Re: [ansible-project] Question on using the Ansible API

[Pshem Kowalczyk]

Hi,

I had a similar requirement, but decided to approach it a bit differently.
In my case the playbook always had to be run first, so I simply collected
all the variables I needed into one dictionary and then stored that
dictionary in a file for further reuse by other components.

kind regards
Pshem


On Wed, 24 Jun 2020 at 03:54, tterr...@gmail.com 
wrote:

> I have a big ansible project where I have separated my files into
> playbooks, vars files, an inventory folder and roles. These files make
> extensive use of jinja templates.
>
> For my use case, I need to be able to access the variables in these files
> outside ansible. So far, I have included `copy` tasks to dump the variable
> I need to templated out vars files. Then, in my app I read those with the
> python `yaml` module without issue since they are free of jinja templates.
> The variables I am interested in are the variables in the `vars` section of
> a playbook as well as those in `vars_files`. Such variables, get merged
> with role defaults.
>
> I am now trying to remove those `copy` tasks and instead use the Ansible
> API to get the final value for the variables. This will also have the
> benefit of fully respecting the precedence rules baked into Ansible. So
> far, this is what I have come up with.
>
> ```
> #!/usr/bin/env python
>
> import code
> import os
> import readline
> import rlcompleter
>
> os.environ["ANSIBLE_CONFIG"] = "ansible/ansible.cfg"
>
> import ansible.constants as C
> from ansible.inventory.manager
> import InventoryManager
> from ansible.parsing.dataloader import DataLoader
> from ansible.vars.manager import VariableManager
> from ansible.template import Templar
>
> from ansible.playbook import Playbook
>
> loader = DataLoader()
> inventory = InventoryManager( loader=loader,
> sources=["data/worlds/active/inventory/configs"] )
> variable_manager = VariableManager(loader=loader, inventory=inventory)
>
> p = Playbook.load( "ansible/plays/instances/main.yml", loader=loader,
> variable_manager=variable_manager)
>
> readline.parse_and_bind("tab: complete")
> code.InteractiveConsole(locals=globals()).interact()
> ```
>
> I don't know how to proceed. I am supposed to actually run the tasks in
> the playbook to manage to get the variables? Can I somehow achieve what I
> want with the Ansible API without running any task? I don't care about
> `set_fact` or dynamic creation/alteration of the variables.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/130c4ab9-028f-4c20-8802-04a8691dcc2fn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAMFQMATM2s9XAMuCLv-EbGgMW7HU2s-baCmOsq%3DDFZcp-ifWJg%40mail.gmail.com.

Re: [ansible-project] yum downgrade is not working in Ansible Command module

[Pshem Kowalczyk]

Run playbook with '-vv' appended and show us the output.

kind regards
Pshem


On Wed, 17 Jul 2019 at 18:18, Rahul Kumar  wrote:

> No -y option also does not work.   Well yum downgrade  is a valid
> command and working outside Ansible.
>
> On Wed, 17 Jul 2019 at 11:44, Michael Mullay  wrote:
>
>> I think you just need the '-y' switch.
>>
>> yum -y downgrade 
>>
>> On Tue, Jul 16, 2019 at 11:04 PM Rahul Kumar 
>> wrote:
>> >
>> > This is the playbook.
>> > ---
>> > - hosts: localhost
>> >   tasks:
>> >  - name: Install specific version of a package in Ansible.
>> >command: yum downgrade 
>> >
>> > Task is stuck at this point of time, however all other yum commands
>> such as (yum info  etc. ) are working fine in command module.
>> > But if i try same command 'yum downgrade ' manually , it
>> works.
>> >
>> > On Wednesday, 17 July 2019 11:27:38 UTC+5:30, Dick Visser wrote:
>> >>
>> >> On Wed, 17 Jul 2019 at 07:36, Rahul Kumar  wrote:
>> >>>
>> >>> I am using Ansible command module to downgrade the package (assuming
>> higher version is already installed and
>> >>> repo has both lower and higher version). I dont want to use Anisble
>> yum module due to some constraints.
>> >>> I am not able to invoke yum downgrade  from command module.
>> >>
>> >>
>> >> What does this mean?
>> >> Did you get an error message?
>> >> Or did the task run OK but the package wasn’t downgraded?
>> >> Without knowing what you did it’s impossible to help. So please show
>> the task.
>> >>
>> >> You should be able to invoke any command using the command module.
>> >>
>> >> Dick
>> >>
>> >>
>> >>> --
>> >>> You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> >>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to ansible...@googlegroups.com.
>> >>> To post to this group, send email to ansible...@googlegroups.com.
>> >>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/446ee6a4-519d-4711-87e1-be3ea35a09e0%40googlegroups.com
>> .
>> >>> For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> Sent from a mobile device - please excuse the brevity, spelling and
>> punctuation.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to ansible-project+unsubscr...@googlegroups.com.
>> > To post to this group, send email to ansible-project@googlegroups.com.
>> > To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/172d66ef-3633-4117-af54-4443a9c0c899%40googlegroups.com
>> .
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAH4rTPtKNJbhcODCfn_EezwNFqSviH2_NN%3DO1xTpjuseW%2B%2BZBw%40mail.gmail.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAGH8rEywUuKmUJydXqg5T2yr%3DVEH2RHcBt%3D9P_zRn8cvwKMzbg%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUiZrjHdgF8C0b%2B0r7KqR4jFALh8%2BCuQ0GibvpO2wswwQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: connect to AWS instance as root doesn't fail

[Pshem Kowalczyk]

Hi,

The following solution comes to mind - on the controller run a playbook
that connects to the instances using the 'command' or 'shell' module (so
delegate_to: localhost) and inspect the output of the ssh command. Based on
the output of that playbook - create an inventory that stores
ansible_ssh_user. If you rely on dynamic inventory - I suggest trying to
figure out if you can Tag instances with information about the type of user
to use and then hack the dynamic inventory script to turn those tags into
'ansible_ssh_user' variable.

kind regards
Pshem


On Fri, 12 Jul 2019 at 04:29, William Dossett 
wrote:

> Ok, when running this with -  (managed to whittle down the output and
> see what I think the problem is...)
>
> it connects and does not get a "server refused our key" type error... it
> connects and then tells us to connect with another user and then closes the
> session with no error message.
>
>  Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared
> connection to 10.5.162.167 closed.\r\n",
> "module_stdout": "Please login as the user \"ec2-user\" rather than
> the user \"root\".\r\n\r\n",
> "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
> "rc": 0
>
> so we get a broken pipe   unfortunately I have no idea how to handle
> this.  Anyone, any ideas?  Tearing out what little hair I have left over
> this :-(
>
> Bill
>
>
>
> On Thursday, July 11, 2019 at 10:15:45 AM UTC-6, William Dossett wrote:
>>
>> Hi,
>>
>>
>>
>> I tagged this onto the end of another question and didn’t get any
>> answers… so am trying to figure it out myself, but the more I look at it
>> the more I don’t understand.
>>
>>
>>
>> AWS Linux instances do not allow connecting via SSH as root by default…
>> if you ssh as root, it tells you to connect as ec2-user and then just
>> disconnects after a few seconds.
>>
>>
>>
>> So I am trying to create a playbook to connect to all AWS Linux
>> instances, AWS, RHEL, Centos, Ubuntu.  They have different users, so I am
>> trying different users until it works and the run the rest of the playbook.
>> (you can also have your own AMIs and instance that may only have root
>> enabled)
>>
>>
>>
>> The problem is when I try to connect to this AWS Linux instance as root,
>> it doesn’t fail.  I get
>>
>>
>>
>> TASK [try users]
>> **
>>
>> [WARNING]: Unhandled error in Python interpreter discovery for host
>> 10.5.162.167: unexpected output from Python interpreter discovery
>>
>>
>>
>> [WARNING]: sftp transfer mechanism failed on [10.5.162.167]. Use
>> ANSIBLE_DEBUG=1 to see detailed information
>>
>>
>>
>> [WARNING]: scp transfer mechanism failed on [10.5.162.167]. Use
>> ANSIBLE_DEBUG=1 to see detailed information
>>
>>
>>
>> [WARNING]: Platform unknown on host 10.5.162.167 is using the discovered
>> Python interpreter at /usr/bin/python, but future installation of
>>
>> another Python interpreter could change this. See
>> https://docs.ansible.com/ansible/2.8/reference_appendices/interpreter_discovery.html
>> for
>>
>> more information.
>>
>>
>>
>> ok: [10.5.162.167]
>>
>>
>>
>> So I am unable to fathom why it seems to be connected and finding a
>> python interpreter at /usr/bin/python  … how does it get that far and why
>> doesn’t it just fail?
>>
>>
>>
>> It produces warnings, but ultimately an OK which means it will then try
>> and run the rest of the playbook – I guess that would fail eventually, but
>> that seems sloppy.  If I connect as another user that doesn’t exist it
>> fails with permission denied.
>>
>>
>>
>> Any advice would be greatly appreciated as I am about out of ideas right
>> now.
>>
>>
>>
>> Thanks
>>
>> Bill
>>
>>
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/53e35651-63ba-4bf6-9a7f-c6267b5c851d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVeOdNoFNNfaE-SEeMrEUV%3DEYmtCKmh3nLemWvkksGDmA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to debug Ansible modules

[Pshem Kowalczyk]

This should be of help:
https://docs.ansible.com/ansible/latest/dev_guide/debugging.html

kind regards
Pshem


On Tue, 4 Jun 2019 at 19:05, Wawrzek Niewodniczanski 
wrote:

> Hi,
>
> I'm looking to peek into an Ansible module. It is the 'unarchvie'
> module which in special circumstances is not idempotent
> (https://github.com/ansible/ansible/issues/57303). I read the code. It
> looks sensible to me. Now, I would like to check how it actually works
> with some data.
>
> Thanks,
> Wawrzek
>
> --
> Dr  Wawrzyniec Niewodniczańskior Wawrzek for short
>   PhD in Quantum Chemistry  & MSc in Molecular Engineering
>WWW: http://wawrzek.name E-MAIL: j...@wawrzek.name
>   Linux User #177124
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAC7-vpADhzTBtHDzna1WxLcnQ85qY3KU%3DREHUJaCLrRMeE3tTA%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVUbGqf7iRUHvWs44%2Bf6NeJF4kGNtMUqKvJTvzF63KHsg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: A10 Networks modules - Request for Testing and feedback

[Pshem Kowalczyk]

Hi,

For most of the stuff it's just using the uri module, with something like
this:

name: "execute command: {{ exec.meta.description }}"
uri:
  method: "{{ exec.meta.method }}"
  url: "https://{{ a10_device_ip }}{{ exec.meta.uri }}"
  return_content: true
  validate_certs: no
  body_format: "{{ exec.payload is defined | ternary('json', omit) }}"
  body: "{{ exec.payload is defined | ternary(exec.payload, omit) }}"
  headers:
 Authorization: "A10 {{ signature }}"
  status_code: "{{ exec.meta.status_code| default(200) }}"
  timeout: 60
  register: exec_result

which is executed from a loop, one call at a time.

kind regards
Pshem


On Tue, 23 Apr 2019 at 11:54, David Carrasco  wrote:

> Gotcha so does that mean you use Python scripts to leverage the A10 API,
> or do you somehow integrate Ansible with Python?
>
> Sent from my iPhone
>
> On Apr 22, 2019, at 6:07 PM, Pshem Kowalczyk  wrote:
>
> Hi,
>
> We use the A10s. Those modules turned out to be not particularly useful
> for us, so we ended up using the API extensively to get information (both
> config and operational) from the devices.
>
> kind regards
> Pshem
>
>
> On Tue, 23 Apr 2019 at 04:24, David Carrasco 
> wrote:
>
>> I am very new to both Ansible and A10, but it's interesting to come
>> across an article written 5 years ago of someone who already went down this
>> road.
>> I'm using the A10 in a network capacity (DDoS appliance) I was curious if
>> there was any way to display or output "get_facts" or show commands. At the
>> moment I'm interesting in retrieving information, and everything I've been
>> finding is ways to create/delete/modify configurations. And because I'm
>> paranoid I'd like to know if there were safe "get_facts" to perform.
>>
>> David
>>
>> On Sunday, June 1, 2014 at 10:53:11 AM UTC-4, Mischa Peters wrote:
>>>
>>> Hi All,
>>>
>>> I have created 3 modules for managing A10 Networks devices, Thunder /
>>> vThunder / AX / SoftAX.
>>> You can find them in my fork:
>>> https://github.com/mischapeters/ansible.git
>>>
>>> The current modules are:
>>> - a10_server
>>> -- creating / removing a server
>>> -- creating / removing a server port
>>> -- disable / enable the server
>>>
>>> - a10_service_group
>>> -- creating / removing a service-group
>>> -- setting the load balancing method
>>> -- adding members to the service-group
>>> -- disable / enable a member
>>>
>>> - a10_virtual
>>> -- creating / removing a virtual-server
>>> -- creating / removing virtual-server port
>>> -- adding a service-group
>>> -- disable / enable the virtual-server
>>> -- disable / enable the virtual-server port
>>>
>>> Things that I would like to add in the near future:
>>> - creating a source-nat pool
>>> - adding a source-nat pool to the virtual-server port
>>> - adding SSL certificates
>>> - creating a Client-SSL template
>>> - adding the Client-SSL template to the virtual-server port
>>> - creating a health monitor
>>> - adding the health monitor to the server port or service-group
>>>
>>> If there is anybody who has A10 Networks in their network please give it
>>> a go.
>>> It requires aXAPI 2.1, which got introduced in ACOS release 2.7.1. Which
>>> is now at 2.7.1-P5.
>>>
>>> Thanx!
>>>
>>> Mischa
>>>
>>> PS: full disclosure, I work for A10 Networks in EMEA.
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/81fd1272-2fa8-462c-9bf3-a076d5e268c9%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/81fd1272-2fa8-462c-9bf3-a076d5e268c9%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubs

Re: [ansible-project] Re: A10 Networks modules - Request for Testing and feedback

[Pshem Kowalczyk]

Hi,

We use the A10s. Those modules turned out to be not particularly useful for
us, so we ended up using the API extensively to get information (both
config and operational) from the devices.

kind regards
Pshem


On Tue, 23 Apr 2019 at 04:24, David Carrasco  wrote:

> I am very new to both Ansible and A10, but it's interesting to come across
> an article written 5 years ago of someone who already went down this road.
> I'm using the A10 in a network capacity (DDoS appliance) I was curious if
> there was any way to display or output "get_facts" or show commands. At the
> moment I'm interesting in retrieving information, and everything I've been
> finding is ways to create/delete/modify configurations. And because I'm
> paranoid I'd like to know if there were safe "get_facts" to perform.
>
> David
>
> On Sunday, June 1, 2014 at 10:53:11 AM UTC-4, Mischa Peters wrote:
>>
>> Hi All,
>>
>> I have created 3 modules for managing A10 Networks devices, Thunder /
>> vThunder / AX / SoftAX.
>> You can find them in my fork: https://github.com/mischapeters/ansible.git
>>
>> The current modules are:
>> - a10_server
>> -- creating / removing a server
>> -- creating / removing a server port
>> -- disable / enable the server
>>
>> - a10_service_group
>> -- creating / removing a service-group
>> -- setting the load balancing method
>> -- adding members to the service-group
>> -- disable / enable a member
>>
>> - a10_virtual
>> -- creating / removing a virtual-server
>> -- creating / removing virtual-server port
>> -- adding a service-group
>> -- disable / enable the virtual-server
>> -- disable / enable the virtual-server port
>>
>> Things that I would like to add in the near future:
>> - creating a source-nat pool
>> - adding a source-nat pool to the virtual-server port
>> - adding SSL certificates
>> - creating a Client-SSL template
>> - adding the Client-SSL template to the virtual-server port
>> - creating a health monitor
>> - adding the health monitor to the server port or service-group
>>
>> If there is anybody who has A10 Networks in their network please give it
>> a go.
>> It requires aXAPI 2.1, which got introduced in ACOS release 2.7.1. Which
>> is now at 2.7.1-P5.
>>
>> Thanx!
>>
>> Mischa
>>
>> PS: full disclosure, I work for A10 Networks in EMEA.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/81fd1272-2fa8-462c-9bf3-a076d5e268c9%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWFtWhpZn7QuK98k1whvr3TwgS18hGkN1Ob78cuo31_vA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Access to variables defined in roles from python script

[Pshem Kowalczyk]

Hi,

Have a look here:
https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html
You'll need to build your own module that you can invoke from your task
list or role.

kind regards
Pshem


On Thu, 7 Mar 2019 at 22:09,  wrote:

> I am an ansible newbie. My first non-trivial ansible project is to update
> / optimize the configuration of Juniper switches. The ansible modules are
> not run on the Juniper switch but locally on the ansible controller. The
> default modules do not seem to match our requirements, thus a (python) user
> module is needed. In a role ( ~/roles/x/vars/main.yaml ) a multi-level dict
> (in python-parlance) is defined, which includes a few lists. Is this
> information accessible from within a python script running on the ansible
> controller, and if so, how?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bcfc0ff2-ad8b-4030-b9a2-de7871177516%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVS5vTWwZS9Sc2VJR2aZEweBKPhD5EZooNYYigDnRSaFw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Help on terminal and cliconf plugin

[Pshem Kowalczyk]

Hi,

I've written those plugins for some of our in-house devices. Key points:
- You have to tell Ansible where your plugins are, either using
environmental variables or via ansible.cfg
- You'll need a module that actually uses your plugins
- The ios.py (in plugins/cliconf and plugins/terminal) is a very good
start, the corresponding module is modules/network/ios/ios_command.py
- getting the regular expression in the terminal plugin (in
variable terminal_stdout_re) right is critical - start with something
really generic and work from there, if that regular expression doesn't
catch the prompt you'll get weird errors about timeouts (even though the
ssh session connected fine).
- If you want to debug things - run Ansible in full debug mode (writing to
a file), if you need more have a look in
https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/connection.py
around line 190.

kind regards
Pshem


On Tue, 5 Mar 2019 at 18:56, 'Rajas Pachipulusu' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Hi Experts,
>
>
> I am unable to create terminal and cliconf plugin for my company. Can some
> one help me in creating it. I can arrange a call.
>
>
> Thanks in advance.
>
> Thanks,
> Rajas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/B5F57664-D954-466E-8C0E-2918954A6BE9%40pluribusnetworks.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUjKaTkpR3SBTzriQyp1-gc-t%2Bh2p65bps2ipXCrTgxqQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] using when something > variable

[Pshem Kowalczyk]

Hi,

inside 'when' all variables are automatically accessible, so you don't have
to use brackets. This should work:
when: item.acl_mask >= threshold

kind regards
Pshem


On Tue, 5 Mar 2019 at 07:39, Spiro Mitsialis 
wrote:

> I have a playbook that performs a command on a router and then parses the
> output.  So far no problem.
> I'm then trying to check if any of the variables back from the parser are
> >=   threshold.  The threshold is defined as a variable in the playbook.
> No problem with it.
> vars:
>   threshold: 90
>   tcam_full: False
>
> Although I do not get any error messages the following is never true, even
> when it should be.  Is there a way to make it work?
>- name: check ACL Mask
>  set_fact:
>tcam_full: true
>  when: item.acl_mask >= "{{ threshold }}"
>  with_items: "{{ tcam.tcam_resources }}"
>
> If I add a threshold manually like below it works fine.  I have several of
> these statements and would rather not hard code the threshold value
>- name: check ACL Entries
>  set_fact:
>tcam_full: true
>  when: item.acl_ent >= 90
>  with_items:  "{{ tcam.tcam_resources }}"
>
> Finally, I also get a warning message about using jinja2 templates with a
> when statement.  How should I be doing it? I've had similar messages when
> checking if a {{ variable }} == something.
>
> [WARNING]: when statements should not include jinja2 templating delimiters
> 36
> such as {{ }} or {% %}. Found: item.acl_mask >= "{{ threshold }}"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3520d313-7ad3-4770-8584-0255f5ecc59d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXjWwUew8gfLepsyiUDLizDpdfV5iwiF1ZaL52G1Tz85w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Except Module in Ansible

