Re: [ansible-project] AWX: Updating roles on project update/install

2017-09-19 Thread Mike Biancaniello 
ahh, thank you. I will look there for answers.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dbc7fc74-f689-4641-8833-f148aa80f437%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] AWX: mounted playbook dir in docker

2017-09-19 Thread Mike Biancaniello 
I am running AWX in docker containers and have mounted the playbooks 
directory (I modified local_docker/tasks/main.yml:"Activate AWX Task 
Container" to include a volume argument).

I created a directory and a playbook and it shows up inside the container:

$ docker exec -it awx_task /bin/ls -hal /var/lib/awx/projects/helloworld/
total 4.0K
drwxr-xr-x 3 root root 102 Sep 19 18:49 .
drwxr-xr-x 3 root root 102 Sep 19 18:49 ..
-rw-r--r-- 1 root root 116 Sep 19 18:38 helloworld.yml


Yet, I still get the warning when I try to create a manual project:

WARNING: There are no available playbook directories in 
/var/lib/awx/projects. Either that directory is empty, or all of the 
contents are already assigned to other projects. Create a new directory 
there and make sure the playbook files can be read by the "awx" system 
user, or have AWX directly retrieve your playbooks from source control 
using the SCM Type option above.



The "helloworld" project/playbook also don't show up when creating a new 
Job Template.

Is there some special trick to getting AWX to recognize this directory?

thanks,

-MikeB

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c75b076e-762c-4e7c-be64-3a5e5cd055fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] AWX: install python libs

2017-09-19 Thread Mike Biancaniello 
I am playing around with AWX and want to load a role (or "project" I 
suppose is the new term) that has some custom libraries and filter_plugins. 
The problem is that these python scripts require py libs that were never 
installed in the docker image.

Is there a way to configure an additional PYTHONPATH?

I *think* I should be able to mount a volume (e.g. /opt/custom-python/libs) 
into the container and install my python there, then make sure that ever 
custom role adds `sys.path.append(custom_py_path)` before the imports.
But ... I'd prefer to not have to do that.

any ideas?

thanks,

-MikeB

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5bda4e9b-6455-4e1d-937d-f90369f4c12f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] AWX: Updating roles on project update/install

2017-09-19 Thread Mike Biancaniello 
I am running AWX inside of some docker containers and can't get the 
project_update job to install roles from my requirements.yml file.

false
. It successfully finds the file, but, for some reason, scm_full_checkout is 
always set to false. 

I modified /usr/lib/python2.7/site-packages/awx/playbooks/project_update.yml 
to add this:

  - name: detect requirements.yml

stat: path={{project_path|quote}}/roles/requirements.yml

register: doesRequirementsExist


*+ - name: show me stat*

*+   debug:*

*+ msg: "{{ doesRequirementsExist }}"*

*+ *

*+ - name: show me scm_full_checkout*

*+   debug:*

*+ msg: "{{ scm_full_checkout }}"*


  - name: fetch galaxy roles from requirements.yml

command: ansible-galaxy install -r requirements.yml -p 
{{project_path|quote}}/roles/ --force

args:

  chdir: "{{project_path|quote}}/roles"

when: doesRequirementsExist.stat.exists and scm_full_checkout|bool


Which results in the following displayed in the job output (I removed most 
of the file stats for brevity):


TASK [detect requirements.yml] 
*

ok: [localhost]

TASK [show me stat] 


ok: [localhost] => {

"msg": {

"changed": false, 

"failed": false, 

"*stat*": {

"atime": 1505851374.0, 

"executable": false, 

*"exists": true*, 

"gid": 0, 

"gr_name": "root", 

"mode": "0644", 

"readable": true, 

"writeable": true 

}

}

}

TASK [show me *scm_full_checkout*] 
***

ok: [localhost] => {

"msg": *false*

}

TASK [fetch galaxy roles from requirements.yml] 


*skipping*: [localhost]



I've tried every option I can find for defining the project and in every 
case, scm_full_checkout is *always* false!

Any ideas how I can get this to work? 

thanks,


-MikeB

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2711743d-0a32-48ba-9d10-35a8c8e1284d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Cumulative group variables?

2016-10-24 Thread Mike Biancaniello 
So, the problem is that you can't combine lists, but you can merge dicts 
(it's a config setting, default=false).

This will require either a double for loop or, (my preference, especially 
if you are going to use this type of construct a lot) a filter to combine 
them.

# file: /group_vars/tors
--- 
vlans: 
  tor: 
  - name: GLOBAL-VLAN 
id: 100 
net: "{{ globalvlan_prefix }}" 
  special: [] ## just so the template doesn't choke



# file: /group_vars/app1switches
--- 
vlans: 
  special: 
  - name: SPECIAL-APP1-VLAN 
id: 110 
net: "{{ app1_prefix }}"



# file: /group_vars/app2switches
--- 
vlans: 
  special: 
  - name: SPECIAL-APP2-VLAN 
id: 120 
net: "{{ app2_prefix }}"


# file: templates/switches.j2

VLANS = {{vlans|combine_dict}}



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/08345697-e0ff-402f-8254-2cc21b8e768b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: How do I use multiple ansible versions on the same machine for different playbooks that require specific versions?

2016-08-01 Thread Mike Biancaniello 
I would also suggest python virtual environments. 

Although, I have also used Docker images for running Ansible. I create a 
Docker image with 'ansible' as the ENTRYPOINT, then create a shell script 
to execute 'docker run -it --rm   []'. This will execute ansible inside the docker and use the 
playbooks that you put inside the image when you created it.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ff2d5f86-7bd8-4773-91b8-e94e711d1220%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible Acton Plugins

2016-07-22 Thread Mike Biancaniello 
try creating /deployment/boxes/library/
and placing your files there.

Usually, unless you change your ansible.cfg, the plugins, roles, libraries, 
etc are all subdirs of your playbook dir.

On Friday, July 22, 2016 at 11:14:08 AM UTC-4, Vyacheslav wrote:
>
> Where should the library/ be present?  Could it be also directory under 
> playbook?
>
> On Fri, Jul 22, 2016 at 6:02 PM, Mike Biancaniello <chep...@gmail.com 
> > wrote:
>
>> action_plugins/ will not be picked up by ansible unless there is a file 
>> in library/ with the same name. This file in library/ can be empty, but it 
>> must exist.
>>
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/AIzW4z3dEL4/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/e4ad06fc-7734-459f-bb14-20e8bed5b349%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/e4ad06fc-7734-459f-bb14-20e8bed5b349%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Best Regards,
>   Vyacheslav Voronenko
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4430cc7e-c598-4819-8d83-d0b6ed22097d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible Acton Plugins

2016-07-22 Thread Mike Biancaniello 
action_plugins/ will not be picked up by ansible unless there is a file in 
library/ with the same name. This file in library/ can be empty, but it 
must exist.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e4ad06fc-7734-459f-bb14-20e8bed5b349%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Acton Plugins

2016-07-21 Thread Mike Biancaniello 
Vyacheslav, I'm not sure I understand your question?

