like it and if I do a git commit it's going to show up in the log as vagrant. This is of course all solvable by copying my dotfiles over; I could even create an account with my name. I haven't bothered to do this, because I'm lazy to do this manually. Like most developers, I refuse to do a few minutes of manual work if I can spend a couple of hours and make it automated ;-) And of course this is Ansible, so it should totally be possible to do this -- I'm just missing a bit of knowledge to make it happen. So if my user on the local system that I'm running ansible on is marca -- how do I get at this information? I couldn't find a built-in variable for this. Reading ansible_env.USER is going to get me the USER on the *remote* system; not what I want. My current, possibly hacky solution is to invoke ansible-playbook with --extra-vars=invoking_user=$USER and then my playbook can do: - name: Create user for invoking user sudo: true user: name={{ invoking_user }} comment=John Doe uid=1040 group=admin password=xxx tags: - user - name: Set authorized_key for invoking user sudo: true authorized_key: user={{ invoking_user }} key={{ lookup('file', /Users/marca/.ssh/id_rsa.pub) }} tags: This is pretty crude, as ideally I wouldn't have to pass the --extra-vars and ideally there would be some existing solution that sets the user, comment, uid, group, etc. all automatically using the local values. Note that I also want to copy my ssh key but I can't figure out how to replace marca with {{ invoking_user }} -- that doesn't work, because it would nest the double curly brace syntax so it won't get expanded. Actually it would be even better to use $HOME but it's the same problem. I guess the ideal would be some kind of module that replicates my local user to the remote system, including uid and ssh key. If there wasn't such a role/playbook available, I might write it, if I knew how. Would be grateful for any tips to point me in the right direction. Marc -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c4d399d3-cd8a-4fd4-ab77-8f5bc991d240%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] How to replicate local user account to remote system?
On Friday, June 27, 2014 9:12:52 AM UTC-7, Michael DeHaan wrote: This is of course all solvable by copying my dotfiles over; I could even create an account with my name. I haven't bothered to do this, because I'm lazy to do this manually Write a playbook? :) Yes. I would like to do this. I kinda sorta have the beginnings of something, but it's perhaps a little clunky. My playbook has: vars_files: - group_vars/user.yml and then group_vars/user.yml has my local settings: invoking_user: name: marca full_name: Marc Abramowitz uid: 502 home: /Users/marca ssh_public_key: /Users/marca/.ssh/id_rsa.pub and then I do this in my playbook: tasks: - name: Create user for invoking user sudo: true # debug: var=invoking_user user: name: {{ invoking_user.name }} comment: {{ invoking_user.full_name }} uid: {{ invoking_user.uid }} tags: - user - name: Set authorized_key for invoking user sudo: true authorized_key: user: {{ invoking_user.name }} key: {{ lookup('file', invoking_user.ssh_public_key) }} tags: - user I would've preferred something more automatic, but I guess I could always have a simple Python configure.py script that generates group_vars/user.yml Most people would keep their dotfiles as a repo, managed centrally, rather than trying to discover them. It's more explicit, and translates over to Ansible easier than trying to discover them from some arbitrary remote system, copy them back, move them to the other, etc. Yeah that's a good point. And in fact I do have my dotfiles in a git repo, so maybe checking them out is better. The alternative is to rsync them from the host running ansible. -- You received this message because you are subscribed to the Google Groups Ansible Project group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8d08ced5-5b82-4f06-908f-e2290fdef822%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.