[Pshem Kowalczyk]

Hi,

Have you installed the pyexpect on the remote machine against which you're
executing the playbook?

kind regards
Pshem


On Thu, 28 Feb 2019 at 00:17, Deepak Sharma  wrote:

> Hi All,
>
> I am using except module to install one TIBCO products ,
>
> - name: Start Streambase installation
>   expect:
> echo: yes
> chdir: /opt/tibco//{{ env }}/install
> command: ./TIB_sb-cep_{{ tib_streambase_version
> }}_linux_x86_64.archive-bin
> responses:
>   (.*)Extract files to which directory (.*): /opt/tibco/{{ env
> }}/streambase/sb-cep/10.3
>   (.*)Do you accept this license (.*): "yes"
>
>
> But we are getting below error .
>
> (1, '\r\n{"msg": "The pexpect python module is required", "failed": true,
> "exception": "WARNING: The below traceback may *not* be related to the
> actual failure.\\n File
> \\"/tmp/ansible_expect_payload_vjbqxk/__main__.py\\", line 98, in
> \\n import pexpect\\n", "invocation": {"module_args": {"chdir":
> "/opt/tibco//SIT/install", "responses": {"(.*)Do you accept this license
> (.*)": "yes", "(.*)Extract files to which directory (.*)":
> "/opt/tibco/SIT/streambase/sb-cep/10.3"}, "removes": null, "echo": true,
> "creates": null, "command": "./TIB_sb-cep_10.3.0_linux_x86_64.archive-bin",
> "timeout": 30}}}\r\n', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.7, OpenSSL 1.0.2g 1
> Mar 2016\r\ndebug1: Reading configuration data
> /opt/jenkins/.ssh/config\r\ndebug1: /opt/jenkins/.ssh/config line 1:
> Applying options for *\r\ndebug1: Reading configuration data
> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying
> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3
> setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version
> 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
> remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3:
> mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
> done pid = 8282\r\ndebug3: mux_client_request_session: session request
> sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3:
> mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received
> exit status from master 1
>
> we have also added pexpect python module, but issue still the same .
>
> Kindly guide us and your help is appreciate .
>
> Regards,
> Deepak
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/74360946-3b87-4ce2-b769-65218514d946%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUU_rWNcLffhpkZLJXXK0Gr1xeGQempHCqoZZMgfmMQ1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to detect AWS instance type

[Pshem Kowalczyk]

Hi,

Depending what you're after, something like this to figure out the instance
type:

- name: determine if we're on a nitro hypervisor
set_fact:
on_nitro: "{{ ansible_ec2_instance_type.startswith('t3') or
ansible_ec2_instance_type.startswith('c5') or
ansible_ec2_instance_type.startswith('m5') or
ansible_ec2_instance_type.startswith('r5') }}"

and then use a condition like:

when: on_nitro

to do the nvme-specific initialisation.

If you want to extract the actual volume id the way to go is to use
something like this:
VOL=$(nvme id-ctrl {{ disk.path }} | grep sn | awk '{print $3}'); echo
"${VOL/vol/vol-}"

where disk path is something like /dev/nvme1n1, that gives you volume id.
If you want the original letters you might have to parse it out of:

nvme id-ctrl /dev/nvme1n1 -v

more details here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html

kind regards
Pshem


On Tue, 26 Feb 2019 at 17:57, Frank Dias  wrote:

> I have an old playbook that will add an addition volume and it works fine
> on t2 instances. With the move to t3 instances we also now have nvme based
> ebs.
>
> The play book uses lvm to setup the second volume we add the volume as
> xvdf so /dev/xvdf.
> Now on t3 instances when we add the volume as xvdf the volume now shows up
> as /dev/nvme1n1.
>
> Has anyone figured out a playbook to handle both situations?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/92c7d8a0-ad32-4120-a9b5-3a3bf0f7c438%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUTSm6%3D1YOyVS1xw1z9tZs%3Dx%3Dojaf%3DXR4OvK6_rup0Nrg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Running as inexistent non-root user in Docker container

[Pshem Kowalczyk]

Hi,

Why not simply create a dedicated ansible user inside the container?

kind regards
Pshem


On Tue, 12 Feb 2019 at 05:08, Luca Pireddu  wrote:

> Hello,
>
> I'm wondering if anyone can help me run ansible as an inexistent user in a
> docker container.
>
> I'm trying to build a docker container image that runs ansible as a
> non-root user.  It therefore runs the ansible process with the UID and GID
> of the user who launched the container.  This user doesn't exist within the
> container image, but permissions and temporary spaces are configured so
> that ansible has a place to write temporary files etc.  This specific
> container image I'm working on runs kubespray to deploy kubernetes on a set
> of nodes.
>
> I'm running into a problem since Ansible tries to get the username of the
> running process through the uid.  The first place where it fails is
>
> lib/ansible/playbook/play_context.py:433:new_info.remote_user
> = pwd.getpwuid(os.getuid()).pw_name
>
> This of course doesn't work because the password database doesn't
> container the UID I'm using.  Patching this line exposes other places where
> the code is written assuming that an account exists for the process'
> current UID.
>
> Does anyone see a solution to this problem?  I don't think ansible should
> really need a local account to do its thing.  Moreover, it could also use
> `getpass.getuser()`, which is smarter about how it gets the login name (it
> also checks the relevant environment variables).
>
> Thanks in advance,
>
> Luca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/49bccafb-df57-49a5-a153-4286b4258d51%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWyuqrhXmTyG9t-b%3Dv%2BgZH7xmyOdJfHVvTXKKA7vX6f3g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Boot signal from a remote Pi

[Pshem Kowalczyk]

Hi,

One way of doing it would be to use ansible in 'pull' mode in one of the
boot scripts (like rc.local).

kind regards
Pshem


On Sun, 27 Jan 2019 at 03:00, Sergio Fernández 
wrote:

> Hi there!
>
> I would like to know the best way to perform this:
>
> I will be using the Vault (from Hashicorp) to store API keys for my app,
> so I will be storing the Vault Token in my Raspberry Pi, inside a tmpfs
> mount, so every time the Raspberry Pi halts, the API token must be renewed
> somehow.
>
> I would like to know how to make this Pi send a signal to Ansible whenever
> it boots up, in order for Ansible to run a Playbook. This Playbook will
> assign another Vault Token to this recently-booted up Pi.
>
> I don't want Ansible to be checking every minute to the Pi. It's not
> efficient, and I don't want to be messing around.
>
> Thank you very much!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a26c134f-ffa3-4056-81db-3b405c70a565%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXyXEvRa1FjwoeLkMfGR2GmzRW7AFqwU8%2Bk%2B3J%2Bg8kaCQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure.

[Pshem Kowalczyk]

Hi,

This might happen if for some reason ansible was previously run on that
host with root privileges (probably using sudo or su without changing the
home directory). Please make sure that /home/karol/.ansible is in fact
writable by the user 'karol'.

kind regards
Pshem


On Thu, 20 Dec 2018 at 22:23, Karol Ołtarzewski <2004ka...@gmail.com> wrote:

> Good morning I have following question when I want to run Ansible-playbook
> by it:
> sudo ansible-playbook -i hosts playbook.yml -u karol -k --become -K
> I am getting following error:
> fatal: [10.0.2.15]: UNREACHABLE! => {"changed": false, "msg": "Authentication
> or permission failure. In some cases, you may have been able to
> authenticate and did not have permissions on the target directory. Consider
> changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\".
> Failed command was: ( umask 77 && mkdir -p \"` echo
> /home/karol/.ansible/tmp/ansible-tmp-1545340576.76-196881409171208 `\" &&
> echo ansible-tmp-1545340576.76-196881409171208=\"` echo
> /home/karol/.ansible/tmp/ansible-tmp-1545340576.76-196881409171208 `\" ),
> exited with result 1", "unreachable": true}
> I can ssh to 10.0.2.15 without any issue.
> What may be reason of my problem?
> I was following steps from this place:
> https://github.com/openwisp/ansible-openwisp2#ansible-openwisp2
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7e25e0c5-257e-452d-867c-099984a5e9d6%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRX1oYAGULrq9_VOxrgPi2CPUjsYVMxqHmAgnHLJKe33Fw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible and ip6tables

[Pshem Kowalczyk]

Google seems to index not the most recent version of the docs. Here's the
current version:
https://docs.ansible.com/ansible/latest/modules/iptables_module.html

Here's an example:
- iptables:
chain: INPUT
protocol: tcp
destination_port: 8080
jump: ACCEPT
rule_num: 5
ip_version: "ipv6"

kind regards
Pshem




On Mon, 3 Dec 2018 at 09:18, Anurag Bhatia  wrote:

> Just re-read but still can't make out what to use for IPv6.
>
> Can you share a sample playbook? All examples linked on the module page
> are for IPv4.
>
>
>
> Thanks.
>
>
> On Mon, Dec 3, 2018 at 1:39 AM Kai Stian Olstad <
> ansible-project+l...@olstad.com> wrote:
>
>> On Sunday, 2 December 2018 21:02:01 CET Anurag Bhatia wrote:
>> > ---
>> >   - hosts: $IP
>> > tasks:
>> >
>> >   - name: Allow traffic from loopback
>> > ip6tables:
>> >   chain: INPUT
>> >   in_interface: lo
>> >   jump: ACCEPT
>> >   comment: Allow traffic from loopback
>>
>> There is no Ansible module called ip6tables, if you read the
>> documentation you linked in your first post you'll see how to use ipv6.
>>
>>
>> --
>> Kai Stian Olstad
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/3554836.DnIhNyiQZm%40x1
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAJ0%2BaXZ4Uo1WmHHMis6CY2bVt5uB70mBXWT1bL_y1_H%2BnuegpA%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUzCKQ-CwXxrssiXfPWY9PF1PdXgGo4i9cC9Zv1EB4apg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible-pull configuration

[Pshem Kowalczyk]

Hi,

I have never attempted to use ansible in pull mode on anything than the
localhost. I have ran the same playbook on multiple nodes at once but they
were not 'in-sync' - each one of them run tasks independently.

If you need to run something on multiple machines I suggest you 'nest' the
call to a standalone ansible (using command). If you could share your
use-case than perhaps someone can offer a better solution.

kind regards
Pshem


On Wed, 29 Aug 2018 at 17:30 SUMIT SAHAY  wrote:

> Thanks Pshem,
>
> Ansible pull is working for me now, able to run the ansible pull for
> localhost.
>
> I have one query, I want to run the ansible pull for 100nodes and in that
> case I am using below command,
>
> ansible-pull -U repo_url --inventory=hosts -k HelloWorld.yml
>
> But it is not working for multiple nodes for localhost it is working fine.
>
> I want to resolve this issue, could you please help me out on this.
>
> Looking forward for your reply.
>
> Regards
> Sumit Sahay
> 7044112109 <(704)%20411-2109>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXr-7FaM7MUNyN6JiAEV3OiybWXBORLktNuKCgLCsLhBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Timeouts using AWS modules

[Pshem Kowalczyk]

This generally indicates connectivity problems. Are you behind a proxy of
some sort (might be transparent). I have seen those sort of issues in
various corporate environments that used proxies to inspect all traffic.

kind regards
Pshem


On Wed, 29 Aug 2018 at 02:31 Karl Auer  wrote:

> I am getting a LOT of read timeouts working with AWS modules. The
> commonest is with ec2_group, but I've seen it with elb_application_lb and a
> couple of others as well. Sometimes running the playbook again gets past
> it, sometimes not. With biggish playbooks it is getting to be  real problem.
>
> Is this something I can do anything about?
> Regards, K.
>
> Sample (sorry about the formatting):
>
> TASK [sg : Create a security group ADFS-wap-sg protecting WAP instances]
> *
> An exception occurred during task execution. To see the full traceback,
> use -vvv. The error was: ssl.SSLError: ('The read operation timed out',)
> fatal: [localhost]: FAILED! => {"changed": false, "module_stderr":
> "Traceback (most recent call last):\n  File
> \"/tmp/ansible_NEDa9I/ansible_module_ec2_group.py\", line 1021, in
> \nmain()\n  File
> \"/tmp/ansible_NEDa9I/ansible_module_ec2_group.py\", line 890, in main\n
> group, groups = group_exists(client, module, vpc_id, group_id, name)\n
> File \"/tmp/ansible_NEDa9I/ansible_module_ec2_group.py\", line 831, in
> group_exists\nall_groups =
> get_security_groups_with_backoff(client).get('SecurityGroups', [])\n  File
> \"/tmp/ansible_NEDa9I/ansible_modlib.zip/ansible/module_utils/cloud.py\",
> line 153, in retry_func\nssl.SSLError: ('The read operation timed
> out',)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
>
> --
> Karl Auer
>
> Email  : ka...@2pisoftware.com
> Website: http://2pisoftware.com
>
> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08TUciST1HkdLjuDjcKJqMWjcFeLzWFz1O2iZN2AgEhzeQ%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUsSetgxXTq9%2B7GNQOHMwtFror96SXOUgv9cb4qsQLKbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible-pull configuration

[Pshem Kowalczyk]

There are two things here:

1. If you're using SSH the public key of the remote server must be added to
'known_hosts', for example like this:

ssh-keyscan -t rsa github.com | sed "s/^[^ ]* //" >> ~/.ssh/known_hosts

(alternatively you can get ansible to just accept whatever key is offered
with --accept-host-key)

2. Secondly you have to specify the private key associated with the repo
with --private-key

kind regards
Pshem


On Thu, 16 Aug 2018 at 22:36 SUMIT SAHAY  wrote:

> Thanks Pshem for your reply.
>
> ansible-pull -U [git_url] -k playbook.yml --limit localhost
>
> I am using this command to run the ansible pull, while doing this I am
> getting one error, unable to resolve the error.
>
>
> "msg": "Failed to download remote objects and refs:  Host key verification
> failed.\r\nfatal: Could not read from remote repository.\n\nPlease make
> sure you have the correct access rights\nand the repository exists.\n"
>
> Can you please help me out on this
>
>
> Looking forward for your reply
>
>
> Thanks & Regards
> Sumit Sahay
> 07044112109
>
> On Thu, Aug 16, 2018 at 3:56 PM, Pshem Kowalczyk 
> wrote:
>
>> Hi,
>>
>> That's correct, in pull mode ansible modifies and sets things on the
>> machine on which it runs. The easiest way of providing inventory in this
>> case is via command line:
>>
>> -i $(hostname),
>>
>> Please note the comma at the end.
>>
>> kind regards
>> Pshem
>>
>>
>> On Wed, 15 Aug 2018 at 02:55 SUMIT SAHAY 
>> wrote:
>>
>>> Thanks for your reply Jonathan.
>>> localhost : from where we are triggering command.
>>> This is what you want to say?
>>>
>>> Looking forward for your reply.
>>>
>>> Regards
>>> Sumit Sahay
>>> 07044112109
>>>
>>> On Tue, Aug 14, 2018, 7:44 PM Jonathan Lozada De La Matta <
>>> jloza...@redhat.com> wrote:
>>>
>>>> usually ansible-pull its used on localhost and not other hosts. If you
>>>> are trying to do other host then use regular ansible. Ansible-pull is a
>>>> different use case.
>>>>
>>>> On Tue, Aug 14, 2018 at 8:26 AM SUMIT SAHAY 
>>>> wrote:
>>>>
>>>>> Thanks Jonathan, for your reply.
>>>>>
>>>>> No, I am not using localhost, I want to run my playbook on ubuntu host
>>>>> which I set up in my host file, and the host file is located in
>>>>> /home/test/sumit/
>>>>>
>>>>> How to run this so that it will pick up the host and execute on ubuntu
>>>>> remote host.
>>>>>
>>>>> Looking forward for your reply.
>>>>>
>>>>> Thanks & Regards
>>>>> Sumit Sahay
>>>>> 7044112109 <(704)%20411-2109>
>>>>>
>>>>>
>>>>> On Tue, Aug 14, 2018 at 5:17 PM, Jonathan Lozada De La Matta <
>>>>> jloza...@redhat.com> wrote:
>>>>>
>>>>>> what hosts are on your playbook? is it localhost?
>>>>>>
>>>>>> On Tue, Aug 14, 2018 at 3:07 AM SUMIT SAHAY 
>>>>>> wrote:
>>>>>>
>>>>>>> Thanks Balz, for your reply.
>>>>>>>
>>>>>>> Could you help me with the command for ansible pull, I installed git
>>>>>>> and repository and I committed the ansible playbook there now I want to 
>>>>>>> run
>>>>>>> this from my localhost server following command I am using but getting
>>>>>>> error,
>>>>>>>
>>>>>>> ansible-pull -U https://repourl.com/git/user_name/git_location -k
>>>>>>> -i /home/test/hosts playbook.yml
>>>>>>>
>>>>>>> getting error saying skipping the hosts.
>>>>>>>
>>>>>>> Could you please navigate me to the correct command.
>>>>>>>
>>>>>>> Looking forward for your reply.
>>>>>>>
>>>>>>> Regards
>>>>>>> Sumit Sahay
>>>>>>> 7044112109 <(704)%20411-2109>
>>>>>>>
>>>>>>> On Wednesday, 8 August 2018 22:43:53 UTC+5:30, balz.as...@unibas.ch
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Sumit
>>>>>>>>
>>>>>>>> We

Re: [ansible-project] Re: ansible-pull configuration

[Pshem Kowalczyk]

Hi,

That's correct, in pull mode ansible modifies and sets things on the
machine on which it runs. The easiest way of providing inventory in this
case is via command line:

-i $(hostname),

Please note the comma at the end.

kind regards
Pshem


On Wed, 15 Aug 2018 at 02:55 SUMIT SAHAY  wrote:

> Thanks for your reply Jonathan.
> localhost : from where we are triggering command.
> This is what you want to say?
>
> Looking forward for your reply.
>
> Regards
> Sumit Sahay
> 07044112109
>
> On Tue, Aug 14, 2018, 7:44 PM Jonathan Lozada De La Matta <
> jloza...@redhat.com> wrote:
>
>> usually ansible-pull its used on localhost and not other hosts. If you
>> are trying to do other host then use regular ansible. Ansible-pull is a
>> different use case.
>>
>> On Tue, Aug 14, 2018 at 8:26 AM SUMIT SAHAY 
>> wrote:
>>
>>> Thanks Jonathan, for your reply.
>>>
>>> No, I am not using localhost, I want to run my playbook on ubuntu host
>>> which I set up in my host file, and the host file is located in
>>> /home/test/sumit/
>>>
>>> How to run this so that it will pick up the host and execute on ubuntu
>>> remote host.
>>>
>>> Looking forward for your reply.
>>>
>>> Thanks & Regards
>>> Sumit Sahay
>>> 7044112109 <(704)%20411-2109>
>>>
>>>
>>> On Tue, Aug 14, 2018 at 5:17 PM, Jonathan Lozada De La Matta <
>>> jloza...@redhat.com> wrote:
>>>
 what hosts are on your playbook? is it localhost?