On Thursday, July 21, 2016 at 9:07:49 AM UTC-4, Vyacheslav wrote:
>
> Mike,
>
>   I think, I have similar issue.
>
> Mine local lookup plugins from playbook_dir/lookup_plugins are loaded and 
> executed fine,  but the same manner implemented action plugins are not 
> loaded from file like playbook_dir/action_plugins/action.py
>
> Is there additional magic linked to library too ?   Is there way I can 
> distribute local action plugin with playbook?
>
> On Friday, 15 April 2016 16:46:22 UTC+3, Mike Biancaniello wrote:
>>
>> Action plugins need to be in the action_plugins/ dir (can be either a 
>> subdir of the playbook_dir or of a role that you include), however, ansible 
>> won't recognize the plugin uless you also have a file of the same name in 
>> the library/ dir. All you **need** to do is 'touch' the library file, 
>> but you should at least use this to store the module documentation. 
>> Remember, though, that action_plugins are executed on ***localhost***, 
>> so action_plugin is often used for local preprocessing before calling the 
>> module to do the remote work.
>>
>> All of that being said, why can't you just pass the module the args that 
>> you need?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5659a1f3-0c44-4a28-9bde-ab47d529881d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Unsure how to merge this dict/list into a single dict/list

2016-06-21 Thread Mike Biancaniello 
It sounds like you are looking to do something like this:

https://github.com/chepazzo/ansible-filters-extras/blob/master/filter_plugins/listofdicts.py#L121

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0a661556-aa7f-4ee2-9676-49373836f16e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Run Ansible Playbook inside Docker container?

2016-05-19 Thread Mike Biancaniello 
I hadn't thought of using Ansible to create Docker images before, but this 
is an interesting way to do this, instead of using a complicated Dockerfile 
to manage each variety of service.

I might want to figure out a way to be able to build an image for each 
group in your hosts file.

On Tuesday, June 30, 2015 at 1:26:02 AM UTC-4, Erik wrote:
>
> Sure, the general pattern I follow is thus: 
>
> 1. I use a base docker image that already has ansible installed. 
> 2. In your Dockerfile, use the COPY command to copy your ansible files 
> (playbook yaml, files, etc.) into the container. Something like: 
>
> COPY ansible/ /tmp/ansible/ 
>
> 3. After the copy, in your Dockerfile, run ansible-playbook on the 
> files you copied into the container in the previous step: 
>
> RUN ansible-playbook /tmp/ansible/foo.yml -i /tmp/ansible/hosts 
>
> In this case, /tmp/ansible/hosts just contains: 
>
> [local] 
> 127.0.0.1 
>
> And in the playbook, I specify: 
>
> - hosts: local 
>   connection: local 
>
> 4. After the playbook completes, remove the ansible files you copied 
> in during step 2. 
>
> On Mon, Jun 29, 2015 at 6:10 PM, Alejandro Ferrari  > wrote: 
> > Hi All, 
> > 
> > I like to know if someone is using Ansible to provisioning inside a 
> Docker 
> > container... and how use this? 
> > 
> > I has all my infrastructure in Playbooks, now l like to use this to 
> create 
> > Dockers for each of my microservices... but I can't found some 
> > alternatives... 
> > 
> > As we know Ansible use SSH but de best practice of Docker is NOT use SSH 
> to 
> > login into container... for this reason my doubt... 
> > 
> > Some idea or advices about how use this? 
> > 
> > Thanks 
> > Alejandro 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ansible-proje...@googlegroups.com . 
> > To post to this group, send email to ansible...@googlegroups.com 
> . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/eb3bbdb6-f34e-48c8-af70-2f34819f0a52%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dc44acdb-8da6-4288-945a-9aefce1b1228%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Variable within Variable

2016-05-19 Thread Mike Biancaniello 
You can reference variables within variables.

e.g. 
# group_vars/all
---
apple: JameslikesApples
banana: IwentToSanFrancisco

# group_vars/thing1
---
basket: {{ apple }}

# group_vars/thing2
---
basket: {{ banana }}


Then, you can reference {{ basket }} in  your playbook or template:

# site.yml
---
  tasks:
  - name: my basket is cool
debug: msg="My basket says, {{ basket }}"

Which would translate to 
For all hosts in group `thing1`: "My basket says, JameslikesApples"
For all hosts in group `thing2`: "My basket says, IwentToSanFrancisco"



On Thursday, May 19, 2016 at 1:23:37 PM UTC-4, Pr0fess0rM wrote:
>
> Hey guys,
>
> I have a variable {{ basket }} and it has a string for contents. The 
> contents will change every time I run the playbook and I need a way to 
> translate the contents of the basket, let's say "apple" to another name, 
> let's say "JameslikesApples". But if the contents were "banana" it would 
> have a completely different translation like "IwentToSanFrancisco". 
>
> I've made a dictionary declaring "apple: 'JameslikesApples'" and on the 
> next line: "banana: 'IwentToSanFrancisco'". I need to be able to reference 
> "JameslikesApples" in a shell command and I just can't see a way around it. 
> I've tried {{ {{ basket }} }} but Ansible doesn't accept the quadruple 
> braces.
>
> Any and all help is appreciated!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/18670592-8473-4687-b87a-41bf97448bfa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Acton Plugins

2016-04-15 Thread Mike Biancaniello 
Action plugins need to be in the action_plugins/ dir (can be either a 
subdir of the playbook_dir or of a role that you include), however, ansible 
won't recognize the plugin uless you also have a file of the same name in 
the library/ dir. All you **need** to do is 'touch' the library file, but 
you should at least use this to store the module documentation. Remember, 
though, that action_plugins are executed on ***localhost***, so 
action_plugin is often used for local preprocessing before calling the 
module to do the remote work.

All of that being said, why can't you just pass the module the args that 
you need?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2a1ea06e-980f-4194-9dfb-f3640c80c467%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Question on import statement in ansible module?

2016-04-14 Thread Mike Biancaniello 
Have you looked into creating an action_plugin (runs on localhost) that 
uses the non-standard module to do what it needs to do, then calls your 
module to be run remotely, but not needing the py lib anymore? Depending on 
what the py lib is doing, this may be an option for you. Check out 
https://github.com/ansible/ansible/tree/devel/lib/ansible/plugins/action 
for examples. template or copy might be good examples.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/551f55bb-cb73-4af3-a1e4-1545dd0e66d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Network, junos_command.

2016-04-13 Thread Mike Biancaniello 
might there be an application firewall between you and the switch that 
allows openssh, but not paramiko?

On Wednesday, April 13, 2016 at 9:11:30 AM UTC-4, Oscar Bengtsson wrote:
>
> Hi,
> From what I understood netconf is not needed for this module, but yes it 
> is enabled from when i tried using junipers own-developed role from 
> ansible-galaxy.
> I don't want to use netconf as most vendors don't have it.
>
>
> On Monday, April 11, 2016 at 7:33:25 PM UTC+2, Matt Hite wrote:
>>
>> Is netconf enabled under "system services"?
>>
>> On Thu, Apr 7, 2016 at 7:41 AM, Oscar Bengtsson  
>> wrote:
>>
>>> Hi,
>>> I'm trying to get a playbook to connect to a juniper switch and do a 
>>> 'show version'
>>> I'm totally new to this and wanted to do this without the use of yaml 
>>> files for username and password.
>>> This is the code for the playbook:
>>>
>>>
>>> *---*
>>> *- hosts: switches*
>>> *  gather_facts: no*
>>> *  connection: local*
>>>
>>> *  tasks:*
>>> *  - name: DEFINE PROVIDER*
>>> *set_fact:*
>>> *  hostinfo:*
>>> *host: "{{ inventory_hostname }}"*
>>> *password: ***
>>> *username: root*
>>> *  - debug: var=hostvars[inventory_hostname]*
>>> *  - name: show command*
>>> *junos_command:*
>>> *  provider: "{{ hostinfo }}"*
>>> *  commands:*
>>> *- show version*
>>> *register: version*
>>>
>>> The host file contains only 1 ip address to the switch.
>>> I get this error for task "show command"
>>>
>>> *fatal: [172.18.10.25]: FAILED! => {"changed": false, "failed": true, 
>>> "invocation": {"module_args": {"commands": ["show version"], "host": 
>>> "172.18.10.25", "interval": 1, "password": 
>>> "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 22, "provider": null, 
>>> "retries": 10, "username": "root", "waitfor": null}, "module_name": 
>>> "junos_command"}, "msg": "failed to connecto to 172.18.10.25:22 
>>>  - "}*
>>>
>>> Is there something wrong with my code? I also tried specifying the 
>>> username/password inside the task, didnt work either.
>>> I can SSH to the switch from my server if not using ansible.
>>>
>>> Thanks!
>>> Oscar Bengtsson
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/ec69eb29-19db-4eff-a17b-0c9513654c49%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1d0697b3-73ed-4eb0-8d19-b9015720a98f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Vault

2016-03-31 Thread Mike Biancaniello 
Every item in group_vars/ is named to match a group name. These items can 
be either files (my_group, my_group.yml) or directories (my_group/). If it 
is a directory, then it works similarly to a .d/ directory where all of the 
files in that dir are imported.

These are equivilent structures:

1. One file:
group_vars/group1.yml
---
var1: val1
var2: val2




2. One Directory:
group_vars/group1/arbitrary_file1.yml
---
var1: val1

group_vars/group1/arbitrary_file2.yml
---
var2: val2


In my playbooks, I tend to make the all group a dir so that I can better 
organize those vars and use the filenames as a sort of documentation or 
comment.
group_vars/
├── all
│   ├── defaults.yml
│   ├── definitions.yml
│   ├── lookups.yml
│   ├── servers.yml
│   └── users.yml
├── arista.yml



I have also found it best to keep sensitive vars in separate files (whether 
or not I encrypt them in a vault) using the group_vars dir structure.

My problem with vault is that you need the password to unlock it and if you 
are checking things into git, then everyone has to use the same password to 
unlock the vault, so now you have to deal with how to tell people what that 
password is and what to do when it changes, etc.

So, in my playbooks, I store sensitive vars in a secure datastore where I 
can control who has access to read and write. Then, instead of locking the 
vars in a vault, I use a lookup which is able to use the local user's 
personal creds for auth.

e.g.
group_vars/all/lookups.yml
---
## Vars I don't want to store in git
enpass: "{{ lookup('hss', 'enpass', objid='ans_vars.json') }}"
snmpro: "{{ lookup('hss', 'snmpro', objid='ans_vars.json') }}"




On Thursday, March 31, 2016 at 7:18:12 AM UTC-4, Mark Matthews wrote:
>
> Hi guys
>
> Thank you so much for all your feedback. Getting a little confused as to 
> what to do now though.
>
> Do I create the following folder /etc/ansible/group_vars/all and just copy 
> all the files into that folder? Will that solve the problem?
>
> Jon - Im not exactly sure what you mean by, "into a separate file and 
> vault that, then use the child groups mechanism to include the var in 
> whatever groups you need."
>
>
> Can you not just have one vault file with all variables that you want 
> secure, and then just refer to those variables in all your playbooks?
>
> Cheers
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/21861ead-09af-48e4-8876-4c7129189e48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-23 Thread Mike Biancaniello 
I'm actually surprised that this tree worked; I would have expected 'roles' 
to need to be under powerbroker_install (i.e. 
powerbroker/powerbroker_install/roles/pb_install_dev, etc), but glad that 
things are working for you.

For passwords, are you familiar with prompts 
 or vaults 
? That might be what 
you need.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2d634efb-3552-4249-b773-e0a68b5c5852%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: include custom python library from custom module

2016-03-23 Thread Mike Biancaniello 
duh, right. It works for connection: local, but not for remote targets.

Maybe have a task that copies it to a tmp dir on the target and then append 
that to sys.path in your module?

On Wednesday, March 23, 2016 at 7:43:19 AM UTC-4, Uditha Desilva wrote:
>
> Does that really work to copy over the dependent libraries to the target 
> systems?
>
> On Tuesday, 22 March 2016 17:13:38 UTC, Mike Biancaniello wrote:
>>
>> You can put them in the same or sub dir as your modules. Or, you can put 
>> them anywhere, just append the path in the module. However, if you want 
>> multiple modules in multiple roles to share the same libs, then things get 
>> tricky. I've done that by appending '../../pylibs/' to my sys.path to get 
>> things up and running, but eventually just installed the libs globally on 
>> the system and did away with that ugliness. Of course, you could always 
>> just run ansible inside of a docker or python-virtualenv and then install 
>> the libs local to that environment.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fcf7dc96-4f16-411e-bbcf-d18d15486c69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-22 Thread Mike Biancaniello 
like I said, since you've put this into a role, "separating this into 
multiple plays would be more complicated", so you're better off not 
splitting it up and instead, doing what you were doing 

copied from your earlier post (with the typo pointed out by Uditha 
corrected:

In app_install_main.yml:

---

- name: install app and join systems to domain
  hosts: testservers
  become: yes

  roles:
  - app_install

  vars_prompt:
  - name: "ansible_sudo_pass"
prompt: "Sudo password"
private: yes

It is here where I am calling my hosts: testservers. Then in my 
task/main.yml, I have:

---
# tasks file for app_install

- name: Install required nfs packages
  yum: name={{ item }} state=present
  with_items:
  - nfs-utils
  - nfs-utils-lib

- name: Create a temporary mount point for the installation files
  file: path=/tmp/app_install state=directory owner=root group=root mode=
0775

- name: Mount the nfs share from nfsshare.domain.tld
  shell: mount -F -t nfs -o vers=3 -v nfsshare.domain.tld:/share/location /
tmp/app_install

- name: Install app on test systems
  command: /tmp/app_install/apptool_install arg1
  when: "'testservers'in group_names"

- name: Join test systems to test ou
  shell: /path/to/domainjoin-cli join --notimesync --disable hostname
 --ou OU=test,OU=UNIX,DC=server,DC=domain,DC=tld server.domain.tld 
join_account
  when: "'testservers' in group_names"

On Tuesday, March 22, 2016 at 4:01:55 PM UTC-4, Gilberto Valentin wrote:
>
> Hi Mike,
>
> Thanks for the suggestions. I tried to implement what you mentioned and I 
> ended up breaking everything. I am completely lost with this. I am just 
> going to have to start over at this point. Between sanitizing the data to 
> post here and then trying to translate your suggestions back to what it 
> really is on my end keeps getting more and more complicated. Somewhere 
> along the line, I've lost the translation of what you are suggestion vs how 
> I am actually writing it.
>


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20313b33-c9ff-4ae5-9d98-fca3565dc943%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: include custom python library from custom module

2016-03-22 Thread Mike Biancaniello 
You can put them in the same or sub dir as your modules. Or, you can put 
them anywhere, just append the path in the module. However, if you want 
multiple modules in multiple roles to share the same libs, then things get 
tricky. I've done that by appending '../../pylibs/' to my sys.path to get 
things up and running, but eventually just installed the libs globally on 
the system and did away with that ugliness. Of course, you could always 
just run ansible inside of a docker or python-virtualenv and then install 
the libs local to that environment.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4bfa2fe5-006f-43f1-be30-3a0ddf4403bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Playbooks in subdirectories

2016-03-21 Thread Mike Biancaniello 
I agree that it's annoying, especially if you try to organize by includes 
and reusable playbooks, it's hard to tell, looking at a list of *.yml files 
which ones are the top-level and which are meant to be included.