 On Tue, Aug 14, 2018 at 3:07 AM SUMIT SAHAY 
 wrote:

> Thanks Balz, for your reply.
>
> Could you help me with the command for ansible pull, I installed git
> and repository and I committed the ansible playbook there now I want to 
> run
> this from my localhost server following command I am using but getting
> error,
>
> ansible-pull -U https://repourl.com/git/user_name/git_location -k -i
> /home/test/hosts playbook.yml
>
> getting error saying skipping the hosts.
>
> Could you please navigate me to the correct command.
>
> Looking forward for your reply.
>
> Regards
> Sumit Sahay
> 7044112109 <(704)%20411-2109>
>
> On Wednesday, 8 August 2018 22:43:53 UTC+5:30, balz.as...@unibas.ch
> wrote:
>>
>> Hi Sumit
>>
>> We're using a wrapper around ansible-pull. We use it mainly for
>> clients but we've a step-by-step guide you might find helpful:
>> https://github.com/ANTS-Framework/ants
>>
>> Regards
>> Balz
>>
>> Am Mittwoch, 8. August 2018 08:03:45 UTC+2 schrieb SUMIT SAHAY:
>>>
>>>
>>> Hi All,
>>>
>>> I am trying to setup the ansible pull based on my vm server.
>>>
>>> Is there any step-wise documentation for this?
>>>
>>>
>>> Regards
>>> Sumit Sahay
>>> 7044112109 <(704)%20411-2109>
>>>
>>
>>> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ceb0cea7-7919-45f0-8288-e7ac8341cb57%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
 --

 Jonathan lozada de la matta

 AUTOMATION CONSULTANT - AUTOMATION PRACTICE

 Red Hat Consulting Services 

 jloza...@redhat.com




 --
 You received this message because you are subscribed to a topic in the
 Google Groups "Ansible Project" group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/ansible-project/W9jYFiNta_A/unsubscribe
 .
 To unsubscribe from this group and all its topics, send an email to
 ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BLARn5QZ8L8SqNO%2BSE-iDO16AnfMEcFcqqnrx%2Be6r4WRQ%40mail.gmail.com
 
 .

 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Sumit Sahay
>>> 9353031613
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansi

Re: [ansible-project] ansible-pull configuration

[Pshem Kowalczyk]

Hi,

Ansible in pull mode is basically the same as regular ansible-playbook. The
only difference is that you have to supply a repo URL from which the
playbook and the roles are to be downloaded. The same directory structure
works with both modes.

If you're using ansible-pull to hydrate (bootstrap) the vm take the
following things into consideration:
1. If you're using git with ssh keys - you have to pre-populate
.ssh/known_hosts with the public ssh key of the git server
2. Generally - there's not going to be an inventory, so consider using -i
$(hostname),  (note the colon at the end) and specifying hosts: all in your
playbook.

kind regards
Pshem


On Wed, 8 Aug 2018 at 18:04 SUMIT SAHAY  wrote:

>
> Hi All,
>
> I am trying to setup the ansible pull based on my vm server.
>
> Is there any step-wise documentation for this?
>
>
> Regards
> Sumit Sahay
> 7044112109 <(704)%20411-2109>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5d14e984-eea4-4ae4-8a3d-432497a2851c%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXkTbXjzO0nkuHifpFXmYsq%2BWcnqx-%3DQQAg24pMsO%2BzvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Speeding up very large playbooks

[Pshem Kowalczyk]

Thank you for the all the responses so far.

I had a look at mitogen, but in our setup almost all modules are run on the
controller (templates, lookups etc), in fact we hardly use SSH at all (as
targets are usually set up using XML-RPC or REST APIs), so I'm not sure how
much it's going to help here. I'll run some evaluations later today.

I also looked at running multiple instances of ansible-playbook (for
example one per target device).  The biggest challenge is that for us - if
the deployment fails on one device - we have to stop deployment on all
others and roll them back (using a separate role). We're deploying
configuration (for example for a L3VPN) across a number of devices. If the
deployment fails on one of them - we have roll back the lot. That's
relatively easy to do with only ansible-playbook running, but I couldn't
make this work reliably with multiple ones. That's also the reason 'async'
is not going to work for us.

I think for now we'll have to optimise the playbooks further. It looks like
the following areas take the most time:
- include_* statements
- single template operations (so consolidate the templates, for now a
single device config can come from many templates that first get populated,
then consolidated)
- loops - reduce the number, particularly with include inside them

Any further suggestions are appreciated.

kind regards
Pshem




On Wed, 8 Aug 2018 at 03:26 Andrew Latham  wrote:

> Just in the case you have not found this resource try
> https://docs.ansible.com/ansible/2.5/user_guide/playbooks_async.html
>
> On Mon, Aug 6, 2018 at 6:46 PM Pshem Kowalczyk  wrote:
>
>> Hi,
>>
>> We have a scenario where we pre-generate a lot of configuration on the
>> controller host (targets are generally network devices, so not capable of
>> running python).
>> Typical generation process involves pulling data from a number odelef
>> different systems (over APIs), running some local modules - mostly
>> 'template'. A typical run for a single devices can have up to 500-700
>> tasks.
>>
>> A single device can be done under 5 minutes in most cases (including
>> deployment). All the generation already runs with "strategy: free". Once we
>> go to bigger deployments - 10-15 devices the time that's need gets
>> significantly longer (40-50 minutes is not unusual). We tried throwing CPUs
>> at the problem, but it looks like only one-two CPUs get ever to 100% whilst
>> the rest of them seems to be near-idle (regardless of "fork" values).
>> There's plenty of RAM too (utilisation hardly ever goes over 3-4GB).
>>
>> Is there a way for Ansible to utilise all the CPUs? I realise this might
>> not be a typical case, but we're looking now at deployments that have 30-40
>> devices and waiting 3h for completion is not something we'd want to see.
>>
>> kind regards
>> Pshem
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAEaZiRV1pLwu-F-%3D4uzx6_zOy78HaXP-XC2G634c1s66t2x3rw%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAEaZiRV1pLwu-F-%3D4uzx6_zOy78HaXP-XC2G634c1s66t2x3rw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>
>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
> - Andrew "lathama" Latham -
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S8SuZMSuNbrM9EvsY%2B4e-hZL3OOg64OsoDCKaumhsXvWw%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S8SuZMSuNbrM9EvsY%2B4e-hZL3OOg64OsoDCKaumhsXvWw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXV5BFYe1y0vJ3m6ZZMhp%2BO-GVSFYeHxgiZdnYMdRL84g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Speeding up very large playbooks

[Pshem Kowalczyk]

Hi,

We have a scenario where we pre-generate a lot of configuration on the
controller host (targets are generally network devices, so not capable of
running python).
Typical generation process involves pulling data from a number odelef
different systems (over APIs), running some local modules - mostly
'template'. A typical run for a single devices can have up to 500-700
tasks.

A single device can be done under 5 minutes in most cases (including
deployment). All the generation already runs with "strategy: free". Once we
go to bigger deployments - 10-15 devices the time that's need gets
significantly longer (40-50 minutes is not unusual). We tried throwing CPUs
at the problem, but it looks like only one-two CPUs get ever to 100% whilst
the rest of them seems to be near-idle (regardless of "fork" values).
There's plenty of RAM too (utilisation hardly ever goes over 3-4GB).

Is there a way for Ansible to utilise all the CPUs? I realise this might
not be a typical case, but we're looking now at deployments that have 30-40
devices and waiting 3h for completion is not something we'd want to see.

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRV1pLwu-F-%3D4uzx6_zOy78HaXP-XC2G634c1s66t2x3rw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] can we encrypt a string (password) using ansible vault.

[Pshem Kowalczyk]

Hi,

Have a look here:
https://docs.ansible.com/ansible/latest/user_guide/vault.html#use-encrypt-string-to-create-encrypted-variables-to-embed-in-yaml

kind regards
Pshem


On Mon, 6 Aug 2018 at 16:02 coach rhca  wrote:

> Hi,
>
> can we encrypt a string (password) using ansible vault. I have a file
> which contains the usernames and  passwords.
> Could we encrypt the username and password inside the file rather then
> encrypting the file with ansible-vault encrypt. if yes, then how do we go
> about calling those encrypted users and passwords in the playbook.
> Please suggest. Thank you.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/00146b28-5a46-4c7d-85f4-11dc4530c2ce%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUu3UEP9-pu6X9%3DuHVeY7N_gXM_fS32%2BDJA62__NQCGqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Convert an XML to JSON using ansible

[Pshem Kowalczyk]

Hi,

THe quickest way is to create your own filter:

1. Create a 'filter_plugins' directory (in the same directory as you
playbook or roles).
2. Create a xml2json.py file in that directory with the following content:

## cut below

class FilterModule(object):

def filters(self):
return {
'xml2json': self.xml2json,
}

def xml2json(self, value):
import xmltodict, json
return json.dumps(xmltodict.parse(value))

# cut above

Once its there - you can call the filter:

set_fact:
 content_json: "{{ content_xml | xml2json }}"

You can obviously also call this 'in place' as any other filter.

kind regards
Pshem


On Tue, 8 May 2018 at 23:44 Madushan Chathuranga 
wrote:

> Hi,
>
> Is there a filter or any work around to convert an XML to JSON using
> ansible?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4d2a1316-e4bb-4447-b84a-4df5a518d30f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW%2B1SQDaPXG%3DR4EQqf-qZ%3DU_nk%2BLkMO_GpC%2BvpDVy3xPw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible in High Availability

[Pshem Kowalczyk]

There is nothing about pure ansible HA because ansible is effectively
stateless. You can run the same playbooks on another machine (or multiple
machines at once) with no problem as long as ansible is installed there. My
only suggestion is to use some sort of version management (like git) to
store the playbooks and the roles so it can be easily downloaded to another
machine if needs be.

kind regards
Pshem


On Sun, 15 Apr 2018 at 19:30 Tom K.  wrote:

> Hey All,
>
> Trying to understand how to setup Ansible in High Availability.  I know
> AWX (Tower) can be setup and there's plenty of docs out there but being a
> relative Novice to Ansible, I'm not able to find much on setting up *only*
> Ansible in HA.
>
> Could anyone point me to some online material I could jump start off of?
>
> Cheers,
> TK
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0c0d0e22-b3fb-41e9-a914-994bf6e2d245%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUubYuOi4ACW66C3eRP%2B4DA8YbHw1KyV2SR4Ac25rWhYA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ImportError: No module named ansible.constants

[Pshem Kowalczyk]

If you're not using pip or other package manger you have to setup your
paths:

http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#tarballs-of-tagged-releases

source ./hacking/env-setup

kind regards
Pshem

On Fri, 30 Mar 2018 at 11:18 John Wick  wrote:

> Un-tar ansible from http://releases.ansible.com/ansible/
>
> when typeing ansible -version from terminal got the below error
>
>
> line 40, in 
>
> import ansible.constants as C
>
> ImportError: No module named ansible.constants
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bbd9fd00-b623-48f2-a81d-886ae5be344e%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUKnCAoH_PXyC7dR5vfmRjS87Z-G0VNYsvrTLwjvnFXGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible dynamic looping

[Pshem Kowalczyk]

Hi,

If you use the dynamic inventory script (ec2.py) you can use tags to
dynamically create groups. Have a look here:
https://aws.amazon.com/blogs/apn/getting-started-with-ansible-and-dynamic-amazon-ec2-inventory-management/


kind regards
Pshem


On Fri, 2 Feb 2018 at 18:39 Andrew Morgan  wrote:

> Thanks for your reply, but the issue with that is , the servers in aws get
> removed and created again each build( every 1hr) , so I would need a way to
> get the servers dynamically.Is there anyway to do that? i want to
> dynamically have a list, not create a list of servers in inventory.
>
>
> On Thursday, 1 February 2018 21:08:51 UTC-5, Pshem Kowalczyk wrote:
>
>> with_items requires a list to iterate over. I think one way of achieving
>> your outcome is to create a group in the inventory and populate it with the
>> hosts and run the playbook against that group.
>>
>> kind regards
>> Pshem
>>
> On Fri, 2 Feb 2018 at 13:02 Andrew Morgan 
>> wrote:
>>
> Hello all,
>>>
>>> I have a play I want to run wich deletes all hosts matching a certain
>>> criteria:
>>>
>>> tasks:
>>>   - name: Delete unavailable nodes
>>> zabbix_host:
>>>  server_url: http://zabbix.aa.net/zabbix
>>>  login_user: Admin
>>>  login_password: aq!
>>>  host_groups: Discovered hosts
>>>  status: disabled
>>>  state: absent
>>>  host_name: "{{ item }}"
>>> with_items:
>>>  - ip-10-1-*-*.us-west-2.compute.internal
>>>
>>>
>>>
>>> The above doesnt work, but if I list out the items
>>> with_items:
>>>  - ip-10-1-65-27.us-west-2.compute.internal
>>>  - ip-10-1-65-28.us-west-2.compute.internal
>>>  - ip-10-1-65-37.us-west-2.compute.internal
>>>
>>> then it works, but I want it to be dynamic and find all ips matching
>>>- ip-10-1-*-*.us-west-2.compute.internal
>>>
>>> any help please?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>
>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/dcd118b2-775b-44d3-baf5-713b9b0918be%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/dcd118b2-775b-44d3-baf5-713b9b0918be%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/698ae457-a362-4f57-a384-13f932a6f654%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/698ae457-a362-4f57-a384-13f932a6f654%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXs6e3qLAZ0TyNO2YHr27OwPEu5pqMW4L9PW_Xgve8MOQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible dynamic looping

[Pshem Kowalczyk]

with_items requires a list to iterate over. I think one way of achieving
your outcome is to create a group in the inventory and populate it with the
hosts and run the playbook against that group.

kind regards
Pshem


On Fri, 2 Feb 2018 at 13:02 Andrew Morgan  wrote:

> Hello all,
>
> I have a play I want to run wich deletes all hosts matching a certain
> criteria:
>
> tasks:
>   - name: Delete unavailable nodes
> zabbix_host:
>  server_url: http://zabbix.aa.net/zabbix
>  login_user: Admin
>  login_password: aq!
>  host_groups: Discovered hosts
>  status: disabled
>  state: absent
>  host_name: "{{ item }}"
> with_items:
>  - ip-10-1-*-*.us-west-2.compute.internal
>
>
>
> The above doesnt work, but if I list out the items
> with_items:
>  - ip-10-1-65-27.us-west-2.compute.internal
>  - ip-10-1-65-28.us-west-2.compute.internal
>  - ip-10-1-65-37.us-west-2.compute.internal
>
> then it works, but I want it to be dynamic and find all ips matching
> - ip-10-1-*-*.us-west-2.compute.internal
>
> any help please?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/dcd118b2-775b-44d3-baf5-713b9b0918be%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUGYVzhBwe2bPDiZNmjOpka%3DhKon-agR5YMYC4zbiFX-A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible - AWS - Security Group

[Pshem Kowalczyk]

Hi,

Looking at your debug it's some sort of authentication issue with AWS:

boto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized

This might mean that the keys are not correct or the user that the keys are
associated with doesn't have the permission to carry out the operation.

kind regards
Pshem


On Fri, 19 Jan 2018 at 19:09 Reddy Myyb  wrote:

> Hi Pshem,
> Please find below the latest error details.
>
> An exception occurred during task execution. To see the full traceback,
> use -vvv. The error was: ClientError: An error occurred (AuthFailure) when
> calling the DescribeSecurityGroups operation: Credential must have exactly
> 5 slash-delimited elements, e.g. keyid/date/region/service/term, got
> 'Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,'
> fatal: [localhost]: FAILED! => {"changed": false, "error": {"code":
> "AuthFailure", "message": "Credential must have exactly 5 slash-delimited
> elements, e.g. keyid/date/region/service/term, got
> 'Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,'"},
> "msg": "Error in describe_security_groups: An error occurred (AuthFailure)
> when calling the DescribeSecurityGroups operation: Credential must have
> exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term,
> got
> 'Dt4q191m7+gPbrnkQfEZT9QUoIWDVyq0ous/TS76/20180119/ap-southeast-2/ec2/aws4_request,'",
> "response_metadata": {"http_headers": {"date": "Fri, 19 Jan 2018 06:06:24
> GMT", "server": "AmazonEC2", "transfer-encoding": "chunked"},
> "http_status_code": 401, "request_id":
> "096c5f20-ff34-4c4f-b5ff-7e5216ec727d", "retry_attempts": 0}}
>
>
> Regards,
> Reddy
>
> On Sunday, 14 January 2018 19:12:50 UTC+11, Pshem Kowalczyk wrote:
>
>> This looks like a definition of a role, not a play. If you want this to
>> be a play you have to turn this into the 'tasks' section of the yaml file
>> and specify at least hosts you want this ran against.
>>
>> kind regards
>> Pshem
>>
>>
>> On Sun, 14 Jan 2018 at 19:17 Reddy Myyb  wrote:
>>
> The script to create aws security group is not working anymore. I have
>>> ansible 2.3.1.0, my script as below.
>>>
>>> - name: Bstar ec2 group
>>>   ec2_group:
>>> name: bright_star
>>> description: an example EC2 group
>>> vpc_id: vpc-1ab4e
>>> region: ap-southeast-2a
>>> aws_secret_key: SKEY
>>> aws_access_key: AKEY
>>> rules:
>>>   - proto: tcp
>>> from_port: 80
>>> to_port: 80
>>> cidr_ip: 0.0.0.0/0
>>>   - proto: tcp
>>> from_port: 22
>>> to_port: 22
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: tcp
>>> from_port: 443
>>> to_port: 443
>>> group_id: amazon-elb/sg-87654321/amazon-elb-sg
>>>   - proto: tcp
>>> from_port: 3306
>>> to_port: 3306
>>> group_id: 123412341234/sg-87654321/exact-name-of-sg
>>>   - proto: udp
>>> from_port: 10050
>>> to_port: 10050
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: udp
>>> from_port: 10051
>>> to_port: 10051
>>> group_id: sg-12345678
>>>   - proto: icmp
>>> from_port: 8 # icmp type, -1 = any type
>>> to_port:  -1 # icmp subtype, -1 = any subtype
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: all
>>> # the containing group name may be specified here
>>> group_name: Bstar_SecurityGroups
>>> rules_egress:
>>>   - proto: tcp
>>> from_port: 80
>>> to_port: 80
>>> cidr_ip: 0.0.0.0/0
>>> cidr_ipv6: 64:ff9b::/96
>>> group_name: example-other
>>> # description to use if example-other needs to be created
>>> group_desc: other example EC2 group
>>>
>>> Please provide the correct module for security group.
>>>
>>> Below is the error message:
>>>
>>> ERROR! 'ec2_group' is not a valid attribute for a Play
>>>
>>> The error appears to have been in '/home/devopsadmin/dev/security.yml':
>>> line 1, column 3, but may
>>> be elsewhe

Re: [ansible-project] Ansible - AWS - Security Group

[Pshem Kowalczyk]

Hi,

Firstly - please regenerate access keys used for that account, as now the
whole internet can access your account.