If you're not using roles and only using tasks, you can put your tasks in a 
tasks/ subfolder and then include them and everything will use the dir of 
the playbook as the ansible root.

However, if you're using roles, the roles are assumed to be in a subdir of 
the playbook, so you can either create a playbooks/ subdir and reference 
your roles like: 

./stuff.yml
---
- include: playbooks/wtfstuff.yml

playbooks/wtfstuff.yml
--
- name: Do wtf stuff

  roles: 
  - role: ../roles/wtf

or put roles as a subdir of your playbook subdir and then require that any 
top-level playbooks must only include playbooks from the playbooks/ subdir:
project
├── inventory
├── site.yml
└── playbooks
├── ansible.cfg
├── webservers.yml
├── databases.yml
└── roles
├── nginx
├── php
└── mysql


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4b54bd1b-e1d9-4b54-a470-3880e0350758%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-21 Thread Mike Biancaniello 
1. what Uditha said about 'testservers'.
2. By "use multiple plays", I meant to create one play that specifies hosts: 
testservers, another play that specifies hosts: dev-servers, and a third 
that specifies hosts: prod-servers. 
Then, have specific tasks for those servers.

Now, re-looking at your playbook, I realize that I had forgotten that you 
were using a role for this, so separating this into multiple plays would be 
more complicated because you want the role to act differently depending on 
the group. In general, this makes the role less portable because it 
requires that these groups be defined.

So, if you wanted to go down this road, you could either split your role 
into multiple roles or split your tasks/main.yml into multiple files (this 
might be overkill for what you want to do, but I'm including it here for 
completeness):

e.g. 
tasks/prod.yml: tasks to run on all prod-servers
tasks/dev.yml: tasks to run on all dev-servers
tasks/test.yml: task to run on all testservers

tasks/main.yml:
---
- name: Run on prod
  include: prod.yml
  when: run_prod|default(false)

- name: Run on dev
  include: prod.yml
  when: run_dev|default(false)

- name: Run on test
  include: test.yml
  when: run_test|default(false)



and in your playbook:
---
- name: Play for test servers
  hosts: testservers

  roles:
  - { role: app_install, run_test: true, tags: test }


- name: Play for dev servers
  hosts: dev-servers

  roles:
  - { role: app_install, run_dev: true, tags: dev }

- name: Play for prod servers
  hosts: prod-servers

  roles:
  - { role: app_install, run_prod: true, tags: prod }



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2785dd7b-41a6-4226-aa15-417565308f97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-19 Thread Mike Biancaniello 
Or ... your problem could be that you don't have a group defined as 
"testservers". Only "testsystems".

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c587b96d-a3ee-489b-89d7-0816ec08cb04%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-19 Thread Mike Biancaniello 


Overall, you are better off customizing your plays for each group (maybe in 
separate playbooks) instead of trying to make a one-size-fits-all playbook. 
Tasks can be reused by either importing them or putting them in roles.

The other nice thing about this model is that when you run ansible-playbook 
--list-roles, you get a nice documented output (assuming you named all of 
your tasks) of what will happen. 


However, since we're already here


'testserver' is a value, not a variable name.

There are a few ways you can do this:

   1. Use multiple plays. Have one play run with 'hosts: testservers' and 
   another play run on some other set of hosts. Group the tasks in the 
   appropriate plays.
   2. Make your 'when' statement be: when: "'testservers' in group_names"

Also, what do you mean by "moved it up one level"?



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4d6a33fa-77b4-4492-8307-10c53de43a8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

2016-03-18 Thread Mike Biancaniello 
I think your tree should look more like this. Also notice the change of 
tasks/app_install_task.yml to tasks/main.yml

~/git/ansible$ tree
.
└── project1
├── server_hosts
├── roles
│   └── app_install
│   ├── README.md
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   ├── tests
│   │   ├── inventory
│   │   └── test.yml
│   └── vars
│   └── main.yml
├── app_install_main.yml

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cf7b714e-859e-4310-9fab-b3d9247ecfe4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Tags as variable inside of playbook

2016-03-15 Thread Mike Biancaniello 
It sounds like you want to instruct a task to execute ONLY if a tag is 
present (skip if tag not set). I've seen that request before, but no idea 
if it may or may not be implemented.

I wonder if a vars_plugin or lookup_plugin might work.

would this work?

# file ./lookup_plugins/get_tags.py
from __future__ import (absolute_import, division, print_function)

from ansible.plugins.lookup import LookupBase
from __main__ import cli

class LookupModule(LookupBase):

def run(self, terms='', **kwargs):
tags = cli.get_opt('tags').split(',')
return [ tags ]



# file ./stuff.yml
---
- name: stuff
  hosts: localhost
  connection: local
  gather_facts: no

  vars:
ansible_tags: "{{ lookup('get_tags') }}"

  tasks:
  - name: show me tags
debug: msg="tags = {{ ansible_tags }}"
tags:
- always
  - name: Run this only and only if the tag was defined
debug: msg="I am tagged, therefore I run"
when: "'myspecialtag' in ansible_tags"
tags:
- myspecialtag



output:
ansible-playbook stuff.yml

PLAY [stuff] 
***

TASK [show me tags] 

ok: [localhost] => {
"msg": "tags = [u'all']"
}

TASK [Run this only and only if the tag was defined] 
***
skipping: [localhost]

PLAY RECAP 
*
localhost  : ok=1changed=0unreachable=0failed=0 
  



$ ansible-playbook stuff.yml --tags=myspecialtag

PLAY [stuff] 
***

TASK [show me tags] 

ok: [localhost] => {
"msg": "tags = [u'myspecialtag']"
}

TASK [Run this only and only if the tag was defined] 
***
ok: [localhost] => {
"msg": "I am tagged, therefore I run"
}

PLAY RECAP 
*
localhost  : ok=2changed=0unreachable=0failed=0 
  




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/97d529b1-b9be-4f0a-b320-25ee3ed8ad2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Tags as variable inside of playbook

2016-03-15 Thread Mike Biancaniello 
This is probably very terrible, but... 

pre_tasks:
  - name: set tag as fact
set_fact:
  myvar = mytag
tags: mytag



I don't think there is an 'ansible_tags' var passed to the playbook.

I haven't looked, but It is possible that an action_plugin might have 
access to that (from __main__ import cli), so you can create a module that 
sets 'ansible_tags' as an ansible fact.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c7872488-4b3c-42e7-9004-d8532ddb1616%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Calling a role, but only run tasks that use a certain tag

2016-03-09 Thread Mike Biancaniello 
I have seen others ask for this. Hopefully, there will eventually be a more 
elegant method. However, I believe that the only way to do this is, as you 
said, use a variable. I do this for debug or testing tasks that I don't 
want to run normally, but if I pass -e '{"run_tests":true}' when I run the 
playbook they will execute.

#roles/stuff/tasks/main.yml
---
- name: Run Tests (when run_tests is true)
  include: tests.yml
  when: run_tests|default(false)



and then you can either pass run_tests as an extra-var, or define it in a 
playbook:

- name: Testing stuff
  hosts: things

  vars:
run_tests: true

  roles:
  - { "role":"stuff", "tags":["logit"] }

or

- name: Testing stuff
  hosts: things

  roles:
  - { "role":"stuff", "tags":["logit"], "run_tests": true }



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f549d22a-fdee-4e44-a554-664a943e97bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] setting 'always_run' from a var

2016-03-02 Thread Mike Biancaniello 
I have a task that I would like to conditionally run even in check_mode 
(actually I want to set it for an entire role, but I'm seeing the same 
behavior in regular tasks).


The idea is that this would NOT run the task:
ansible-playbook always_run.yml --check

And then to actually execute the task in check_mode:

ansible-playbook always_run.yml -e '{"runit":true}' --check


But that's not the behavior I'm seeing. The problem is that alwasy_run 
always evaluates to 'true'.

Playbook (I've tried a few different variations. The only one that properly 
evaluates always_run is always_run: false):

---
- name: Do cool stuff
  hosts: localhost
  connection: local
  gather_facts: no

  vars:
runit: false

  tasks:
  - name: show runit
debug: var=runit
  - name: show stuff
command: whoami
always_run: "runit == true"
#always_run: "{{runit|default(false)}}"
#always_run: "{{runit}}"
#always_run: runit
#always_run: false
register: me
  - name: show me
debug: var=me.stdout_lines



Actual Results:

mikeb@mikeb-laptop:~/ansible-test$ ansible-playbook always_run.yml --check

PLAY [Do cool stuff] 
***

TASK [show runit] 
**
ok: [localhost] => {
"runit": false
}

TASK [show stuff] 
**
changed: [localhost]

TASK [show me] 
*
ok: [localhost] => {
"me.stdout_lines": [
"mikeb"
]
}

PLAY RECAP 
*
localhost  : ok=5changed=2unreachable=0failed=0

   
Expected Results:

mikeb@mikeb-laptop:~/ansible-test$ ansible-playbook always_run.yml --check

PLAY [Do cool stuff] 
***

TASK [coolrole : show stuff from role] 
*
changed: [localhost]

TASK [show runit] 
**
ok: [localhost] => {
"runit": false
}

TASK [show stuff] 
**
skipping: [localhost]

TASK [show me] 
*
ok: [localhost] => {
"me.stdout_lines": "VARIABLE IS NOT DEFINED!"
}

PLAY RECAP 
*
localhost  : ok=4changed=1unreachable=0failed=0 
  



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/08a9df18-1be7-4596-ba35-ecce6c8d67bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] force --check

2016-02-25 Thread Mike Biancaniello 
That might be what I'm looking for, but I'm not sure.

I want to be able to run a playbook (*not* in check_mode), but tell one 
task to run *only* in check_mode.

Currently, if you run in check_mode, setting `always_run: true` on a task 
makes that task run as if it is not in check_mode. I want the opposite of 
this.

I want to be able to run:
ansible-playbook stuff.yml

stuff.yml
---
- name: stuff
  hosts: things

  tasks:
  - name: Apply awesome sauce
awesome: a=b c=d
  - name: pretend to do something
something: a=b c=d
check_mode: true




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/12eb87ec-af70-4327-b761-bcfefa35e734%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] The new Python API is extremely complex.

2016-02-25 Thread Mike Biancaniello 
interesting. My hybrid (custom) lookup_plugin:

def run(self, terms='', **kwargs):
'''Normalize terms and args and perform lookup.

Args:
  terms (Optional[str,list]): Comma-delimited string (or python 
list) of terms.
  kwargs (**dict): See ``Store()`` object for details. All kwargs 
are sent
when creating instance.

Caveats:
   Ansible 2.0 sends all args as list::

 "{{ lookup('myplug', ['key1', 'key2']) }}" ==> [['key1', 'key2
']]
 "{{ lookup('myplug', 'key1', 'key2') }}" ==> ['key1', 'key2']

   Ansible 1.9 sends first arg as list::

 "{{ lookup('myplug', ['key1', 'key2']) }}" ==> ['key1', 'key2']
 "{{ lookup('myplug', 'key1', 'key2') }}" ==> ERROR! Too many 
args.

'''
## Normalize terms to be a list
if not isinstance(terms, list):
terms = terms.split()
## Ansible 2.0 sends all args as list
## Ansible 1.9 sends first arg as list
if len(terms) == 1 and isinstance(terms[0], list):
terms = terms[0]
...etc...

Now, I want to switch to use listify_lookup_plugin_terms!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bc9e082a-80d0-4b92-b0ce-d7b8c7f35b68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] The new Python API is extremely complex.

2016-02-25 Thread Mike Biancaniello 
I have done similar things to enable my plugins for v1 AND v2. Essentially:

from ansible import __version__ as ANSIBLE_VERSION
if ANSIBLE_VERSION.startswith('2'):
else:


More recently, I am encouraging everyone to upgrade to v2 and trying to 
remove the v1 support esp as some things that I'm doing now simply aren't 
possible in v1.

My concern, however, is that all of this is going to break with v3 or maybe 
even v2.2, resulting in some plugins requiring more code to deal with the 
version than actually do the thing it's actually trying to do. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/da20192d-136b-4d92-97b8-19c58f748b8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] The new Python API is extremely complex.

2016-02-24 Thread Mike Biancaniello 
I have found that if you want to wrap the running of a playbook inside of a 
python script (so you can make the interface a bit more user friendly and 
translate cmdline args to --extra-vars, etc), the 2.0 API is much simpler.

from ansible.cli.playbook import PlaybookCLI

cliargs = {
'playbook':pb,
'args': {
'-i':host_list,
'-e':json.dumps(xvars),
}
}

def _run_playbook_v20(cliargs):
ansargs=['ansible-playbook',cliargs['playbook']]
[ansargs.extend([k,v]) for k,v in cliargs['args'].items()]
print "executing: {}".format(' '.join(ansargs))
cli = PlaybookCLI(ansargs)
cli.parse()
return cli.run()



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d6e3d1d-193c-40bb-b5a5-2ddf2a355db0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: missing ansible.callbacks module

2016-02-12 Thread Mike Biancaniello 
ansible.callbacks no longer exists in 2.0. 

it sounds like you are calling Ansible from a python script. If so, this 
process is very different in 2.0.
You probably need to reach out to whomever wrote the software or downgrade 
your ansible to 1.9.

If you want to take a stab at fixing it, the way I've solved this for my 
scripts is:

from ansible import __version__ as ANSIBLE_VERSION
if ANSIBLE_VERSION.startswith('2'):
from ansible.cli.playbook import PlaybookCLI
else:
from ansible.playbook import PlayBook
from ansible.inventory import Inventory
from ansible.callbacks import PlaybookCallbacks, AggregateStats, 
PlaybookRunnerCallbacks

def run_playbook():
if ANSIBLE_VERSION.startswith('2'):
return _run_playbook_v20()
else:
return _run_playbook_v19()

def _run_playbook_v20():
cli = PlaybookCLI()
cli.parse()
return cli.run()

def _run_playbook_v19(cliargs):
class playbook_cb(PlaybookCallbacks):
... etc ...


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/56350031-adc6-4b7b-9cc6-f7cade0f0463%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Play single roles in a playbook

2016-02-12 Thread Mike Biancaniello 
It would be nice if roles could be autotagged with the role name. 

>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e5bd181-d18f-4744-9432-5c7a79b87f64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible 2.0.1 RC1 is available for testing!

2016-01-28 Thread Mike Biancaniello 
excellent. I was excited to see the diff['prepared'] (plugins/callback/) 
made into this release, but a little bummed that AnsibleModule._diff did 
not. Do you have a release target for that? (
https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/basic.py#L1144
)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/feff9314-de5a-468f-943b-c390aa153e90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-27 Thread Mike Biancaniello 

IYI, my eventual solution involves creating a blank change-mgmt ticket with 
a callback_plugin in init(). I then store the ticket number that is created 
in __main__.cli.ticket_number.
Then, the first pre-task of my playbook calls my action_plugin to read the 
ticket_number from __main__.cli and update the ticket with the actual data 
specific to the playbook that is being run.