Secondly - can you run the playbook with -vv to see what's actually going
on.

kind regards
Pshem


On Wed, 17 Jan 2018 at 14:08 Reddy Myyb  wrote:

> Hi Pshem,
> Please  find below the content of my playbook.
>
> ---
>  - hosts: localhost
>become: yes
>become_method: sudo
>vars_files:
>   - ec2-vars/sam.yml
>roles:
>   - { role: security }
>
> Below is my role.
>
> - name: Bstar ec2 group
> - ec2_group:
> name: bright_pedda
> description: an example EC2 group
> vpc_id: vpc-1ab4277e
> region: ap-southeast-2a
> aws_secret_key: AKIAJ2H25HM333T2WEIQ
> aws_access_key: 30uio86RAQssiOUUAGFpTcQ4UOEHvWlPTAJ++pA8
> rules:
>   - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: 0.0.0.0/0
>   - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: 10.0.0.0/8
>   - proto: tcp
> from_port: 443
> to_port: 443
> group_id: amazon-elb/sg-87654321/amazon-elb-sg
>   - proto: tcp
> from_port: 3306
> to_port: 3306
> group_id: 123412341234/sg-87654321/exact-name-of-sg
>   - proto: udp
> from_port: 10050
> to_port: 10050
> cidr_ip: 10.0.0.0/8
>   - proto: udp
> from_port: 10051
> to_port: 10051
> group_id: sg-12345678
>   - proto: icmp
> from_port: 8 # icmp type, -1 = any type
> to_port:  -1 # icmp subtype, -1 = any subtype
> cidr_ip: 10.0.0.0/8
>   - proto: all
> # the containing group name may be specified here
> group_name: Bstar_SecurityGroups
> rules_egress:
>   - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: 0.0.0.0/0
> cidr_ipv6: 64:ff9b::/96
> group_name: example-other
> # description to use if example-other needs to be created
> group_desc: other example EC2 group
>
> Regards,
> Reddy
>
> On Wednesday, 17 January 2018 06:56:00 UTC+11, Pshem Kowalczyk wrote:
>
>> It seems like you have any tasks in your playbook. Could you show the
>> content of the playbook?
>>
>> kind regards
>> Pshem
>>
>>
>> On Tue, 16 Jan 2018 at 16:58 Reddy Myyb  wrote:
>>
> Hi Pshem,
>>> I have made it as a task and able to run. The play runs successfully,
>>> but I can't see the security group in my aws console. The out put says
>>> changed=0. I'm running teh play frm one VPC and the creation is on other
>>> VPC. My output below. PLease let me know if there's anything I need to
>>> change.
>>>
>>> PLAY [localhost]
>>> *
>>>
>>> TASK [Gathering Facts]
>>> ***
>>> ok: [localhost]
>>>
>>> PLAY RECAP
>>> ***
>>> localhost  : ok=1changed=0unreachable=0
>>> failed=0
>>>
>>> Regards,
>>> Reddy
>>>
>>> On Sunday, 14 January 2018 19:12:50 UTC+11, Pshem Kowalczyk wrote:
>>>
>>>> This looks like a definition of a role, not a play. If you want this to
>>>> be a play you have to turn this into the 'tasks' section of the yaml file
>>>> and specify at least hosts you want this ran against.
>>>>
>>>> kind regards
>>>> Pshem
>>>>
>>>>
>>>> On Sun, 14 Jan 2018 at 19:17 Reddy Myyb  wrote:
>>>>
>>> The script to create aws security group is not working anymore. I have
>>>>> ansible 2.3.1.0, my script as below.
>>>>>
>>>>> - name: Bstar ec2 group
>>>>>   ec2_group:
>>>>> name: bright_star
>>>>> description: an example EC2 group
>>>>> vpc_id: vpc-1ab4e
>>>>> region: ap-southeast-2a
>>>>> aws_secret_key: SKEY
>>>>> aws_access_key: AKEY
>>>>> rules:
>>>>>   - proto: tcp
>>>>> from_port: 80
>>>>> to_port: 80
>>>>> cidr_ip: 0.0.0.0/0
>>>>>   - proto: tcp
>>>

Re: [ansible-project] jenkins ansible template

[Pshem Kowalczyk]

I just realised you have in fact two loops in there - one in the task
(with_items) and one in the template (for). I think the easiest way is to
drop the with_items and use the one inside the template:

{% for item in sudoers.split(',' %}


kind regards
Pshem


On Wed, 17 Jan 2018 at 12:32 Sudhir Kumar  wrote:

> Thanks Pshem but i am still getting same result.
>
> Regards,
> Sudhir
>
>
> On Wednesday, January 17, 2018 at 12:15:59 AM UTC+1, Pshem Kowalczyk wrote:
>
>> Your 'sudoer' is a string, you want the with_items to iterate over a
>> list. Try this:
>>
>> with_items: "{{ sudoers.split(',') }}"
>>
>> kind regards
>> Pshem
>>
>>
>> On Wed, 17 Jan 2018 at 12:00 Sudhir Kumar  wrote:
>>
> Hi,
>>>
>>> i am trying to add multiple sudoers line with template.
>>>
>>> so, i am passing sudoers=abc,def within jenkins and use -e (extended
>>> vars) while running playbook
>>>
>>> in template:
>>>
>>> {% for item in sudoers %}
>>> {{ item }} ALL=(ALL) NOPASSWD:ALL
>>> {% endfor %}
>>>
>>> yml files looks like :
>>>
>>> - name:  sudoers file
>>> template:
>>>   src: /templates/app.j2
>>>   dest: /etc/sudoers.d/app
>>>   owner: root
>>>   group: root
>>>   mode: 0440
>>> with_items: '{{ sudoers }}'
>>>
>>> Out put is :
>>>
>>> a ALL=(ALL) NOPASSWD:ALL
>>> b ALL=(ALL) NOPASSWD:ALL
>>> c ALL=(ALL) NOPASSWD:ALL
>>> , ALL=(ALL) NOPASSWD:ALL
>>> d ALL=(ALL) NOPASSWD:ALL
>>> e ALL=(ALL) NOPASSWD:ALL
>>> f ALL=(ALL) NOPASSWD:ALL
>>>
>>> i was expecting :
>>> abc (ALL) NOPASSWD:ALL
>>> def (ALL) NOPASSWD:ALL
>>>
>>> any ideas ?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>
>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/b3575963-92e4-4c17-b2e1-0ff57558e2af%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/b3575963-92e4-4c17-b2e1-0ff57558e2af%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b803c524-0603-4342-aca5-d38073a69bb6%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/b803c524-0603-4342-aca5-d38073a69bb6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWtEUz33WURsA04QWcD%3D-Qt9bp62T6hq7SqcTKVyQ%2BByg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] jenkins ansible template

[Pshem Kowalczyk]

Your 'sudoer' is a string, you want the with_items to iterate over a list.
Try this:

with_items: "{{ sudoers.split(',') }}"

kind regards
Pshem


On Wed, 17 Jan 2018 at 12:00 Sudhir Kumar  wrote:

> Hi,
>
> i am trying to add multiple sudoers line with template.
>
> so, i am passing sudoers=abc,def within jenkins and use -e (extended vars)
> while running playbook
>
> in template:
>
> {% for item in sudoers %}
> {{ item }} ALL=(ALL) NOPASSWD:ALL
> {% endfor %}
>
> yml files looks like :
>
> - name:  sudoers file
> template:
>   src: /templates/app.j2
>   dest: /etc/sudoers.d/app
>   owner: root
>   group: root
>   mode: 0440
> with_items: '{{ sudoers }}'
>
> Out put is :
>
> a ALL=(ALL) NOPASSWD:ALL
> b ALL=(ALL) NOPASSWD:ALL
> c ALL=(ALL) NOPASSWD:ALL
> , ALL=(ALL) NOPASSWD:ALL
> d ALL=(ALL) NOPASSWD:ALL
> e ALL=(ALL) NOPASSWD:ALL
> f ALL=(ALL) NOPASSWD:ALL
>
> i was expecting :
> abc (ALL) NOPASSWD:ALL
> def (ALL) NOPASSWD:ALL
>
> any ideas ?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b3575963-92e4-4c17-b2e1-0ff57558e2af%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUa8xqrYckwy%3Db183p1WkmDgs%3D9mPs6KmsHM%3D0GbM7kSw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible - AWS - Security Group

[Pshem Kowalczyk]

It seems like you have any tasks in your playbook. Could you show the
content of the playbook?

kind regards
Pshem


On Tue, 16 Jan 2018 at 16:58 Reddy Myyb  wrote:

> Hi Pshem,
> I have made it as a task and able to run. The play runs successfully, but
> I can't see the security group in my aws console. The out put says
> changed=0. I'm running teh play frm one VPC and the creation is on other
> VPC. My output below. PLease let me know if there's anything I need to
> change.
>
> PLAY [localhost]
> *
>
> TASK [Gathering Facts]
> ***
> ok: [localhost]
>
> PLAY RECAP
> ***
> localhost  : ok=1changed=0unreachable=0failed=0
>
> Regards,
> Reddy
>
> On Sunday, 14 January 2018 19:12:50 UTC+11, Pshem Kowalczyk wrote:
>
>> This looks like a definition of a role, not a play. If you want this to
>> be a play you have to turn this into the 'tasks' section of the yaml file
>> and specify at least hosts you want this ran against.
>>
>> kind regards
>> Pshem
>>
>>
>> On Sun, 14 Jan 2018 at 19:17 Reddy Myyb  wrote:
>>
> The script to create aws security group is not working anymore. I have
>>> ansible 2.3.1.0, my script as below.
>>>
>>> - name: Bstar ec2 group
>>>   ec2_group:
>>> name: bright_star
>>> description: an example EC2 group
>>> vpc_id: vpc-1ab4e
>>> region: ap-southeast-2a
>>> aws_secret_key: SKEY
>>> aws_access_key: AKEY
>>> rules:
>>>   - proto: tcp
>>> from_port: 80
>>> to_port: 80
>>> cidr_ip: 0.0.0.0/0
>>>   - proto: tcp
>>> from_port: 22
>>> to_port: 22
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: tcp
>>> from_port: 443
>>> to_port: 443
>>> group_id: amazon-elb/sg-87654321/amazon-elb-sg
>>>   - proto: tcp
>>> from_port: 3306
>>> to_port: 3306
>>> group_id: 123412341234/sg-87654321/exact-name-of-sg
>>>   - proto: udp
>>> from_port: 10050
>>> to_port: 10050
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: udp
>>> from_port: 10051
>>> to_port: 10051
>>> group_id: sg-12345678
>>>   - proto: icmp
>>> from_port: 8 # icmp type, -1 = any type
>>> to_port:  -1 # icmp subtype, -1 = any subtype
>>> cidr_ip: 10.0.0.0/8
>>>   - proto: all
>>> # the containing group name may be specified here
>>> group_name: Bstar_SecurityGroups
>>> rules_egress:
>>>   - proto: tcp
>>> from_port: 80
>>> to_port: 80
>>> cidr_ip: 0.0.0.0/0
>>> cidr_ipv6: 64:ff9b::/96
>>> group_name: example-other
>>> # description to use if example-other needs to be created
>>> group_desc: other example EC2 group
>>>
>>> Please provide the correct module for security group.
>>>
>>> Below is the error message:
>>>
>>> ERROR! 'ec2_group' is not a valid attribute for a Play
>>>
>>> The error appears to have been in '/home/devopsadmin/dev/security.yml':
>>> line 1, column 3, but may
>>> be elsewhere in the file depending on the exact syntax problem.
>>>
>>> The offending line appears to be:
>>>
>>>
>>> - name: Bstar ec2 group
>>>   ^ here
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>
>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/b1709fe2-99ae-416e-a941-661cb3e3e9f4%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/b1709fe2-99ae-416e-a941-661cb3e3e9f4%40googlegroups.com?utm_medium=email&utm_so

Re: [ansible-project] Ansible - AWS - Security Group

[Pshem Kowalczyk]

This looks like a definition of a role, not a play. If you want this to be
a play you have to turn this into the 'tasks' section of the yaml file and
specify at least hosts you want this ran against.

kind regards
Pshem


On Sun, 14 Jan 2018 at 19:17 Reddy Myyb  wrote:

> The script to create aws security group is not working anymore. I have
> ansible 2.3.1.0, my script as below.
>
> - name: Bstar ec2 group
>   ec2_group:
> name: bright_star
> description: an example EC2 group
> vpc_id: vpc-1ab4e
> region: ap-southeast-2a
> aws_secret_key: SKEY
> aws_access_key: AKEY
> rules:
>   - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: 0.0.0.0/0
>   - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: 10.0.0.0/8
>   - proto: tcp
> from_port: 443
> to_port: 443
> group_id: amazon-elb/sg-87654321/amazon-elb-sg
>   - proto: tcp
> from_port: 3306
> to_port: 3306
> group_id: 123412341234/sg-87654321/exact-name-of-sg
>   - proto: udp
> from_port: 10050
> to_port: 10050
> cidr_ip: 10.0.0.0/8
>   - proto: udp
> from_port: 10051
> to_port: 10051
> group_id: sg-12345678
>   - proto: icmp
> from_port: 8 # icmp type, -1 = any type
> to_port:  -1 # icmp subtype, -1 = any subtype
> cidr_ip: 10.0.0.0/8
>   - proto: all
> # the containing group name may be specified here
> group_name: Bstar_SecurityGroups
> rules_egress:
>   - proto: tcp
> from_port: 80
> to_port: 80
> cidr_ip: 0.0.0.0/0
> cidr_ipv6: 64:ff9b::/96
> group_name: example-other
> # description to use if example-other needs to be created
> group_desc: other example EC2 group
>
> Please provide the correct module for security group.
>
> Below is the error message:
>
> ERROR! 'ec2_group' is not a valid attribute for a Play
>
> The error appears to have been in '/home/devopsadmin/dev/security.yml':
> line 1, column 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>
> - name: Bstar ec2 group
>   ^ here
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b1709fe2-99ae-416e-a941-661cb3e3e9f4%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUQQ1sX8oFU9CLt2S5ZGgGhuck6eUoEZgbaCXs5Q2crjw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Tower installation as DR mode

[Pshem Kowalczyk]

All Tower instances must be able to access the same database. If you can
ensure that you can have Tower instances in different sites (or
availability zones).

kind regards
Pshem


On Thu, 11 Jan 2018 at 17:44 Vijay Choudhary 
wrote:

> Hi, just want to know can we install Ansilbe tower server with DR site
> mode? Or can we install ansilbe tower nodes on multiple data center?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/118f513f-b56e-4859-a1d9-57301a2c97c0%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWGLn75TuNK%3D8758h3hW2DNM6Gu8jXDggxjKF_gDhtHGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Changing credentials between tasks

[Pshem Kowalczyk]

Hi,

One thing comes to mind - you could create two different entries in the
inventory pointing to the same 'ansible_host' with different set of
credentials. So the bootstrap process could run against the the first host
(with default password) and the rest of the play - against the second. The
inventory could look like this:

host1_bootstrap ansible_host=host1 ansible_user=root ansible_ssh_pass=abc
host1_proper ansible_host=host1 ansible_user=user1 .

kind regards
Pshem

On Tue, 12 Dec 2017 at 08:28 Kevin Phillips 
wrote:

> Hi all. I was redirected here from the Ansible issue tracker on Github. I
> am having difficulties with a specific use case I'm hoping to get help with.
>
> I am trying to find a way to programatically change SSH credentials in an
> Ansible play between tasks and / or between hosts. Here is my most basic
> use case: When bootstrapping a new server that has no LDAP configuration,
> user profiles, etc. I need to authenticate as root. However, in the first
> play I want to set up a limited user with sudo permissions (presumably
> while logged in as root), then I want to disable remote logins for root and
> continue running the rest of the plays as my newly created user.
>
> For bootstrapping purposes, the root users typically just have password
> enabled authentication using a known default password... however the user
> created by this first play is being configured with an SSH key to
> facilitate passwordless logins for the remainder of the plays.
>
> Can someone tell me how I might orchestrate this seemingly simple sequence
> of events? I've read up on ssh_args, ansible_pass, remote_user, and many
> other ways of defining credentials for tasks but none of them seem to allow
> the modification of the user and password in the way I've described above.
> So any help / suggestions anyone has in this regard would be appreciated.
>
> We run our ansible plays on various Linux OSes and Mac OS X, and we're
> using the latest version of Ansible in case that helps at all.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c9284559-0c0e-4580-8f07-243a1bef34ec%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRV3P5M%3DgRCiF5%2B5oioYiGaSCxMW6rvgtotOVPpzrEqiaQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Run once with when statement causes only skipped action to run

[Pshem Kowalczyk]

If you're using ec2.py to get your dynamic inventory you might use the
dynamic groups created from tags (tag_NAME_VALUE). If you dynamically
create the host before having to access it you can use:

- meta: refresh_inventory

to re-run the inventory script (which should discover newly created EC2
instances).

in that case you simply run the new play in the playbook against the hosts
matching the tag:
hosts: tag_NAME_VALUE

kind regards
Pshem


On Sat, 9 Dec 2017 at 11:31  wrote:

> Thanks for the help, Josh.
>
> I actually am trying to run a command once on a certain set of EC2
> instances I'm managing that match a specific tag. This seems like a very
> reasonable thing to do and yet the run_once skipping functionality makes
> this quite difficult. I managed to find two similar but different ways to
> do this (though not exactly elegant), which I'll post for future reference.
> I was inspired by
> https://groups.google.com/forum/#!topic/ansible-project/cpnrBRxLy0E and
> https://imil.net/blog/2016/08/05/Ansible_and_AWS_ASG
>
> *Method 1* (serial 1 is important due to the add_host behavior Josh
> pointed out). Run the playbook with the AWS dynamic inventory script (-i
> ec2.py)
>
> - hosts: ec2
> user: ubuntu
> serial: 1
> gather_facts: false
> tasks:
> - name: add only nodes that don't match your_tag_name to in-memory host
> group
> add_host:
> name: "{{ inventory_hostname }}"
> groups: your_hosts
> when: ec2_tag_Name != your_tag_name
>
> and then run the rest of your playbook not serially and perform run_once
> actions like this:
>
> - hosts: ec2
> user: ubuntu
> gather_facts: true
> tasks:
> - name: Run once on your_tag_name
> shell: echo yes >> yes.txt
> run_once: true
> delegate_to: "{{ groups['your_hosts'][0] }}"
>
> *Method 2: *use the ec2_instance_facts module to create the in-memory
> group. This requires a tag name variable or constant you can reference to
> match instances with
>
> - hosts: localhost
> user: ubuntu
> connection: local
> gather_facts: true
> tasks:
> - name: get ec2 remote facts
> ec2_instance_facts:
> region: "{{ aws_region }}"
> register: ec2
>
> - name: create an in memory group of only nodes with your_tag_name
> add_host:
> name: "{{ item }}"
> groups: your_hosts
> with_items: "{{ ec2.instances | selectattr('state.name', 'equalto',
> 'running') | selectattr('tags.Name', 'equalto', your_tag_name ) |
> map(attribute='public_ip_address')|list }}"
>
>
> Then performing the run_once is the same.
>
> Either way, if you want to use the information from ec2.py then you'll end
> up having two hosts sections and some verbosity. I suppose with the
> ec2_instance_facts one could potentially create groups of EC2 hosts and run
> the playbook all with hosts: localhost and delegate tasks to certain
> groups? I haven't tried this as I've spend enough time getting run_once to
> work for now.
>
> Dave
>
> On Friday, December 8, 2017 at 3:20:20 PM UTC-7, ddrak...@gmail.com wrote:
>>
>> Thanks for the help, Josh.
>>
>> I actually am trying to run a command once on a certain set of EC2
>> instances I'm managing that match a specific tag. This seems like a very
>> reasonable thing to do and yet the run_once skipping functionality makes
>> this quite difficult. I managed to find two similar but different ways to
>> do this (though not exactly elegant), which I'll post for future reference.
>> I was inspired by
>> https://groups.google.com/forum/#!topic/ansible-project/cpnrBRxLy0E and
>> https://imil.net/blog/2016/08/05/Ansible_and_AWS_ASG
>>
>> *Method 1* (serial 1 is important due to the add_host behavior Josh
>> pointed out). Run the playbook with the AWS dynamic inventory script (-i
>> ec2.py)
>>
>> - hosts: ec2
>> user: ubuntu
>> serial: 1
>> gather_facts: false
>> tasks:
>> - name: add only nodes that don't match your_tag_name to in-memory host
>> group
>> add_host:
>> name: "{{ inventory_hostname }}"
>> groups: your_hosts
>> when: ec2_tag_Name != your_tag_name
>>
>> and then run the rest of your playbook not serially and perform run_once
>> actions like this:
>>
>> - hosts: ec2
>> user: ubuntu
>> gather_facts: true
>> tasks:
>> - name: Run once on your_tag_name
>> shell: echo yes >> yes.txt
>> run_once: true
>> delegate_to: "{{ groups['your_hosts'][0] }}"
>>
>> *Method 2: *use the ec2_instance_facts module to create the in-memory
>> group. This requires a tag name variable or constant you can reference to
>> match instances with
>>
>> - hosts: localhost
>> user: ubuntu
>> connection: local
>> gather_facts: true
>> tasks:
>> - name: create an in memory group of only nodes with your_tag_name
>> add_host:
>> name: "{{ item }}"
>> groups: your_hosts
>> with_items: "{{ ec2.instances | selectattr('state.name', 'equalto',
>> 'running') | selectattr('tags.Name', 'equalto', your_tag_name ) |
>> map(attribute='public_ip_address')|list }}"
>>
>>
>> Either way, if you want to use the information from ec2.py then you'll
>> end up having two hosts sections and some verbosity. I suppose with the
>> ec2_instance