I'm not sure I'm completely satisfied with this solution, but it does seem 
to work.



On Tuesday, January 26, 2016 at 1:22:01 PM UTC-5, Mike Biancaniello wrote:
>
> Ok, so the problem I'm having in making this a callback is that I want to 
> open a ticket on playbook start and close it on stats. 
>
> In order to open the ticket, I need certain information that will be 
> specific to the playbook being run. The only way I can find to pass vars is 
> through play_vars, which are only available in v2_playbook_on_play_start 
> through play.get_vars().
> These vars are only those that are set in the play itself, which excludes 
> vars defined in vars_files (play.get_vars_files() returns a list of files 
> which I would then need to read).
>
> I feel like I'm missing something. Is there a better way that I can pass 
> variables to a callback_plugin?
>
> The best I can find so far is to grab them from TaskResult['invocation'] 
> *after* the first task is run (then keep track of the fact that I've 
> already opened a ticket and not open a new one for every task).
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/796887d1-9e14-4b15-a28b-f82987d54c45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-26 Thread Mike Biancaniello 
Ok, so the problem I'm having in making this a callback is that I want to 
open a ticket on playbook start and close it on stats. 

In order to open the ticket, I need certain information that will be 
specific to the playbook being run. The only way I can find to pass vars is 
through play_vars, which are only available in v2_playbook_on_play_start 
through play.get_vars().
These vars are only those that are set in the play itself, which excludes 
vars defined in vars_files (play.get_vars_files() returns a list of files 
which I would then need to read).

I feel like I'm missing something. Is there a better way that I can pass 
variables to a callback_plugin?

The best I can find so far is to grab them from TaskResult['invocation'] 
*after* the first task is run (then keep track of the fact that I've 
already opened a ticket and not open a new one for every task).


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/583ce6cf-d400-418a-8977-f4b9aabe3917%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] role callback dependencies

2016-01-25 Thread Mike Biancaniello 
So I have been playing around with multiple callbacks and ordering. I 
created two callback plugins: calltest1, calltest2. Each one simply prints 
its number and fcn to the screen:

e.g.
TEST1: v2_playbook_on_start()
TEST2: v2_playbook_on_start()


Some observations:
1. If I put the callbacks in ./callback_plugins, I cannot choose the order 
at runtime. I assume they run in ABC order.
2. If I put the callbacks in separate roles, (
roles/calltest1/callback_plugins, roles/calltest2/callback_plugins/ 
respectively), then I can control the ordering by calling roles:

file: calltestsite.yml
---
roles:
- calltest2
- calltest1



output:
TEST2: v2_playbook_on_start()
TEST1: v2_playbook_on_start()



3. However, and this is where it gets weird:
If I set calltest2 as a dependency of calltest1, calltest1 fires first!
file: roles/calltest1/meta/main.yml
---
dependencies:
  - { role: calltest2 }



file: calltestsite.yml
---
roles:
- calltest1



output:
TEST1: v2_playbook_on_start()
TEST2: v2_playbook_on_start()



4. what's really weird is that I know for sure that calltest2 is actually 
running first:
file: roles/calltest1/tasks/main.yml
---
- name: calltest1 show me role task
  debug: var="calltest1 role task"



file: roles/calltest1/tasks/main.yml
---
- name: calltest1 show me role task
  debug: var="calltest1 role task"



output:
TASK [calltest2 : calltest2 show me role task] 
*
TEST1: v2_runner_on_ok()
TEST2: v2_runner_on_ok()

TEST1: v2_playbook_on_task_start()
TEST2: v2_playbook_on_task_start()

TASK [calltest1 : calltest1 show me role task] 
*
TEST1: v2_runner_on_ok()
TEST2: v2_runner_on_ok()


Is this expected behavior?

(fwiw, I'm not planning on listing callback dependencies, but thought the 
behavior was curious)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7649fa06-4e4a-44f8-a1c6-cf5f33dd618d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-22 Thread Mike Biancaniello 
So, it looks like, in my case, I'll want an action plugin since I don't 
really need anything run on a remote machine and I'll need access to the 
results of the playbook.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/50c9e5cb-3182-425a-a83f-a0b7a9b96bc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-22 Thread Mike Biancaniello 
I actually started out to create a callback that triggered on change, but 
after some internal discussion, decided that I didn't want it to fire after 
each task, but rather, wanted to run it one time in the beginning and once 
at the end, so I figured that calling it as a task would be more 
appropriate.

That said, one future enhancement will be to open the ticket at the 
beginning, then update it after each changed task, in which case, I plan to 
use module tasks to create and close the ticket and then use a 
callback_plugin to update the ticket with results as they come in.  Of 
course, if I've already written a module, I could set the updates to run as 
a handler task on change.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/71e628c7-e6af-4ee8-8ff4-e52d46c047b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: action_plugin/ vs library/ module

2016-01-22 Thread Mike Biancaniello 
I'm trying to get Ansible to open a ticket in our internal config 
management system.

I'm not new to modules, just thought that the action plugin looked more 
2.0-ish.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e7913fb9-fd09-4fdb-b534-b6045585eb57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-22 Thread Mike Biancaniello 
I also notice that there seem to be a lot of action_plugins for core 
modules.

It doesn't look like modules have access to ansible __main__ data (e.g. if 
--diff was passed on the cmdline). If I need that data, might I need an 
action_plugin?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6859434e-4287-4f77-93c8-c82992f34c87%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] action_plugin/ vs library/ module

2016-01-22 Thread Mike Biancaniello 
Perhaps. I'll probably build both and see which feels better. I need to be 
able to set vars for the plugin/module to use that might be different for 
each playbook. The callback_plugins have access to vars through the 
'invocation' in res, right? I'll also need access to all of the diffs, so 
I'll need to capture and then reference them in on_stat.

All other things being equal, this may come down to style and which 
playbook is easiest for people to understand and work with. Of course, most 
likely, in either case, my playbook would probably look something like 
this, no matter which option I choose:

---
  vars:
config_mgmt:
  opt1: val1
  opt2: val2
  opt3: val3


  roles:
  - { 'role':'config_mgmt','setup_vars':config_mgmt }





-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5066a050-f1ed-4eab-89d1-36ca463fd856%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] action_plugin/ vs library/ module

2016-01-21 Thread Mike Biancaniello 
So, what's the deal with action_plugins? There is very little documentation 
on their purpose.

Observations:
1. If action_plugin/foo.py and library/foo.py both exist, then only 
action_plugin/foo.py gets called (the plugin *may* call the module if it 
wants, but that is not by default).
2. If library/foo.py exists, but there is no corresponding action_plugin, 
the library is called.
3. If action_plugin/foo.py exists, but there is no corresponding module, 
then Ansible throws a syntax error.
4. If action_plugin/foo.py exists, and the library is empty (literally 
created with 'touch library/foo.py'), then the action_plugin is called and 
everything works.
5. *some*times, but no always, the action_plugin does some preliminary work 
with data that is not available to the library or the option plugin 
modifies the results.

For #5, I can understand a solid use case. If a vendor supplies a module 
and you want to use it, but would prefer to have the data returned 
differently (or strip out data or whatever) but don't want to modify the 
vendor's module, then this makes a lot of sense as a module wrapper.

I need to write a module and can't decide if I should write a standard 
library module or if I should write an action_plugin with a blank library 
module (I suppose just to use for documentation, though that seems odd).

any clarification would help.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/17700444-9aa5-42de-a3f4-c023fb05741c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] callbacks with --check

2016-01-19 Thread Mike Biancaniello 
worked great, thanks!

Is there a way to do this in 1.94?
For now, I added to my callback:

from ansible import __version__ as ANSIBLE_VERSION
if not ANSIBLE_VERSION.startswith('2'):
from ansible.callbacks import display
display("Logging not supported in Ansible <2.0",'red')
from ansible.callback_plugins.noop import CallbackModule



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b0fca3ff-4d26-4257-ab45-12f5ec297fa6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] callbacks with --check

2016-01-19 Thread Mike Biancaniello 
I am trying to put together a logging module to log changes, but I do not 
want to log anything when run in check-mode (because no changes were made, 
so this would be confusing to anyone reading the logs).

Is there any way to do this? I can't find any place where play_context (or 
anything else that might have that info) is passed to a callback_plugin.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a6004be9-3249-4d82-8957-ef4655580627%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Get other group variables

2016-01-05 Thread Mike Biancaniello 
You could also create a VIP list in 'all' and then reference them in the 
group_vars:

group_vars/all/vips:
all_vips:
  - name: cluster1_vip
ip : 1.2.3.4
otherattr: yes
  - name: cluster1_othervip
ip : 1.2.3.5
otherattr: yes
  - name: cluster2_vip
ip : 1.2.4.4
otherattr: yes
  - name: cluster2_othervip
ip : 1.2.4.5
otherattr: yes



group_vars/firstcluster:
vips:
  - cluster1_vip
  - cluster1_othervip



group_vars/secondcluster:
vips:
  - cluster2_vip
  - cluster2_othervip



templates/zone.j2
{% for vip in all_vips %}
{{ vip.name }}  IN A {{ vip.ip }}
{% end for %}



templates/vips.j2 
{% for vip_name in vips %}
{% for vip in all_vips|selectattr("name", "equalto", vip_name) %}
virtual server {{ vip.name }} {{ vip.ip }}
{% endfor %}{# vip #}
{% endfor %}{# vip_name #}





-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/31f58b5e-8928-4265-8492-868edea71962%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

2015-12-17 Thread Mike Biancaniello 
I agree that I'd like to be able to have roll contain a number of tasks and 
then have then selective run. A use-tags or play-tags option would be nice 
to use in that case. While you can certainly implement that with vars (see 
#2 below), it seems that a tags solution would be more elegant.

There are also times when you want to insert debug tasks but don't want 
them to play by default and don't want to have to remember to always send 
--skip-tags='debug' every time you run a playbook. 

However, for now, I work around this in two ways:

1. I write a python script that calls the playbook and it sets the tags for 
me.

e.g.
./run_playbook.py site.yml

would essentially run:

ansible-playbook -i hosts site.yml --skip-tags='debug'

or something to that effect.

2. I require an extra-var to *not* skip.

e.g. 
  tasks:
- name: Show vars
  debug: msg={{item.ansible_facts}}
  with_items: some_loaded_vars.results
  tags: debug
  when: debug|default(false)


then:

ansible-playbook site.yml -e '{"debug":true}'

would execute that task.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d2a49762-586e-4bbb-9d5f-e9749466fb18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: nested variables - again

2015-12-15 Thread Mike Biancaniello 
Will this do what you need?  using structure[list] instead of trying to 
nest.

---
- name: stuff
  connection: local
  gather_facts: no
  hosts: localhost

  vars:
list: list1
structure:
  list1:
- {var1: "val1", var2: "val2", var3: "val3"}
  list2:
- {var1: "val1", var2: "val2", var3: "val3"}
  list3:
- {var1: "val1", var2: "val2", var3: "val3"}


  tasks:
  - name: with_index
debug: msg="var1={{item.var1}}, var2={{item.var2}}, var3={{item.var3}}"
with_items:
  - "{{structure[list]}}"



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0486-406d-438f-95a5-4deed0a5fd2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] kerb host princ maintenance

2015-12-11 Thread Mike Biancaniello 
Does anyone know of an existing module that allows me to manage krb5 princs 
and keytabs that also supports --check-mode?

I found one that essentially runs a bash script to add princs, but it 
doesn't check first to see if the entry exists (if I remember, it was meant 
for creating the admin for a new install).

I'm about to just write my own, but figured I'd ask here as a last attempt 
to find something that already exists.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c80ca51a-721e-414d-8023-26aca9fbb5be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: How to make an item in with_items conditional?

2015-12-11 Thread Mike Biancaniello 
My first thought is to create a new task and use a when clause:

- hosts: mt1-dummys101
  tasks:
- name: Install apt packages
  sudo: true
  apt: pkg={{ item }}
  with_items:
- build-essential
- libyaml-dev
- python2.7-dev

- name: Install apt packages for version 14

  sudo: true
  apt: pkg={{ item }}
  with_items:- silversearcher-ag
  when: ansible_distribution_major_version == '14'





-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0ed34123-9271-41e8-b6ba-b99c275323fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Access ansible list in python script.

2015-12-10 Thread Mike Biancaniello 
Instead of passing a python list, can you pass a json string? Then, inside 
the py script, just use json.loads().

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0621f6f4-b4e7-426f-a57c-89d2f9fea24e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: help on loop over list of dicts

2015-12-10 Thread Mike Biancaniello 
Not sure what you're doing wrong. Maybe it's the way you define 
dev_interfaces (yeah, it makes no sense why it would work in debug, but not 
in with_items, but sometimes that happens).

This worked for me:
---
- name: stuff
  connection: local
  gather_facts: no
  hosts: localhost

  vars:
dev_interfaces:
  - subnet: 10.0.0.0/31
peer_addr: 10.0.0.1
name: Ethernet0
mask: 255.255.255.254
prefixlen: 31
addr: 10.0.0.0

  tasks:
- debug: msg="{{ dev_interfaces[0].name }}"

- name: debug message interface name
  debug: msg="{{item.name}}"
  with_items: "{{ dev_interfaces }}"


output:
PLAY [stuff] 
** 

TASK: [debug msg="{{ dev_interfaces[0].name }}"] 
** 
ok: [localhost] => {
"msg": "Ethernet0"
}

TASK: [debug message interface name] 
** 
ok: [localhost] => (item={'subnet': '10.0.0.0/31', 'peer_addr': '10.0.0.1', 
'name': 'Ethernet0', 'prefixlen': 31, 'mask': '255.255.255.254', 'addr': 
'10.0.0.0'}) => {
"item": {
"addr": "10.0.0.0", 
"mask": "255.255.255.254", 
"name": "Ethernet0", 
"peer_addr": "10.0.0.1", 
"prefixlen": 31, 
"subnet": "10.0.0.0/31"
}, 
"msg": "Ethernet0"
}

PLAY RECAP 
 
localhost  : ok=2changed=0unreachable=0failed=0 
  




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/858a36b5-6dc1-43ee-a6b8-43f8f974e0b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Iterating over a list in a dictionary within a Jinja2 template

2015-12-08 Thread Mike Biancaniello 
First, in your j2, you can't ever reference `item` without `item.key` or 
`item.value`.

However, I think your amin problem is that your first iteration is a dict 
(not a list) and the second is a list of dicts without deterministic keys.