Re: [ansible-project] Ansible Host Machine Query

[Pshem Kowalczyk]

Hi,

Yes, it's possible. You'll have to specify the inventory you want your
playbooks to run against in the command line.

kind regards
Pshem


On Wed, 6 Dec 2017 at 03:55 Tsatish Kumar  wrote:

> Hi Team,
>
> Can any one let me know, whether is it possible to Manage 2 Service
> providers (AWS & Azure) with Single Ansible Host(Controller) hosted in AWS.
>
> Thanks & Regards,
> Satish
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b3d11fdf-24e0-4fea-992b-d0163022800f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXOM2LB-QzzoOgGXpGTAK2bvZHm96biGx1nwKf_%2BzMeew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] using tests to match a hostname

[Pshem Kowalczyk]

The match is a regular expression match (not a wildcard match). If you want
something ending in 'd' try this:

search('d$')

kind regards
Pshem


On Tue, 5 Dec 2017 at 13:08 Luke Miller  wrote:

>
> I am trying to use tests to match a hostname, I want hostnames that end in
> the letter "d", they are non-production hosts, here is what I have:
>
> - name: Register to Foreman Redhat non-Prod
>   redhat_subscription:
> state: present
> activationkey: "Non-Prod-Redhat-7"
> org_id: "Default_Organization"
>   when: inventory_hostname_short | match("*d")
>
>
> and I am getting this error:
>
> TASK [Register to Foreman Redhat non-Prod]
> ***
> fatal: [slpatch001d]: FAILED! => {"failed": true, "msg": "The conditional
> check 'inventory_hostname_short | match(\"*d\")' failed. The error was:
> nothing to repeat\n\nThe error appears to have been in
> '/Users/millerlu/misc/foreman.yml': line 10, column 7, but may\nbe
> elsewhere in the file depending on the exact syntax problem.\n\nThe
> offending line appears to be:\n\n\n- name: Register to Foreman Redhat
> non-Prod\n  ^ here\n"}
>
> What am I doing wrong here?
>
> Thanks,
> Luke
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b1b87d02-ac11-4fca-95ce-9cbd2ee59729%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVXV_3mGu55Ht%2BVUbwC-QyeER3Ze3tq_GKb6fA5Ev-piQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] generate template once for group of hosts

[Pshem Kowalczyk]

You can do the following (use two tasks instead of one 'template'):

1. Generate the template on the controller host (with delegate_to:
localhost and run_once: true)
2. Copy the generated template to all the other hosts

kind regards
Pshem


On Sat, 2 Dec 2017 at 17:53 tomr  wrote:

> My understanding is that ansible normally generates a file from a template
> once *per host*. Is it possible, when I know in advance that a file will
> be identical for all hosts in a group, to generate it only once?
>
> Thanks,
> tomr
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/41cbe4a7-5c5c-4aec--8bb702bef44a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXvUM48YXORmuET9EkoTuVbXVnpe9PQ98p%2BPgH4PyJ4Gg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible hangs when calling a script that runs commands over ssh

[Pshem Kowalczyk]

The only thing left in those circumstances is to debug ansible:

1. Run with ANSIBLE_KEEP_REMOTE_FILES=1 environmental variable
2. SSH to the remote host and look in ~/.ansible/tmp - you'll find the
actual python script that runs the module there.
3. Inside that script there's command to 'explode'  the script into
multiple files.
4. Once extracted - try to run it manually and see what happens.
5. Dive into code and see if you can figure out what's happening there.

Details are here:
http://docs.ansible.com/ansible/latest/dev_guide/developing_modules_best_practices.html


kind regards
Pshem


On Sun, 26 Nov 2017 at 21:04 6MT  wrote:

> Yes, I am positive.  From the control machine, I am able to do ssh
>  "test.sh" with the expected result of hi.
>
> For some reason, when ansible calls a shell script that executes remote
> ssh commands, the script is not returning.
>
>
> On Saturday, November 25, 2017 at 11:56:07 PM UTC-5, 6MT wrote:
>>
>> Hi all,
>>
>> I have a script on a remote machine that ssh's into other machines to do
>> stuff.
>>
>> On the control machine, if I use the command or shell module to execute
>> the script, everything works fine if the script is as simple as:
>>
>> #!/bin/sh
>>
>> echo "hi"
>>
>> When the playbook is run, I get "hi" in stdout as expected.
>>
>> However, when I change the script to:
>>
>> #!/bin/sh
>>
>> ssh somehost "echo hi"
>>
>> Ansible hangs indefinitely.  If I put things in the background, e.g.
>> nohup ssh somehost "echo hi" &, I get no output period.
>>
>> I've tried all sorts of redirecting stdin/stdout, etc and cannot seem to
>> get this to work.
>>
>> Has anyone run across this?  Your help is much appreciated.
>>
>> Thanks
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/92f16fe4-f233-4bae-8974-8a4737789aa0%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUXwgxM2EQR_n9yNLBfPMmZguikRupWZc%3DgxH1fwPkNug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible hangs when calling a script that runs commands over ssh

[Pshem Kowalczyk]

Hi,

Are you sure you have key-based ssh setup correctly on the remote machine?
Can ansible user find and access the ssh key required? Are you using the
right user on the remote machine to ssh to the other machine? Is the public
SSH key of the other machine already in know hosts (or are you ignoring
those keys)?

kind regards
Pshem


On Sun, 26 Nov 2017 at 17:56 6MT  wrote:

> Hi all,
>
> I have a script on a remote machine that ssh's into other machines to do
> stuff.
>
> On the control machine, if I use the command or shell module to execute
> the script, everything works fine if the script is as simple as:
>
> #!/bin/sh
>
> echo "hi"
>
> When the playbook is run, I get "hi" in stdout as expected.
>
> However, when I change the script to:
>
> #!/bin/sh
>
> ssh somehost "echo hi"
>
> Ansible hangs indefinitely.  If I put things in the background, e.g. nohup
> ssh somehost "echo hi" &, I get no output period.
>
> I've tried all sorts of redirecting stdin/stdout, etc and cannot seem to
> get this to work.
>
> Has anyone run across this?  Your help is much appreciated.
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4b327f63-4d60-4ebe-8a65-21bf8775ede4%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUyQvRGCacntBHv%2B2aT-4oPbkYch7MyBqyy91uRecDmQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible network

[Pshem Kowalczyk]

Hi,

delegate_to forces the action to be carried out on the given host (in this
case localhost). AFAIK all network commands must be executed on the
controller (since usually the network devices don't have a python
interpreter).
Yes, specifying provider like that refers to a variable, in this case a
fact that you've set (which is a form of variable too).

kind regards
Pshem


On Thu, 23 Nov 2017 at 20:12 SK  wrote:

> Excellent!  This worked now.  What did this delegate_to command actually
> do?  Did the provider under ios_config call the provider variables written
> already?
>
>
> On Wednesday, November 22, 2017 at 4:35:38 PM UTC+8, Pshem Kowalczyk wrote:
>
>> Hi,
>>
>> Try this:
>>
>> - name: DEPLOY SNMP COMMANDS WITHIN PB
>>   delegate_to: localhost
>>   ios_config:
>>  provider: "{{ provider }}"
>>  commands:
>>- snmp-server community Test1ng rw
>>
>>
>> (this is not tested)
>>
>> kind regards
>> Pshem
>>
>> On Wed, 22 Nov 2017 at 20:58 SK  wrote:
>>
> Hi Pshem,
>>>
>>> Thank you again for the assistance, the indentation problem is now
>>> solved and the playbook is running, but with errors.  I am back to the
>>> original question.  How does ansible connect to the network device?  Is it
>>> just username/password in the ansible configuration or do I need to setup
>>> any ssh keys on the Cisco network device for the Linux host running ansible
>>> to authenticate to device?
>>>
>>> I ran the playbook command with - option as well and almost similar
>>> error in addition to "open_shell() returned 255  failed to connect to
>>> control socket"
>>>
>>> Host#ansible-playbook  configs.yml
>>>
>>> PLAY [DEPLOY SNMP CONFIGURATIONS]
>>> 
>>>
>>> TASK [configure provider]
>>> 
>>> ok: [sltnrmgmt]
>>>
>>> TASK [DEPLOY SNMP COMMANDS WITHIN PB]
>>> 
>>> *fatal: [sltnrmgmt]: FAILED! => {"changed": false, "failed": true,
>>> "msg": "unable to open shell. Please see:
>>> https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell
>>> <https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell>",
>>> "rc": 255}*
>>> to retry, use: --limit @/etc/ansible/configs.retry
>>>
>>> PLAY RECAP
>>> ***
>>> sltnrmgmt  : ok=1changed=0unreachable=0failed=1
>>>
>>>
>>>
>>>
>>> On Tuesday, November 21, 2017 at 3:31:43 PM UTC+8, Pshem Kowalczyk wrote:
>>>
>>>> Now the issue is caused by indentation:
>>>>
>>>> - name: configure provider
>>>>set_fact:
>>>>
>>>> set_fact must start at the same position as 'name' above it.
>>>>
>>>> kind regards
>>>> Pshem
>>>>
>>>>
>>>> On Tue, 21 Nov 2017 at 18:39 SK  wrote:
>>>>
>>> Thank you for the suggestion about dash before name.  I have updated
>>>>> that and still receive the same error.  The error is pointing towards
>>>>> set_fact. I will take a look into text editors for YAML.
>>>>>
>>>>> ansible-playbook - configs.yml
>>>>> Using /etc/ansible/ansible.cfg as config file
>>>>> ERROR! Syntax Error while loading YAML.
>>>>>
>>>>>
>>>>> The error appears to have been in '/etc/ansible/configs.yml': line 12,
>>>>> column 8, but may
>>>>> be elsewhere in the file depending on the exact syntax problem.
>>>>>
>>>>> The offending li

Re: [ansible-project] Ansible network

[Pshem Kowalczyk]

Hi,

Try this:

- name: DEPLOY SNMP COMMANDS WITHIN PB
  delegate_to: localhost
  ios_config:
 provider: "{{ provider }}"
 commands:
   - snmp-server community Test1ng rw


(this is not tested)

kind regards
Pshem


On Wed, 22 Nov 2017 at 20:58 SK  wrote:

> Hi Pshem,
>
> Thank you again for the assistance, the indentation problem is now solved
> and the playbook is running, but with errors.  I am back to the original
> question.  How does ansible connect to the network device?  Is it just
> username/password in the ansible configuration or do I need to setup any
> ssh keys on the Cisco network device for the Linux host running ansible to
> authenticate to device?
>
> I ran the playbook command with - option as well and almost similar
> error in addition to "open_shell() returned 255  failed to connect to
> control socket"
>
> Host#ansible-playbook  configs.yml
>
> PLAY [DEPLOY SNMP CONFIGURATIONS]
> 
>
> TASK [configure provider]
> 
> ok: [sltnrmgmt]
>
> TASK [DEPLOY SNMP COMMANDS WITHIN PB]
> 
> *fatal: [sltnrmgmt]: FAILED! => {"changed": false, "failed": true, "msg":
> "unable to open shell. Please see:
> https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell
> <https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell>",
> "rc": 255}*
> to retry, use: --limit @/etc/ansible/configs.retry
>
> PLAY RECAP
> *******
> sltnrmgmt  : ok=1changed=0unreachable=0failed=1
>
>
>
>
> On Tuesday, November 21, 2017 at 3:31:43 PM UTC+8, Pshem Kowalczyk wrote:
>
>> Now the issue is caused by indentation:
>>
>> - name: configure provider
>>set_fact:
>>
>> set_fact must start at the same position as 'name' above it.
>>
>> kind regards
>> Pshem
>>
>>
>> On Tue, 21 Nov 2017 at 18:39 SK  wrote:
>>
> Thank you for the suggestion about dash before name.  I have updated that
>>> and still receive the same error.  The error is pointing towards set_fact.
>>> I will take a look into text editors for YAML.
>>>
>>> ansible-playbook - configs.yml
>>> Using /etc/ansible/ansible.cfg as config file
>>> ERROR! Syntax Error while loading YAML.
>>>
>>>
>>> The error appears to have been in '/etc/ansible/configs.yml': line 12,
>>> column 8, but may
>>> be elsewhere in the file depending on the exact syntax problem.
>>>
>>> The offending line appears to be:
>>>
>>>   - name: configure provider
>>>set_fact:
>>>^ here
>>>
>>>
>>> On Friday, November 17, 2017 at 5:16:24 PM UTC+8, Pshem Kowalczyk wrote:
>>>
>>>> Hi,
>>>>
>>>> You need a space between the dash '-' and 'name:' in the task list.
>>>> I suggest you find a text editor that supports YAML validation to make
>>>> your life easier.
>>>>
>>>> kind regards
>>>> Pshem
>>>>
>>>>
>>>>
>>>> On Fri, 17 Nov 2017 at 20:42 SK  wrote:
>>>>
>>> Hi,
>>>>>
>>>>> I am using Ansible for the first time to test basic commands on
>>>>> Network devices.  When I run the playbook, I am encountering errors even
>>>>> though the configuration looks normal.  Below is the OS of my source
>>>>> machine where Ansible is installed:
>>>>>
>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>
>>>>> My ansible version is below:
>>>>>
>>>>> ansible 2.3.2.0
>>>>>   config file = /etc/ansible/ansible.cfg
>>>>> 

Re: [ansible-project] Problem with variables variables

[Pshem Kowalczyk]

Hi,

Try this:

{{ vm_list.virtual_machines[vmname].uuid }}

kind regards
Pshem


On Tue, 21 Nov 2017 at 04:11 Josu Vilda  wrote:

> Hi,
>
> I have a problem with variables.
>
> this is correct:
> .
>  - debug:
> msg: "{{ vm_list.virtual_machines.SRV1.uuid }}"
> 
>
>
>
> but, i need:
>
> .
> register: vmname
>  - debug:
> msg: "{{ vm_list.virtual_machines.{{ vmname }}.uuid }}"
>
> 
>
> how do i have to do it?
>
> thx
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9b587921-51c1-42c0-8684-cb3fed56f454%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXRmkPb8G39MY%2B2dZi_Su_V3S8EBRdvPAY-1VmGJDo5Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible network

[Pshem Kowalczyk]

Now the issue is caused by indentation:

- name: configure provider
   set_fact:

set_fact must start at the same position as 'name' above it.

kind regards
Pshem


On Tue, 21 Nov 2017 at 18:39 SK  wrote:

> Thank you for the suggestion about dash before name.  I have updated that
> and still receive the same error.  The error is pointing towards set_fact.
> I will take a look into text editors for YAML.
>
> ansible-playbook - configs.yml
> Using /etc/ansible/ansible.cfg as config file
> ERROR! Syntax Error while loading YAML.
>
>
> The error appears to have been in '/etc/ansible/configs.yml': line 12,
> column 8, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>   - name: configure provider
>set_fact:
>    ^ here
>
>
> On Friday, November 17, 2017 at 5:16:24 PM UTC+8, Pshem Kowalczyk wrote:
>
>> Hi,
>>
>> You need a space between the dash '-' and 'name:' in the task list.
>> I suggest you find a text editor that supports YAML validation to make
>> your life easier.
>>
>> kind regards
>> Pshem
>>
>>
>>
>> On Fri, 17 Nov 2017 at 20:42 SK  wrote:
>>
> Hi,
>>>
>>> I am using Ansible for the first time to test basic commands on Network
>>> devices.  When I run the playbook, I am encountering errors even though the
>>> configuration looks normal.  Below is the OS of my source machine where
>>> Ansible is installed:
>>>
>>> CentOS Linux release 7.3.1611 (Core)
>>>
>>> My ansible version is below:
>>>
>>> ansible 2.3.2.0
>>>   config file = /etc/ansible/ansible.cfg
>>>   configured module search path = Default w/o overrides
>>>   python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5
>>> 20150623 (Red Hat 4.8.5-11)]
>>>
>>> the config.yml file I am using to test is below:
>>>
>>> ---
>>>   - name: DEPLOY SNMP CONFIGURATIONS
>>> hosts: mgmt
>>> gather_facts: False
>>> connection: local
>>> vars_files:
>>> - creds.yml
>>>
>>> tasks:
>>>
>>>   -name: configure provider
>>>set_fact:
>>>  provider:
>>>username: "{{username}}"
>>>password: "{{password}}"
>>>host: "{{inventory_hostname}}"
>>>
>>>   - name: DEPLOY SNMP COMMANDS WITHIN PB
>>> ios_config:
>>>   commands:
>>> - snmp-server community Test1ng rw
>>>
>>> The content of creds.yml file is below:
>>>
>>> username: x
>>> password: x
>>>
>>> grep inventory ansible.cfg
>>> inventory  = /etc/ansible/inventory
>>>
>>> The content of the inventory file is below
>>> [mgmt]
>>> sltnrmgmt
>>>
>>> Error message I am noticing:
>>>
>>> ansible-playbook - configs.yml
>>> Using /etc/ansible/ansible.cfg as config file
>>> ERROR! Syntax Error while loading YAML.
>>>
>>>
>>> The error appears to have been in '/etc/ansible/configs.yml': line 12,
>>> column 16, but may
>>> be elsewhere in the file depending on the exact syntax problem.
>>>
>>> The offending line appears to be:
>>>
>>>   -name: configure provider
>>>set_fact:
>>>^ here
>>>
>>> *The set_fact seems to be defined the way it should be.  Appreciate any
>>> help on this.*
>>>
>>> Other details I am yet to figure out:
>>>
>>> How does Ansible communicate with Network devices by default in version
>>> 2.3?  Do I need to setup any SSH keys on the Cisco Network device?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>
>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/a58e6bb6-4e54-4c3c-94cd-faabddad33d2%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/a58e6bb6-4e54-4c3c-94cd-faabddad33d2%40googlegroups.com?utm_medium=em

Re: [ansible-project] or condition in ansible skips the hosts that are not matched in condition

[Pshem Kowalczyk]

Ansible operates on an internal loop. Tasks are executed (and facts set) on
'per-device' basis. If you need the results of all the checks I suggest you
do the following:

1. Register the results and store them into files on the controller (either
can run as internal ansible loop or manual set of tasks)
2. Add another play in your playbook that's executed on the localhost -
check the content of each of the files and identify if you have to restart
or not. You can store this as a fact against 'localhost' so it's accessible
via hostvars['localhost']['var_name']
3. Add yet another play that conditionally restarts all the servers if the
content of the variable indicates the need for a restart

the whole thing can be also done without storing info in the files - you
can loop over all hosts in a group so you can access the results of the
check.

kind regards
Pshem


On Mon, 20 Nov 2017 at 19:15 shashank pai  wrote:

>
> down votfavorite
> 
>
> I am trying to check memory consumption of four machines and any of the
> machines memory consumption is less than 10 GB I want to restart services
> on all machines.
>
> I have used or operator in when condition, I am able to restart the
> services only on the ones that have memory less than 10 GB others get
> skipped. My requirement is if any of the hosts memory goes down below 10GB
> I want services to be restarted on all machines not just on machines that
> have memory below 10GB.
>
> Below is the Ansible playbook:
>
>
> - hosts: webapp
> become: true
> become_method: sudo
> gather_facts: yes
> vars:
> servers:
> "10.0.0.1": "machine1"
> "10.0.0.2": "machine2"
> "10.0.0.3": "machine3"
> "10.0.0.4": "machine4"
> tasks:
> - name: get mem free for machine1
> shell: free -g | grep Mem | awk '{print $4}'
> register: machine1_mem
> - debug: var=machine1_mem.stdout
> when: servers[ansible_default_ipv4.address] == "machine1"
> - name: get mem free for machine2
> shell: free -g | grep Mem | awk '{print $4}'
> register: machine2_mem
> - debug: var=machine2_mem.stdout
> when: servers[ansible_default_ipv4.address] == "machine2"
> - name: get mem free for machine3
> shell: free -g | grep Mem | awk '{print $4}'
> register: machine3_mem
> - debug: var=machine3_mem.stdout
> when: servers[ansible_default_ipv4.address] == "machine3"
> - name: get mem free for machine4
> shell: free -g | grep Mem | awk '{print $4}'
> register: machine4_mem
> - debug: var=machine4_mem.stdout
> when: servers[ansible_default_ipv4.address] == "machine4"
> - name: restart web services
> when: ( machine4_mem.stdout|int <= 10 or machine1_mem.stdout|int <= 10 or 
> machine3_mem.stdout|int <= 10 or machine2_mem.stdout|int <= 10 )
>   action: service name=httpd state=restarted
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/be9b8961-8013-444f-8c99-1939d25b6757%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW7Eu96gt4y2XqWkY6FTD_4xDQUQJfa-4wtjuJqQwNQ9A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Unable to SSH to localhost

[Pshem Kowalczyk]

Is there any particular reason you have to ssh to localhost? Ansible will
work fine if you specify connection=local in inventory.

In this case it does look like you're missing the private key (or at least
ansible can't find it). Make sure you can

ssh ansible@127.0.0.1

before you run ansible.

kind regards
Pshem


On Sun, 19 Nov 2017 at 05:29 Raresticks  wrote:

> I've been told by a DevOps guru that Ansible needs to communicate over SSH
> with the localhost, on the server side of course.
>
> Ok. so I've added the  account to the sudoers configurtion so
> that it may authenticate without a password during runtime.
>
> Now, when I try to SSH to localhost it fails with this message --->
>
> *Permission denied (publickey,gssapi-keyex,gssapi-with-mic)*In fact NO
> account can SSH to localhost.   System is Centos7 and Ansible 2.4.1.0
>
> Is there any workaround for communication to localhost over SSH for
> Ansible to run smoothly?  If not, why is this failing?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/844f4cd2-a5a0-4157-a29f-e96de1812d85%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVXdXnVONEQqFjAd8Q0fJ4mJe%2Bx_NNYVLuxtkvozs2vEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Rescue all hosts if one host fails

[Pshem Kowalczyk]

Hi

You can use the following method (sorry I don't have the playbook ready).

1. Run the upgrade on each host, ignore errors, but register the results
and store them in a file on the controller machine (you can also manually -
fail: once the error is registered for a given host)
2. Once all upgrades are done on all hosts - check the content of the
'results' files on the controller. If any of them show issues - run another
role to revert the changes.

kind regards
Pshem


On Sat, 18 Nov 2017 at 02:53 Aaron Falk  wrote:

> There is no possibility to run the rescue part for all hosts if one host
> fails. I'm working on my deployment for a website. I want to deploy the
> site to multiple hosts. If something fails for one host than all hosts
> should not be deployed. Therefore, a rollback on all hosts should happen.
> The configuration "any_errors_fatal" is not working for it.
>
> I am using ansible 2.4.1.0
>
> Here the steps to reproduce:
>
> - block:
> - name: Update database schema
>   shell: cd '{{ ansible_web_deployment_webroot }}/releases/{{ 
> ansible_web_deployment_release }}' && php7.1 console.php 
> orm:schema-tool:update --force
>   when: inventory_hostname in groups['schema']
> - name: Deployment
>   debug:
> msg: 'Deploying'
>   rescue:
> - name: Rollback
>   debug:
> msg: 'Rollback'
>   any_errors_fatal: true
>
>
> Expected results:
>
> PLAY [test] 
> 
>
> TASK [Gathering Facts] 
> *
> ok: [x1.example.com]
> ok: [x2.example.com]
> ok: [x3.example.com]
> ok: [x4.example.com]
>
> TASK [ansible_web_deployment : Update database schema] 
> *
> skipping: [x2.example.com]
> skipping: [x3.example.com]
> skipping: [x4.example.com]
> fatal: [x1.example.com]: FAILED! => {"changed": true, "cmd": "cd 
> '/var/www/x.example.com/releases/20171113081452' && php7.1 console.php 
> orm:schema-tool:update --force", "delta": "0:00:00.007578", "end": 
> "2017-11-13 08:15:05.709148", "failed": true, "msg": "non-zero return code", 
> "rc": 2, "start": "2017-11-13 08:15:05.701570", "stderr": "/bin/sh: 1: cd: 
> can't cd to /var/www/x.example.com/releases/20171113081452", "stderr_lines": 
> ["/bin/sh: 1: cd: can't cd to 
> /var/www/x.example.com/releases/20171113081452"], "stdout": "", 
> "stdout_lines": []}
>
> TASK [ansible_web_deployment : Rollback] *
> ok: [x1.example.com] => {
> "msg": "Rollback"
> }
> ok: [x2.example.com] => {
> "msg": "Rollback"
> }
> ok: [x2.example.com] => {
> "msg": "Rollback"
> }
> ok: [x4.example.com] => {
> "msg": "Rollback"
> }
>
> PLAY RECAP 
> *
> 127.0.0.1  : ok=2changed=0unreachable=0failed=0
> x1.example.com : ok=2changed=1unreachable=0failed=1
> x2.example.com : ok=2changed=1unreachable=0failed=1
> x3.example.com : ok=2changed=1unreachable=0failed=1
> x4.example.com : ok=2changed=1unreachable=0failed=1
>
>
> Actual results:
>
> PLAY [test] 
> 
>
> TASK [Gathering Facts] 
> *
> ok: [x1.example.com]
> ok: [x2.example.com]
> ok: [x3.example.com]
> ok: [x4.example.com]
>
> TASK [ansible_web_deployment : Update database schema] 
> *
> skipping: [x2.example.com]
> skipping: [x3.example.com]
> skipping: [x4.example.com]
> fatal: [x1.example.com]: FAILED! => {"changed": true, "cmd": "cd 
> '/var/www/x.example.com/releases/20171113081452' && php7.1 console.php 
> orm:schema-tool:update --force", "delta": "0:00:00.007578", "end": 
> "2017-11-13 08:15:05.709148", "failed": true, "msg": "non-zero return code", 
> "rc": 2, "start": "2017-11-13 08:15:05.701570", "stderr": "/bin/sh: 1: cd: 
> can't cd to /var/www/x.example.com/releases/20171113081452", "stderr_lines": 
> ["/bin/sh: 1: cd: can't cd to 
> /var/www/x.example.com/releases/20171113081452"], "stdout": "", 
> "stdout_lines": []}
>
> TASK [ansible_web_deployment : Restart services] *
> ok: [x2.example.com] => {
> "msg": "Deploying"
> }
> ok: [x2.example.com] => {
> "msg": "Deploying"
> }
> ok: [x4.example.com] => {
> "msg": "Deploying"
> }
>
> TASK [ansible_web_deployment : Rollback] *
> ok: [x1.example.com] => {
> "msg": "Rollback"
> })
>
> PLAY RECAP 
> *
> 127.0.0.1  : ok=2changed=0unreachable=0failed=0
> x1.example.com : ok=2changed=1unreachable=0failed=1
> x2.example.com : ok=2changed=1unreachable=0failed=0
> x3.example.com : ok=2changed=1unreachable=0failed=0
> x4.example.com : ok=2changed=1unreachable=0fa

Re: [ansible-project] Ansible network

[Pshem Kowalczyk]

Hi,

You need a space between the dash '-' and 'name:' in the task list.
I suggest you find a text editor that supports YAML validation to make your
life easier.

kind regards
Pshem



On Fri, 17 Nov 2017 at 20:42 SK  wrote:

> Hi,
>
> I am using Ansible for the first time to test basic commands on Network
> devices.  When I run the playbook, I am encountering errors even though the
> configuration looks normal.  Below is the OS of my source machine where
> Ansible is installed:
>
> CentOS Linux release 7.3.1611 (Core)
>
> My ansible version is below:
>
> ansible 2.3.2.0
>   config file = /etc/ansible/ansible.cfg
>   configured module search path = Default w/o overrides
>   python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5
> 20150623 (Red Hat 4.8.5-11)]
>
> the config.yml file I am using to test is below:
>
> ---
>   - name: DEPLOY SNMP CONFIGURATIONS
> hosts: mgmt
> gather_facts: False
> connection: local
> vars_files:
> - creds.yml
>
> tasks:
>
>   -name: configure provider
>set_fact:
>  provider:
>username: "{{username}}"
>password: "{{password}}"
>host: "{{inventory_hostname}}"
>
>   - name: DEPLOY SNMP COMMANDS WITHIN PB
> ios_config:
>   commands:
> - snmp-server community Test1ng rw
>
> The content of creds.yml file is below:
>
> username: x
> password: x
>
> grep inventory ansible.cfg
> inventory  = /etc/ansible/inventory
>
> The content of the inventory file is below
> [mgmt]
> sltnrmgmt
>
> Error message I am noticing:
>
> ansible-playbook - configs.yml
> Using /etc/ansible/ansible.cfg as config file
> ERROR! Syntax Error while loading YAML.
>
>
> The error appears to have been in '/etc/ansible/configs.yml': line 12,
> column 16, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>   -name: configure provider
>set_fact:
>^ here
>
> *The set_fact seems to be defined the way it should be.  Appreciate any
> help on this.*
>
> Other details I am yet to figure out:
>
> How does Ansible communicate with Network devices by default in version
> 2.3?  Do I need to setup any SSH keys on the Cisco Network device?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a58e6bb6-4e54-4c3c-94cd-faabddad33d2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUrV%2BK6_pUiaJxSWP5HHXetheb6ORC14QH%3D_25iYh9HBg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Using ansible inside EC2 instance to gather tags

[Pshem Kowalczyk]

So far I came up with the following, but it does feel a bit kludgy: 


- name: check if running inside AWS
  uri:
url: http://169.254.169.254/latest/meta-data
timeout: 2
  register: aws_uri_check
  failed_when: False

- name: store result
  set_fact:
inside_aws: "{{ aws_uri_check.status == 200 }}"

- name: install aws cli
  command: pip install awscli
  when: inside_aws

- name: get the list of tags
  shell: REGION=$(curl -q 
http://169.254.169.254/latest/meta-data/placement/availability-zone) 
INSTANCE=$(curl -q http://169.254.169.254/latest/meta-data/instance-id); 
aws ec2 describe-tags --region ${REGION%?} --filters 
"Name=resource-id,Values=$INSTANCE"
  register: tag_list
  when: inside_aws

- name: create facts out of the tags
  set_fact:
"{{'ec2_tag_' + tag.Key.replace(':','_').replace('-','_') }}": "{{ 
tag.Value }}"
  with_items: "{{ (tag_list.stdout | from_json)['Tags'] }}"
  when: inside_aws
  loop_control:
loop_var: tag
label: "{{ tag.Key }}"

- name: remove awscli tools
  command: pip uninstall -y awscli
  when: inside_aws
 
kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a0ad9cbb-208a-4491-bed2-37b472920acc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Using ansible inside EC2 instance to gather tags

[Pshem Kowalczyk]

Hi,

We're starting to move our setup to AWS. In order to get an EC2 instance
provisioned we use ansible in 'pull' mode.  That works fine. The one thing
that seems to be a problem is getting the tags assigned to the instance.

If the playbook is ran from the 'outside' the inventory script supplies all
the 'ec2_tag_' variables. But from the 'inside' of the instance, if I
wanted to do that I'd have to supply the key/secret pair into the instance.

aws cli is able to get details like that if the correct IAMProfile is
attached to an instance without supplying any additional credentials. Is
there a way to make ansible do the same?

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW6hvJ1Z1awYGrZ9tMmgvDG%2BX-1iwyt%3DSBSWW4jyTDH0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Is there a cleaner alternative to '{{ (things | json_query("[?name==''" + thing_name + "'']") }}'

[Pshem Kowalczyk]

You can move the actual query string to a separate variable to reduce some
clutter and string concatenation. You can also use ` (backticks) to quote
jmes_path strings:

  set_fact:
 enabled_ports: "{{ intfs | json_query(enabled)}}"
  vars:
 enabled: "values(@)[?is_enabled && is_up && vlan_tag == `{{
mgmt_vlan }}`]"

kind regards
Pshem


On Mon, 30 Oct 2017 at 13:55 Behrang Saeedzadeh  wrote:

> Is there a cleaner alternative to:
>
> '{{ (things | json_query("[?name==''" + thing_name + "'']")  }}'
>
> In particular, ideally I want to avoid:
>
>- String concatenation
>- Escaping of quotes
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e6e3df70-21f1-4fee-99da-b18de36727b2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRV1dSeQ7YYfsXZu1Rjf%3DFagaqYuL2hHQgMFNgswaMg1Gg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible-pull and cloud-init and HOME variable

[Pshem Kowalczyk]

Hi,

I thought I share some info on what took me a few hours of debugging to
discover when it comes to using ansible  to hydrate ubuntu-based instances
using cloud-init.

It looks like cloud-init doesn't set HOME variable which prevents a number
of modules from working correctly. The modules that tripped me were copy
and template, but I suspect there will be others too.

So if you run into issues with ansible (or ansible-pull) do make sure HOME
is actually set.

(issue opened here: https://github.com/ansible/ansible/issues/31617)

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUS9pEgAYWzNG%3DuHJzRsJRKdi%2B2J%3DtyVCs56LJWDRrLuw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Is there a way to provide default values to a set of tasks?

[Pshem Kowalczyk]

I'm not aware of any generic way of providing those sort of values. Some
modules  provide their own way of using environmental variables or external
config files to facilitate what you're asking for.

kind regards
Pshem


On Tue, 3 Oct 2017 at 13:02 Behrang Saeedzadeh  wrote:

> Hi Pshem,
>
> Looks like my question was not phrased clearly enough. It is not about
> defining variables, I already use group, host, role, and play variables in
> my various Ansible projects.
>
> Let's pretend we have defined these variables:
>
> my_validate_certs: False
>
> my_method: POST
> my_user: admin
> my_password: p@ss
> my_force_basic_auth: yes
> my_body_format: json
>
>
> Almost all my URI tasks will use this configuration. So even though that I
> have defined these settings in variables, I still have to reference these
> variables every time I use the uri task:
>
> - name: Task 1
>   uri:
>
> validate_certs: "{{my_validate_certs}}"
> method: "{{my_method}}"
> user: "{{my_user}}"
> password: "{{my_pass}}"
> force_basic_auth: "{{my_force_basic_auth}}"
> body_format: "{{my_body_format}}"
>
>
> This is what I am trying to avoid. I want to tell Ansible: "Hey, for all
> the uri tasks, use these values as defaults".
>
>
> On Monday, October 2, 2017 at 6:18:42 PM UTC+11, Pshem Kowalczyk wrote:
>
>> Hi,
>>
>> If you want to use 'global' variables like that you have a few choices:
>>
>> 1. Use 'group_vars/all.yaml'
>> (all hosts belong to 'all' group by default)
>> 2. Use 'defaults/main.yaml' under your role
>> more info here:
>> http://docs.ansible.com/ansible/latest/playbooks_best_practices.html#directory-layout
>> 3. Use the 'include_vars' module
>> more info here:
>> http://docs.ansible.com/ansible/latest/include_vars_module.html
>>
>> More information about variables is here
>> http://docs.ansible.com/ansible/latest/playbooks_variables.html
>>
>> I think that the easiest way of building your 'own' modules (as a way of
>> abstracting things out) is to use roles and pass parameters to those roles
>> - more info here:
>> http://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html#using-roles
>>
>> kind regards
>> Pshem
>>
>>
>> On Mon, 2 Oct 2017 at 15:49 Behrang Saeedzadeh  wrote:
>>
> Hi,
>>>
>>> I am writing a role that contains a dozen of tasks that invoke REST
>>> APIs. All tasks have a set of common and identical configurations:
>>>
>>> - name: Task 1
>>>   uri:
>>> validate_certs: False
>>> method: POST
>>> user: "{{ user }}"
>>> password: "{{ pass }}"
>>> force_basic_auth: yes
>>> body_format: json
>>>
>>>
>>> I am looking for a way to avoid repeating these parameters for all the
>>> tasks. One way is to use anchors:
>>>
>>> api_defaults: &API_DEFAULTS
>>>   validate_certs: False
>>>   method: POST
>>>   user: "{{ user }}"
>>>   password: "{{ pass }}"
>>>   force_basic_auth: yes
>>>   body_format: json
>>>
>>>
>>> Then I can reuse this similar to:
>>>
>>> - name: Task 1
>>>   uri:
>>> << *API_DEFAULTS
>>>
>>>
>>> However, I still have to repeat the "<< *API_DEFAULTS" everywhere. Are
>>> there any other options available, other than developing new modules?
>>>
>>> For example to "define" modules based on existing modules, in a way
>>> similar to:
>>>
>>> - name: Define api
>>>   extend_module:
>>> parent_module: uri
>>> module_name: api
>>> defaults:
>>>   validate_certs: False
>>>   method: POST
>>>   user: "{{ user }}"
>>>   password: "{{ pass }}"
>>>   force_basic_auth: yes
>>>   body_format: json
>>>
>>>
>>> And then use it like:
>>>
>>> - name: Task 1
>>>   api:
>>> body:
>>>   a: 1
>>>   b: c
>>>
>>>
>>> Thanks in advance.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop rece

Re: [ansible-project] Is there a way to provide default values to a set of tasks?

[Pshem Kowalczyk]

Hi,

If you want to use 'global' variables like that you have a few choices:

1. Use 'group_vars/all.yaml'
(all hosts belong to 'all' group by default)
2. Use 'defaults/main.yaml' under your role
more info here:
http://docs.ansible.com/ansible/latest/playbooks_best_practices.html#directory-layout
3. Use the 'include_vars' module
more info here:
http://docs.ansible.com/ansible/latest/include_vars_module.html

More information about variables is here
http://docs.ansible.com/ansible/latest/playbooks_variables.html

I think that the easiest way of building your 'own' modules (as a way of
abstracting things out) is to use roles and pass parameters to those roles
- more info here:
http://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html#using-roles

kind regards
Pshem


On Mon, 2 Oct 2017 at 15:49 Behrang Saeedzadeh  wrote:

> Hi,
>
> I am writing a role that contains a dozen of tasks that invoke REST APIs.
> All tasks have a set of common and identical configurations:
>
> - name: Task 1
>   uri:
> validate_certs: False
> method: POST
> user: "{{ user }}"
> password: "{{ pass }}"
> force_basic_auth: yes
> body_format: json
>
>
> I am looking for a way to avoid repeating these parameters for all the
> tasks. One way is to use anchors:
>
> api_defaults: &API_DEFAULTS
>   validate_certs: False
>   method: POST
>   user: "{{ user }}"
>   password: "{{ pass }}"
>   force_basic_auth: yes
>   body_format: json
>
>
> Then I can reuse this similar to:
>
> - name: Task 1
>   uri:
> << *API_DEFAULTS
>
>
> However, I still have to repeat the "<< *API_DEFAULTS" everywhere. Are
> there any other options available, other than developing new modules?
>
> For example to "define" modules based on existing modules, in a way
> similar to:
>
> - name: Define api
>   extend_module:
> parent_module: uri
> module_name: api
> defaults:
>   validate_certs: False
>   method: POST
>   user: "{{ user }}"
>   password: "{{ pass }}"
>   force_basic_auth: yes
>   body_format: json
>
>
> And then use it like:
>
> - name: Task 1
>   api:
> body:
>   a: 1
>   b: c
>
>
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4b750222-7c27-40b8-830f-010e8858fc1d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRU%2BVqC9RrBa9U4YpxTrMakBRMDcy2pZNOj%3DKO-z0naM3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Using Netbox to set variables in my playbook

[Pshem Kowalczyk]

Hi,

I haven't tried to use netbox that way, but since it does provide an API
you should be able to use it with the uri module:
http://docs.ansible.com/ansible/latest/uri_module.html

kind regards
Pshem


On Tue, 12 Sep 2017 at 18:58 'Marco Baldanza' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Hi all,
>
> I currently use Ansible to generate all the network device configs and
> store them locally which works great. However, i currently have to store
> all my variables in a static .yml file.
>
> Is it possible for ansible to hook into our netbox and pull the corect
> information needed to run the playbook? Essentially i want to get rid of
> the static vars file and use netbox instead.
>
> Or do i need to go down the route of writing a python script that will
> write all the IP info to the vars file and then run ansible seperately?
>
> I don't mind either way but i would prefer to use ansible as it's such a
> good product.
>
> Many thanks in advance,
> Marco
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3cb0aa65-f489-4007-b1fd-7487d9170674%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVUjx1QjtrF9vfRViyqnQZRvR-ZtvBNzjdMw8gRo31Bmg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to get all the instances per VPC and get security group of each instance for a particular zone.