Try this:

hubot_bots:
  testbot:
owner: 'Bot Wrangler '
name: Hubot
descr: Delightfully aware robutt
adapter: rocketchat
environment:
  - key: rocketchat_room
value: GENERAL
  - key: rocketchat_user
value: Hubot
  - key: rocketchat_password
value: Hubot




or:

hubot_bots:
  testbot:
owner: 'Bot Wrangler '
name: Hubot
descr: Delightfully aware robutt
adapter: rocketchat
environment:
  rocketchat_room: GENERAL
  rocketchat_user: Hubot
  rocketchat_password: Hubot


You could also go with with_items and change the vars to:

hubot_bots:
  - label: testbot
owner: 'Bot Wrangler '
name: Hubot
descr: Delightfully aware robutt
adapter: rocketchat
environment:
  rocketchat_room: GENERAL
  rocketchat_user: Hubot
  rocketchat_password: Hubot




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f12b734c-6132-4dbe-9a1e-ce776a986cd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible Best Practice.

2015-12-07 Thread Mike Biancaniello 
Originally, I was containing my vars within the roles, but after realizing 
that those vars override everything else, instead, I only populate the 
default/main.yml with vars inside the roles, just so things don't error, 
and define everything else in my main group_vars.

So, in my setup, when I have vars that are global, I put them in 
group_vars/all/*, then label them if there is more than one option.

e.g. 
#file: group_vars/all/nfs_servers
---
nfs_exports:
  git:
server: 1.1.1.1
export: /data/git
mount_point: /mnt/git
options: defaults,_netdev
  media:
server: 1.1.1.1
export: /data/media
mount_point: /var/lib/media
options: defaults,_netdev
  home_dirs:
server: 2.2.2.2
export: /data/home_dirs
mount_point: /home
options: defaults,_netdev



#file: group_vars/git_servers
---
nfs_mounts:
  - git



#file: group_vars/desktops
---
nfs_mounts:
  - home_dirs
  - media





On Wednesday, December 2, 2015 at 4:20:21 PM UTC-5, Jason Morgan wrote:
>
> I am currently developing a Playbook consisting of a number of roles via 
> include statements as show below:
>
> hosts: testing
>sudo: yes
>roles:
>- timezone
>- ntp
>- mariadb
>- nfs-server
>
> I would appreciate some advice of where to put all the varables for the 
> server eg Database , NFS exports, Timezone etc Would they be added as vars: 
> in the main playbook ? As vars under a host_vars directory ?
>
> Thanks Jason
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e12e4106-285c-4d76-98d1-ddd7a3596850%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Combinations of lists

2015-12-07 Thread Mike Biancaniello 
have you tried ansible_nested (
http://docs.ansible.com/ansible/playbooks_loops.html#nested-loops)

Enter code here..---
- name: stuff
  hosts: localhost
  gather_facts: no
  connection: local

  vars:
l: [a,b,c]
n: [1,2,3]

  tasks:
- name: show nested
  debug: msg="[{{ item[0] }},{{ item[1] }}]"
  with_nested:
- l
- n
.

results in:
TASK: [show nested] 
***
ok: [localhost] => (item=['a', 1]) => {
"msg": "[a,1]"
}
ok: [localhost] => (item=['a', 2]) => {
"msg": "[a,2]"
}
ok: [localhost] => (item=['a', 3]) => {
"msg": "[a,3]"
}
ok: [localhost] => (item=['b', 1]) => {
"msg": "[b,1]"
}
ok: [localhost] => (item=['b', 2]) => {
"msg": "[b,2]"
}
ok: [localhost] => (item=['b', 3]) => {
"msg": "[b,3]"
}
ok: [localhost] => (item=['c', 1]) => {
"msg": "[c,1]"
}
ok: [localhost] => (item=['c', 2]) => {
"msg": "[c,2]"
}
ok: [localhost] => (item=['c', 3]) => {
"msg": "[c,3]"
}




On Monday, December 7, 2015 at 1:55:38 PM UTC-5, Chris Searle wrote:
>
> I get the feeling I'm missing something obvious - so feel free to tell me 
> so :)
>
> I seem to often want to do a combination of two lists - most often one 
> that is static and one that is dependent on the group.
>
> One example:
>
> I have a set of apache vhosts. So - I have a variable that has a list of 
> dicts - one per host. From that - I can create the htdocs dirs, log dirs, 
> the apache config files etc etc. This works fine.
>
> For apache I create the following directory structure per vhost:
>
> /srv/www/[fqdn]
> /srv/www/[fqdn]/htdocs
> /srv/www/[fqdn]/logs
>
> But - I also want to apply a standard set of extended attributes (using 
> acl) on the [fqdn], htdocs and logs dirs. So - for the standard set of 
> acl's I want to set - I have second (static) items list.
>
> I can't see how to apply each of the second list for each of the items in 
> the first list.
>
> Another example is managing a given list of four files for each of a set 
> of given directories - the files list is a static list, the directories 
> varies group to group.
>
> So - I was looking for something similar to with_together - but that 
> doesn't seem quite what I'm after.
>
> If I give with_together two lists like [a,b,c] and [1,2,3] I observe that 
> I get [a,1], [b,2] and [c,3].
>
> What I'm after is [a,1], [a,2], [a,3], [b,1], [b,2], [b,3], [c,1], [c,2] 
> and [c,3]
>
> What's the best way to approach this?
>
> Regards
>
> Chris
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bab10510-c415-4cd0-97f0-9e54eb60e56f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: How to define host var and append values to it from task

2015-11-19 Thread Mike Biancaniello 
I think the short answer is that you don't. Ansible has a setting that will 
allow you to merge dictionaries together, but not lists. This setting is 
global and applies to all dicts. I'm guessing it doesn't merge lists 
because there's no way to indicate if your intent is to merge the list or 
replace it.

Your best bet, here, is to write a filter_plugin that merges the lists. 

e.g. 
locked_domains|merge_list(domains.json,'ID')

where merge_list() is a function in a filter_plugin that takes 3 arguments: 
original_list, new_listofdicts, key.


There might be  with_ statement that does this, but looking at your task, 
I'm not sure if any will do exactly what you want (depends on how you're 
going to use locked_domains).

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/67fbe902-0a6a-4d62-b688-587c6877e014%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Playbook organization with var files

2015-10-09 Thread Mike Biancaniello 
I have the same issues trying to manage a ton of playbooks that all use the
same resources (which is how I stumbled upon this). However, after reading
the comments, I think I better understand where Ansible is coming from.

(people who know I'm sure will correct me if I'm wrong)

It seems as though Ansible considers each playbook tied to an inventory and
group_vars are also explicitly tied to inventory. Therefore, it would
reason that if you want to logically separate your playbooks into
subdirectories, the separation should be along inventory boundaries such
that the group_vars/ mostly do not need to be shared between playbook
subdirs. Furthermore, if you do have resources that are shared
(./group_vars/all, ./library/, ./filter_plugins/, ), then you can
accomplish this with symlinks.

That being said, it would be nice to have an option for ansible-playbook
that set a reference directory.

e.g.

$ ansible-playbook -i thesehosts playbooks/thesehosts/this_playbook.yml
--shared_dir=.

or

$ ANISBLE_PATH=. ansible-playbook -i thesehosts
playbooks/thesehosts/this_playbook.yml

which would avoid the need for symlinks.

Of course ... could all of this be avoided if we put ALL shared resources
in /etc/ansible/ ? roles, group_vars, filter_plugins, ?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CADBUY_iXJw7Bie%3DMZhrqFSdCo1FyH5oFhN-iXL%2BbZYsFUVsFvQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.