[Pshem Kowalczyk]

You need a number of separate steps:

1. Get VPC id  (ec2_vpc_net_facts)
2. Get list of instances in that VPC using vpc-id as a filter
(ec2_remote_facts)
3. Get the list of ENIs for each of those EC2 instances (ec2_eni_facts)

The last module will return information about security groups used by the
ENIs.

kind regards
Pshem




On Mon, 4 Sep 2017 at 22:12 Nirjhar Banik  wrote:

> I'm trying to pull all the information of all the instances per VPC and
> get security group of each instance for a particular zone. I am using
> *ec2_vpc* (it is deprecated) module to get the information about
> an existing VPC but from reading the docs, I'm not completely sure this
> is possible since all the docs and examples are assuming you are
> either creating a VPC or deleting one.
>
> Can anyone help me with a solution of how to get the full list of ec2
> instance info for a particular region? Thanks!
>
> ---
>  - name: List all the vpc ids
>hosts: webservers
>tasks:
> - name: ec2 instances
>   ec2_vpc :
>aws_access_key: XX
>aws_secret_key: 
>   with_items:
>-  us-east-1
>   register: vpc_info
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1d0ae7b5-f12c-4b51-a8ca-7ecec1c89dc1%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVAti%3DGbDseMDN%2BBWB3jjkAXFN_m%3Du5OwuJSMJ6SVQc6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Structuring and managing multiple unrelated projects

[Pshem Kowalczyk]

Hi,

I think it's down to your work split/structure. In our case each project
operates on separate set of hosts. So we have separate inventories for each
of them. Perhaps there's some sort of logical grouping structure you could
create for your hosts and run playbooks based on those groups (with a
single big shared inventory).

kind regards
Pshem


On Mon, 4 Sep 2017 at 09:48  wrote:

> So after converting my structure to the "each project has its own
> ansible.cfg and inventory" the worst issue I don't appear to be able to
> solve is targeting hosts in different projects. If I need to run an ad hoc
> command on all hosts, I literally have to enter each project directory and
> run the command. I could script around it somehow or maybe there's some
> clever shell expansion I could use, but it feels like going against what
> Ansible is good at: running against multiple hosts automatically.
>
> As most of my projects only have a single host each, it's not very useful
> at this stage. Sure, if I need to scale the project I may need a few new
> hosts but right now it feels like each project should be a group in one big
> project.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bc95ba9e-1f9b-46d9-bf22-9aa876970bd6%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUo%3DpFfndpXXD-mXdKo9HvW%3DGbuJNtaYG76%3Ddhj2HU7Fw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] iterating using with_list

[Pshem Kowalczyk]

Hmm,

This is the thing I'm taking about:
https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/lookup/list.py

Looking at the history I can see that it was added by bcoca about 2 years
ago. It doesn't look like it changed much over the years (the code is
trivial). So, I suspect that despite lack of documentation it is supported
after all.

kind regards
Pshem


On Thu, 31 Aug 2017 at 06:53 Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On 30. aug. 2017 01:09, Pshem Kowalczyk wrote:
> > After a bit of googling I found 'with_list' which works great (so I
> > can iterate over the internal list using with_items), but that
> 'with_list'
> > doesn't seem to be documented anywhere. Is this something that's
> > deprecated? If so - what are the alternatives?
> To my knowledge Ansible have never had with_list.
>
> So it's probably something someone have made, so you would need to hunt
> it down and install it if you would like to use it.
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0c9c7d78-112c-cad0-2fcc-98341b83d45d%40olstad.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXB2WmqZXXdaEBZC3Eu3igWnGZYuaWxm0Co7YPqZC4DoA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Structuring and managing multiple unrelated projects

[Pshem Kowalczyk]

Hi,

I don't think I have an answer for you, but faced with a similar problem
(being able to reuse roles and yet have separate projects) we started
investigating the following solution. At this stage we're only trying this
with one and a bit of  (smallish) projects so I'm unsure how well this is
going to work yet

1. separate ansible.cfg for each project with a list of 2 role paths
(project and shared)
2. a repo of 'shared roles' (with no playbooks)
  shared roles look for its data in specific locations:
   - its own default/vars directories
   - predefined project directories (generally host_vars/role_name/...)
this is manually loaded
 shared roles are a submodule in git
3. actual repo for the project with the usual setup

Two things we've noticed so far:
- shared roles have to be truely reusable, abstracted out and idempotent -
takes more effort
- the behaviour of shared roles must be well defined: all input parameters
must be validated and when they fail they must leave good trail of what
actually when wrong

I'm also keen to hear how others scale up their setups. One of the issues
we seem to have is the multitude of top-level playbooks - we try to keep
them separate by using naming conventions (like object-action-subject) but
that only helps to a degree.

kind regards
Pshem


On Wed, 30 Aug 2017 at 22:12  wrote:

> Hey
>
> I'm really struggling to find a solution or "best practise" that enables
> me to use Ansible to manage multiple different projects, while still being
> able to reuse roles between them to target hosts from all projects in a
> play.
>
> Every tutorial or document I read seems to assume you are provisioning one
> project with a handful of web and database servers in various regions or
> whatever. What we have currently is a single server per client/project and
> the way I have been using Ansible so far is:
>
> playbooks/
>  - files/
>- public_keys/ <-- common keys used on multiple projects/servers
>  - galaxy_roles/
>  - group_vars/
>- all/
>- droplets/
>  - host_vars/
>- project1/
>  - vars.yml
>  - vault.yml
>- project2/
>  - vars.yml
>  - vault.yml
>  - roles/ <-- custom roles, as reusable and broken down as I can make them
>  - templates/
>- iptables/
>  - project1/rules.j2 <-- each project may require different iptable
> rules
>  - project2/rules.j2
>  - project1.yml
>  - project2.yml
>
> It doesn't scale well. I know that if "project1" was suddenly comprised of
> more web servers for example, then I should probably be looking at
> group_vars instead of host_vars. I haven't experimented with groups of
> groups. I also have to check three places to find the configuration used
> for a server (all, droplets, host_vars/project (and I guess the role
> defaults too really)).
>
> I thought about having a separate folder per project, each with its own
> ansible.cfg and inventory to allow for future scaling, modifying the
> roles_path to find the common/reusable roles and galaxy roles. This feels
> neat, but then I can't target all servers in multiple projects (for example
> to apply an ad-hoc patch). I think the public_keys and iptables setup would
> also need to be altered so that these files are within the roles somehow.
>
> My setup is starting to feel unwieldy and cumbersome and I'd like to get
> to the point where I have a solid foundation where Ansible is helping me
> more than being a hindrance.
>
> Any thoughts or suggestions or links I may have missed much appreciated.
>
> Thanks
> Jamie
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fb912723-17ed-4480-8d99-93138501b934%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXmEecuej9UWmBXTpMRQcK8PKw85MNyp%3DMiKNUWehiahA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] iterating using with_list

[Pshem Kowalczyk]

Hi,

I have a requirement to iterate over list of lists:

panels:
  -
- name: disk_used_pt
  iterate:
   - path
- name: diskio_all
  -
- name: system_load_all
- name: process_all


I've tried with_items on that structure, but it flattens it to a simple
list. After a bit of googling I found 'with_list' which works great (so I
can iterate over the internal list using with_items), but that 'with_list'
doesn't seem to be documented anywhere. Is this something that's
deprecated? If so - what are the alternatives?

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVzeYFrb6u4Ou9h6-n%2B4mZ5kdM2yEkzoZf35292x%2BJ4qw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debugging nested list

[Pshem Kowalczyk]

Your 'packages1' is a dictionary/hash not a list/array, so if you want to
iterate over it you have to use with_dict.

kind regards
Pshem


On Thu, 24 Aug 2017 at 14:07 Henry Medina  wrote:

> Hello Folks,
>
>
>  I have a debugging question that has left me scratching my head.  I
> have a vars file with the following vars (using ansible 2.3.2.0):
>
>
> packages1:
>
>   one:
>
> version: "one-ish"
>
>   two:
>
> version: "two-ish"
>
>
> ##
>
> I have a playbook with the following debugging statements:
>
>
> ---
>
> - hosts: localhost
>
>   connection: local
>
>   gather_facts: no
>
>
>   vars_files:
>
> - vars.yml
>
>
>   tasks:
>
> - debug:
>
> var: "{{ item.version }}"
>
>   with_items: "{{ packages1 }}"
>
> - debug:
>
> var: packages1.one.version
>
> - debug:
>
> var: packages1
>
>
> ##
>
> Here is the result:
>
> TASK [debug]
> 
>
> fatal: [localhost]: FAILED! => {"failed": true, "msg": "the field 'args'
> has an invalid value, which appears to include a variable that is
> undefined. The error was: *'ansible.vars.unsafe_proxy.AnsibleUnsafeText
> object'*
>
>
>
>
> if I just print the items:
>
> ---
>
> - hosts: localhost
>
>   connection: local
>
>   gather_facts: no
>
>
>   vars_files:
>
> - vars.yml
>
>
>   tasks:
>
> - debug:
>
> var: "{{ item }}"
>
>   with_items: "{{ packages1 }}"
>
> - debug:
>
> var: packages1.one.version
>
> - debug:
>
>
> var: packages1
>
>
>
> I get the following results:
>
> ansible-playbook play.yml
>
>  [WARNING]: Host file not found: /etc/ansible/hosts
>
>
>  [WARNING]: provided hosts list is empty, only localhost is available
>
>
>
> PLAY [localhost]
> 
>
>
> TASK [debug]
> 
>
> ok: [localhost] => (item=two) => {
>
> "item": "two",
>
> "two": "VARIABLE IS NOT DEFINED!"
>
> }
>
> ok: [localhost] => (item=one) => {
>
> "item": "one",
>
> "one": "VARIABLE IS NOT DEFINED!"
>
> }
>
>
> TASK [debug]
> 
>
> ok: [localhost] => {
>
> "packages1.one.version": "one-ish"
>
> }
>
>
> TASK [debug]
> 
>
> ok: [localhost] => {
>
> "packages1": {
>
> "one": {
>
> "version": "one-ish"
>
> },
>
> "two": {
>
> "version": "two-ish"
>
> }
>
> }
>
> }
>
>
> PLAY RECAP
> **
>
>
> localhost  : ok=3changed=0unreachable=0
> failed=0
>
>
>
>
> Why can't the "with_items" loop pickup list elements and it's values??
> What am I missing here?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ad5dca6e-26e0-458c-adac-1b7c08f2649e%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVbmLW28v%3D4w7skv_PSRZc%3DmYpNCuDajEKG%3DaoMUs5TFg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Install and use Ansible with a non-root account

[Pshem Kowalczyk]

You can use ansible on a controller without root privileges. Level of
privileges on the remote host you mange depends on what you're trying to
achieve. In most cases you'll need root access, since you're making
system-wide changes.

kind regards
Pshem


On Thu, 24 Aug 2017 at 08:59 Joaquin Tejada  wrote:

> Hello everyone.  I need a little help.  I've been looking for a document
> that states or indicates what type of user access is required to install
> and use Ansible.  Can anyone point me to that direction?
>
> Bottom line, I wanted to know if there's a way to install and use Ansible
> with a non-root account on a RHEL7 server.  Thank you in advance for your
> help.
>
> Regards,
> Joaquin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5130222a-8249-44f6-9107-fabeac3e8e42%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWehN%2BFmT%3Dip3bqPcmgtZDZp%2BtkAfK5EyA8aLH7nxUaag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Plugins and roles

[Pshem Kowalczyk]

Hi,

I don't think there's an easy way of passing an array, the params is just a
string that gets parsed in the plugin. I ended up writing my own modules
(instead of plugins) for functions that required multiple parameters (or
dict/list parameters).

kind regards
Pshem


On Wed, 23 Aug 2017 at 11:02 Stiv Ostenberg  wrote:

> Thanks for your help, Kai.  Couldn't have done it alone.  I am now able
>> run the plugin using:
>>
>
>  - set_fact: contents2="{{ lookup('prospectors', 'Base.yaml' ) }}"
>
> Question: What would be the correct syntax to send an array of files to
>> load?  Plugin code appears to loop through (for term in terms) the
>> arguments, but not sure how to send both Base.yaml and Base2.yaml.  Curly
>> brackets, quotes, square brackets, commas, ... Too many options.
>>
>
> The value passed into the plugin for "terms" with the single value syntax
> above is* [u'Base.yaml']*
>
>
>
>>
>> >   Then I changed the name of my alleged lookup plugin to
>> "prospectors.py"
>> > and changed the name of the call to {{ lookup('prospectors',
>> > 'vars/prospectors/Base.yaml') }}.  It fails.  That means either my
>> plugin
>> > is in the wrong place (and since it is in a role that I need to be
>> portable
>> > it should be in the role hierarchy) or there is some reference to the
>> name
>> > in the code that I missed.  The documentation doesnt say anything about
>> the
>> > relationship between the name of the lookup plugin, and how it is
>> called in
>> > the playbook.  Since "file" is a built-in,  the example is not really
>> valid.
>>
>> The name of the file is the name of the plugin.
>>
>> In your case it should be roles/filebeat/lookup_plugins/prospectors.py
>> and since the plugin is in a role you need to apply the role for the
>> plugin to be available.
>>
>>
>> --
>> Kai Stian Olstad
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d085c0d4-287f-41f9-9435-b39bc3a4d80f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXvX3fr%3Dj09%3D2baX7atZLZbUVj_D5TZKvVb%2B%2B%2BggSwVWw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ec2_lc - launch configuration user data - uploads to aws OK but disappears!!

[Pshem Kowalczyk]

Hi,

The user_data must be the actual script you want to run, so it shouldn't
have any additional formatting and should start with #!/bin/bash.

Something like this should work:

 user_data: |
#!/bin/bash
source /home/centos/startup.sh

kind regards
Pshem


On Thu, 17 Aug 2017 at 00:23 Rohit Maheshwari 
wrote:

> Hi Stephen,
>
> Can you please help me with the below script for the user data?
>
> I just wanted user data to run "source /home/centos/startup.sh" when the
> server starts.
>
> I had used this
>
>  user_data:
>{
> #!/bin/bash
> source /home/centos/startup.sh
>}
>
> but it didn't work.
> Can you please help me with this?
>
> Thanks,
> Rohit
>
> On Monday, March 16, 2015 at 9:57:08 AM UTC, Stephen Tan wrote:
>>
>> Hi all
>>
>> Got a weird issue where I'm trying upload a bash script as user-data -
>> via the launch config module.
>>
>> Any help regarding this is appreciated - even if it's a method of
>> debugging this - there are no errors which is why I'm confused.
>>
>> I'm sucking in the user-data as a file which seems fine as ansible
>> reports no errors.
>>
>> However, the instance launched doesn't show any user-data as registered
>> and the launch config web console does not tell me anything about my file.
>>
>> The output from ansible is below:
>>
>> TASK: [lc | Launch Configs]
>> ***
>> ok: [localhost] => (item={'instance_type': u't2.small',
>> 'lc_security_groups': u'sg-b1423ad4', 'image_id': u'ami-edfd6e9a',
>> 'lc_name': 'OpenVPNAS', 'assign_public_ip': True, 'user_data':
>> u'#!/bin/bash\n\n# Setup the ansible repo\napt-get install
>> software-properties-common\napt-add-repository ppa:ansible/ansible\n#
>> Refresh apt\napt-get update\n# Install ansible\napt-get install ansible\n#
>> Setup env vars\necho "localhost" > ~/ansible_hosts\nexport
>> ANSIBLE_HOSTS=~/ansible_hosts\n# Setup ssh for git pull\nmkdir
>> /root/.ssh\n\nSSH_PRIV="-BEGIN RSA PRIVATE
>> KEY-\nMIIEpAIBAAKCAQEAyb2wJh.SSH-KEY-REMOVED-BY-STPHEN..RuzLaDA==\n-END
>> RSA PRIVATE KEY-"\nKNOWN_HOSTS=\'github.com,192.30.252.128 ssh-rsa
>> B3NzaC1yc2EBIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\'\n\necho
>> $SSH_PRIV > /root/.ssh/id_rsa\nchmod 600 /root/.ssh/id_rsa\n\necho
>> $KNOWN_HOSTS > /root/.ssh/known_hosts\nchmod 644
>> /root/.ssh/known_hosts\nchown -R root /root/.ssh\n\nansible-pull -C master
>> -U git://github.com/trainsmart/ansible.git -d /root/ansible\nexit 0'})
>>
>> When I ssh to the launched instance, there is nothing in cloud-init to
>> tell me that any user data is present:
>>
>> root@ip-172-16-0-125:/var/lib/cloud/instances/i-5b761dbd# cat
>> user-data.txt
>> root@ip-172-16-0-125:/var/lib/cloud/instances/i-5b761dbd#
>>
>> I'm wondering if I need to supply the file in some format other than
>> "normal" but the ec2_lc module documentation isn't very explicit about
>> this. From what I read, you just need to supply the file as a "normal" text
>> file, not a mime formatted blob.
>>
>> ansible version: ansible 1.8.4
>> environment: OSX Yosemite
>>
>> Any help regarding this is appreciated - even if it's a method of
>> debugging this - there are no errors which is why I'm confused.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/dcaa2a1e-4fd4-4941-8ac3-52284e98d2a6%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUBjjZ-UQn%2BnxREBa-HE7%3DqbBBGD1yFX5AHuL%2BLTCjaAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Get a list of Elastic IPs

[Pshem Kowalczyk]

Hi,

Is there a way of getting elastic IPs in AWS account? I can see that most
other AWS modules have a _fact version of itself (like ec2_vpc_net
and ec2_vpc_net_facts) but I don't see ec2_eip_facts there.

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXprNUrRuti2MpKvnH6zs-BHtPcL_dLyGjEhL3bPifd1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Possible to set default value for missing key when using with_items and when?

[Pshem Kowalczyk]

Hi,

You can always use  " | default('value') " filter  if you're not sure if a
value is there. Value can be also a list or a dictionary.
Alternatively for 'when' you can test if the value is defined:

when: item.my_var is defined and my_var  == 

kind regards
Pshem


On Mon, 14 Aug 2017 at 13:25 Ryan Fisher  wrote:

> It would be nice if there was a way to assign the key with a default
> value. That way all the objects can be passed to with_items and skipped
> by when, which will show them in the log/output.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/91d5462e-405e-42d4-8cce-8f25973b8bbc%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVQS928ZU%3DZqvPaCOJUZ3wHuR7PCj3sV%3DQby28yL4wrvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Unable to attach an EIP to a VPC Instance

[Pshem Kowalczyk]

Hi,

Try specifying "private_ip_address" of the ENI that you're allocating
elastic IP to.

kind regards
Pshem


On Fri, 4 Aug 2017 at 05:36 Stephen Nelson-Smith  wrote:

>
> I'm trying to attach an elastic IP to an instance in a VPC, but despite
> following what seem to be working examples in online documentation, I'm
> getting an error.
>
>
> To keep it as simple as possible, I have:
>
>
> - Launched an instance (using Ansible) in a public VPC subnet
>
> - Manually captured its ID
>
> - Created an elastic IP (using Ansible)
>
> - Manually captured its ID
>
>
> I've then placed these two into the following:
>
>
> - ec2_eip:
>
> in_vpc: yes
>
> aws_access_key: "{{ aws_access_key }}"
>
> aws_secret_key: "{{ aws_secret_key }}"
>
> region: "{{ aws_region }}"
>
> ip: 176.34.177.168
>
> device_id: i-017a9496dc9940cd1
>
>
> The output I get is:
>
>
> fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg":
> "EC2ResponseError: 400 Bad Request\n encoding=\"UTF-8\"?>\nInvalidParameterCombinationYou
> must specify an allocation id when mapping an address to a VPC
> instance14ea5e22-0e38-4392-90bc-48c1837f4a46"}
>
>
> I get the same behaviour when I tie the above tasks together with register
> and facts.
>
>
> Having scoured the documentation, mailing lists, online books, and other
> Google resources, I can't see that I am doing anything wrong.
>
>
> What am I missing?
>
>
> My system:
>
>
> $ lsb_release -a
>
> No LSB modules are available.
>
> Distributor ID: Ubuntu
>
> Description:Ubuntu 16.04.2 LTS
>
> Release:16.04
>
> Codename:   xenial
>
>
> $ ansible --version
>
> ansible 2.3.1.0
>
>   config file =
>
>   configured module search path = Default w/o overrides
>
>   python version = 3.5.2 (default, Nov 17 2016, 17:05:23) [GCC 5.4.0
> 20160609]
>
>
> S.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ce0ef404-3846-44ee-8f42-f56c267750c6%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXifVuRObvZPFqAmONjXwYN%2B1R2CXy5jZaOgCcE2t0Tog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] use ansible configuration h3c and huawei s series switch from china

[Pshem Kowalczyk]

Hi,

You didn't say what type of switch you're trying to access. There is a
module for the CloudEngine (CE) switches. If you have a different one you
have the following options:

1. Adapt native ansible modules for Cisco (using ssh and 'native'
configuration)
2. Create a driver module for napalm-ansible (again using ssh and native
config)

I know that in newer software versions (8.*) NETCONF is supported - you
could try netconf_config module.

kind regards
Pshem

On Fri, 28 Jul 2017 at 14:08 lei wang  wrote:

> dear all:
>   i want to use ansible configuration h3c and huawei s series
> switch but  there is no network modules
> i try Developing Modules but it not work well   someone help me .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e2f65d5b-73e4-4317-933d-2eecdbe4bbc0%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUCCNYMG%2BZYqv8w4u%2BaQgqy0mEFTJqABRnWRTGgjMB_ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Storing IP address of First node (Control Node) in variable

[Pshem Kowalczyk]

Ansible runs an implicit loop for all the devices. If you access a variable
in the 'regular' way you can only see variabels/facts set for the current
device. Variables/facts set for other devices (that the loop already ran
through) can be accessed via the 'hostvars' variable.

If you know that you want the IP of the first host in the group you might
try something like this (not tested):

- set fact:
my_IP: "{{
hostvars[hostvars[hostvars.keys()[0]]['groups']['webservers'][0]]['ansible_facts']['ansible_default_ipv4']['address]
}}"

how this (should) work:
hostvars.keys()[0] - gets you the name of the first device in the inventory
(for this play), all devices share group info
['groups']['webservers'][0] - gets you the name of the first host in that
group

so this turns in to
hostvars['10.10.10.1']['ansible_facts']['ansible_default_ipv4']['address']
which should contain the info you're after.

There are probably some simpler ways of achieving that as well.

kind regards
Pshem



On Thu, 27 Jul 2017 at 08:11 Homayoun Najafizadeh 
wrote:

> It might be a dumb question but I can't get this to work. I want to print
> IP address of my control node in all nodes.
>
> Lets say I have this in hosts:
> [webservers]
> 10.10.10.1
> 10.10.10.2
> 10.10.10.3
>
>
> When I run my "ansible-playbook -s myCode.yml" on 10.10.10.1 I want to see
> my debug line says:
>
> ok: [10.10.10.1] => var = 10.10.10.1
> ok: [10.10.10.2] => var = 10.10.10.1
> ok: [10.10.10.3] => var = 10.10.10.1
>
>
>
> I have done something like this but didn't work:
>
>- set_fact:
> myIP: "{{ ansible_all_ipv4_addresses.split[0] }}"
>  when: inventory_hostname == groups["serserver"][0]
>
> This actually prints: 10.10.10.1   10.10.10.2   10.10.10.3
>
>
>
>
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e5dd318a-ee88-4d29-a12c-12cbc1ea3810%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXxSv%2BW6W15v%3DNSEZZtRG5qvtO0qJeXty1GKKuumutzdw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ERROR! 'with_ldap' is not valid attribute for a Task

[Pshem Kowalczyk]

Since those look like plugins (and not modules) - copy the files from
filter_plugins and lookup_plugins to the directories in your setup (if you
don't have those dirs create them at the same level as your playbook).

kind regards
Pshem




On Sat, 22 Jul 2017 at 00:10 Grzegorz Sz. 
wrote:

> I try to use module from :
> https://github.com/quinot/ansible-plugin-lookup_ldap
>
> BR
> Greg
>
>
> On Friday, July 21, 2017 at 9:08:50 AM UTC+2, Grzegorz Sz. wrote:
>>
>> Hi,
>>
>> I use 'with_ldap' role from lookup_module. It seems that my playbook
>> doesn't see it. There is an error:
>>
>> ERROR! 'with_ldap' is not valid attribute for a Task
>>
>> Can anybody help me, please ?
>>
>> My task:
>>
>> - name: List group members
>>   debug:
>> msg: "group member {{ item }}"
>>   with_ldap:
>> - context: group_members
>> - ldapgroup
>>
>>
>> Thanks !
>> BR
>> Greg
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8b267da3-b0cb-4b05-b939-b5aeabce485f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXrdaGqTBYUXjNxLwkoabJUnU02bv5t3oW05e3GNk8rjg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ERROR! 'with_ldap' is not valid attribute for a Task

[Pshem Kowalczyk]

Hi,

I'm not sure which module you're referring to, but in your playbook you use
'debug' module. Also the 'with_ldap' section is not indented correctly - if
it's a parameter to a module it has to be indented more then the name of
the module you're using.

kind regards
Pshem


On Fri, 21 Jul 2017 at 19:09 Grzegorz Sz. 
wrote:

> Hi,
>
> I use 'with_ldap' role from lookup_module. It seems that my playbook
> doesn't see it. There is an error:
>
> ERROR! 'with_ldap' is not valid attribute for a Task
>
> Can anybody help me, please ?
>
> My task:
>
> - name: List group members
>   debug:
> msg: "group member {{ item }}"
>   with_ldap:
> - context: group_members
> - ldapgroup
>
>
> Thanks !
> BR
> Greg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/60f4825f-d79c-4b41-933b-f6489dbf346b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUV%2BvTGmngMMoNBu2q3_YUh2N2oz6t40v%3DJjZSPNgKjfg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Additional argument to git module?

[Pshem Kowalczyk]

You can always use shell or command module to execute git binary directly
with necessary arguments.

kind regards
Pshem


On Thu, 20 Jul 2017 at 10:18 Denise Draper  wrote:

> I need to be able to supply git clone with the additional argument
> --no-single-branches, which is not supported directly by the ansible git
> module.
> Is there an easy way to work around this?
>
>
> thanks,
> denise
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d8836849-a3c1-4087-b399-edbc059cfa23%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWoRbteEVPwEaC4oLtTZyU4GoqpeGcpLWP0PhcqWi%2B%3D1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to use set_fact to set a new host fact based on when conditionals.

[Pshem Kowalczyk]

You're most likely after inventory_hostname variable (not ansible_hostname).

kind regards
Pshem


On Thu, 6 Jul 2017 at 18:20 Alex Lien  wrote:

> Hi all,
>
>
> I am trying to set a new host fact (is_master, is_slave) based on
> comparison of a pre-assigned variable and ansible_hostname fact.
>
>
> group_vars/
>
> master_hostname: host1
>
> slave_hostname: host2
>
>
>
> Tasks
>
> - name: Set master host fact
>
>   set_fact:
>
>  is_master: yes
>
>   when: master_hostname == ansible_hostname
>
>
> - name: Set slave host fact
>
>   set_fact:
>
>  is_slave: yes
>
>   when: slave_hostname == ansible_hostname
>
>
> - name: copy master configuration file
>
>   template:
>
>  src: master.j2
>
>  dest: /etc/master.conf
>
>   when: is_master == True
>
>
> - name: copy slave configuration file
>
>   template:
>
>  src: slave.j2
>
> dest: /etc/slave.conf
>
>   when: is_slave == True
>
>
> TASK [Gathering Facts]
> *
>
> ok: [host1]
>
> ok: [host2]
>
>
> TASK [Set is_master variable] ***
>
> ok: [host1]
>
> skipping: [host1]
>
>
> TASK [Set is_slave variable] 
>
> skipping: [host2]
>
> ok: [host2]
>
>
> The goal I am trying to reach is to run certain tasks depending whether
> the host is master or slave. But these set_fact tasks always get skipped
> even though condition should be true. Really appreciate your help in
> pointing out what I am doing wrong.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b4039197-4934-4bc4-94ef-40996b6fde06%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW7RFf0xUjL0%2BcwQqTgYDOWM3V4%3D0zdX8qOsxxYe%3D-GLQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: How to reformat a yaml dictionary?

[Pshem Kowalczyk]

Hi,

If you feel up to it - write a filter plugin. They're quite easy to create.
Have a look here for an example:
http://www.dasblinkenlichten.com/creating-ansible-filter-plugins/
I use them when I have limited control over the data structure I have to
deal with. Even if data manipulation can be done in 'pure' Ansible it ends
up being quite convoluted (and usually spread across multiple files, since
'include' is the only way to have loop inside a loop whilst retaining full
control over the data).

kind regards
Pshem


On Mon, 3 Jul 2017 at 19:34 'J Hawkesworth' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Thank you for this.  It might well be easier for me to reformat the source
> variable.
>
> The thing I want to avoid most of all is having to maintain two separate
> variables so the ability to transform from one to another at playbook
> runtime is the thing I need the most.
>
> Jon
>
>
> On Sunday, July 2, 2017 at 7:03:32 PM UTC+1, Daniel JD wrote:
>>
>> I couldnt get it to work with you variable. It is just bad formatted.
>>
>> If you could format it like this it would be easy:
>>
>>  components_by_group:
>>- name: web
>>  components:
>>- frontend_app
>>- admin_app
>>- name: database
>>  components:
>>- db_tools
>>- flyway
>>
>>tasks:
>>  - name: Change the format of the Group
>>set_fact:
>>  group_by_components: "{{ group_by_components | default(dict()) |
>> combine({ item.1 : item.0.name }) }}"
>>with_subelements:
>>  - "{{ components_by_group }}"
>>  - components
>>
>> Outputs:
>>
>> ok: [localhost] => {
>> "group_by_components": {
>> "admin_app": "web",
>> "db_tools": "database",
>> "flyway": "database",
>> "frontend_app": "web"
>> }
>> }
>>
>>
>> Am Mittwoch, 28. Juni 2017 17:17:41 UTC+2 schrieb J Hawkesworth:
>>>
>>> Hello,
>>>
>>> So I have a var dictionary which stores component groups and components
>>>
>>> components_by_group:
>>>web:
>>>- frontend_app
>>>- admin_app
>>>database:
>>>- db_tools
>>>- flyway
>>>
>>> I'd like to invert this so that I can use the component to lookup the
>>> group
>>>
>>> group_by_component:
>>>frontend_app: web
>>>admin_app: web
>>>db_tools: database
>>>flyway: database
>>>
>>>
>>> I can make a list of the groups easily enough...
>>>
>>>  - name: make a list of the groups
>>>set_fact:
>>>   component_groups: "{{ component_groups|default([]) + [
>>> item.key ] }}"
>>>with_dict: "{{ components_by_group }}"
>>>
>>>
>>> How can I make a dict that looks like group_by_component above?
>>>
>>> Many thanks,
>>>
>>> Jon
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/87f66af2-d2f2-436b-b797-3bc8e0307cd7%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRX5jDsnquH53YUMXwD6U6QT4WX-geGZm5KiQ2zrvFMVOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Passing to make additional nonvalue parameter (like make -e target) on module level

[Pshem Kowalczyk]

Probably the easiest way is to run it via 'shell' command.

kind regards
Pshem


On Wed, 28 Jun 2017 at 20:49 Kuba Nowak  wrote:

> So I have working Makefile and want to run it via Ansible.
> https://docs.ansible.com/ansible/make_module.html#options
>
> But make module does not seem to support flags, just key-values, any idea
> how to make this work other way than command: make -e target?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7cef2ffd-b910-4438-8824-a5cefa15a700%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVCFBu_LiVtugb%3DK4p3seRmZi4j%2BUOqK5fS7OwZ6DSLog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to add an LXD container on another machine and copy Ansible's public keys to the container?

[Pshem Kowalczyk]

Hi,

Depending on the distro you run in the container you might be able to use
cloud-init for it. This is what I do with ubuntu inside the container:

#Create a profile

- name: create a bootstrap profile
  lxd_profile:
name: bootstrap
description: "used for bootstrapping of containers"
state: present
config: { "user.user-data": "#cloud-config\nssh_authorized_keys:\n  -
ssh-rsa X== root@ponga\npackages:\n  - openssh-server"}
devices:
  eth0:
   name: eth0
   nictype: bridged
   parent: vlan2
   type: nic


And then I spin up the container using that profile:

- name: create containers
  register: lxds
  lxd_container:
name: "{{ item }}"
state: started
source:
  type: image
  properties:
os: "ubuntu"
release: "xenial"
architecture: "amd64"
profiles: ["bootstrap"]
timeout: 600
wait_for_ipv4_addresses: true
  with_items: "{{ hosts[inventory_hostname] }}"

Once I have the IP  I added to local inventory:

- name: update local inventory
  delegate_to: 127.0.0.1
  connection: local
  become: false
  copy: content="[{{ item.item }}]\n{{ item.addresses.eth0[0] }} type=lxc"
dest="./inventory/dyn-{{ item.item }}"
  with_items: "{{ lxds.results }}"

- meta: refresh_inventory
- pause: seconds=60

This gives me a running container with running ssh (and an entry in the
inventory).

kind regards
Pshem




On Tue, 27 Jun 2017 at 14:17 Greg K  wrote:

> I am looking to use Ansible running on one machine to create a container
> on another machine and exchange ssh keys with it.
>
> I am new to Ansible and have been trying different things based off a
> playbook I found on github
> 
> :
>
> ---
>
> - name: Ensure lxd is started
>   service:
> name: lxd
> state: started
>
> - name: Setup SSH for LXD
>   blockinfile:
> marker: "# {mark} ANSIBLE BOOT LXD MANAGED BLOCK"
> dest: '{{ ssh_home }}/config'
> block: |
>   Host *.lxd
>   # No need for security for disposable test containers
>   UserKnownHostsFile /dev/null
>   StrictHostKeyChecking no
>   User root
>
> - name: Start lxd container
>   lxd_container:
> name: '{{ item.split(".")[0] }}'
> state: started
> source:
>   type: image
>   mode: pull
>   server: https://images.linuxcontainers.org
>   protocol: lxd
>   alias: '{{ hostvars[item].get("lxd_alias", "ubuntu/xenial/amd64") }}'
> profiles: ['default']
> wait_for_ipv4_addresses: true
>   when: item.split('.')[-1] == 'lxd'
>   with_items: '{{ groups["all"] }}'
>
> - name: Add lxd host with lxd connection to setup python & ssh
>   add_host:
> name: 'novafloss.boot-lxd-{{ item.split(".")[0] }}'
> ansible_ssh_host: '{{ item.split(".")[0] }}'
> ansible_connection: lxd
> group: 'novafloss.boot-lxd'
>   when: item.endswith('.lxd')
>   with_items: '{{ groups["all"] }}'
>
> - name: Wait for containers to be connected
>   shell: lxc exec {{ item.replace('.lxd', '') }} -- getent hosts google.com
>   when: item.endswith('lxd')
>   with_items: '{{ groups["all"] }}'
>   retries: 30
>   delay: 1
>
> - name: Refresh packages
>   raw: if hash apt-get; then apt-get update; elif hash apk; then apk update; 
> fi
>   become: no
>   delegate_to: '{{ item }}'
>   with_items: '{{ groups.get("novafloss.boot-lxd", []) }}'
>   retries: 70
>
> - name: Install sshd
>   raw: if ! hash sshd; then if hash apt-get; then apt-get install -y 
> openssh-server; elif hash apk; then apk add openssh; fi; fi
>   become: no
>   delegate_to: '{{ item }}'
>   with_items: '{{ groups.get("novafloss.boot-lxd", []) }}'
>   retries: 70
>
> - name: Install python in container
>   raw: if ! hash python2; then if hash apt-get; then apt-get install -y 
> python; elif hash apk; then apk add python; fi; fi
>   become: no
>   delegate_to: '{{ item }}'
>   with_items: '{{ groups.get("novafloss.boot-lxd", []) }}'
>   retries: 70
>
> - name: Gather facts
>   setup:
>   become: no
>   delegate_to: '{{ item }}'
>   with_items: '{{ groups.get("novafloss.boot-lxd", []) }}'
>   register: setup
>
> - name: Start and enable sshd
>   service:
> name: sshd
> state: started
> enabled: yes
>   become: no
>   delegate_to: '{{ item }}'
>   with_items: '{{ groups.get("novafloss.boot-lxd", []) }}'
>   register: sshd
>   ignore_errors: yes
>
> - debug: var=item
>   with_items: '{{ sshd.results }}'
>
> - name: Start and enable OpenSSH (for when the above failed)
>   service:
> name: ssh
> state: started
> enabled: yes
>   become: no
>   delegate_to: '{{ item["item"] }}'
>   with_items: '{{ sshd.results }}'
>   register: openssh
>   when: "{{ item|failed }}"
>   ignore_errors: yes
>   failed_when: "item|failed and openssh|failed"
>
> - name: Add your ssh key to the container
>   authorized_key:
> key: '{{ lookup("file", ssh_public_key ) }}'
> path: /

Re: [ansible-project] Anyone have experiences with using lots of groups and group_vars files?

[Pshem Kowalczyk]

On Thu, 22 Jun 2017 at 09:30 William Saxton  wrote:

> New user here trying to figure out the best way to convert our current
> server provisioning system to Ansible.  Our system uses approx. 5 different
> attributes to provision each server and we have about 1,000 servers.  I'm
> wondering whether we could get by by using Ansible's built-in mechanism for
> support "groups" and variables in "group_vars".  That would certainly be
> the easiest way...just not sure it would scale well at all.
>
> I'm estimating about 100 different "groups" based on all combinations of
> these attributes.  For example, assuming we have about 40 different groups
> corresponding to playbooks (webserver, dbserver, appclient), 40 different
> "projects" (managing root passwords and access), 8 different "locations"
> (managing things like ntp server settings).
>
> Is anyone out there doing something like this?  My worries are:
>
> - Scalability.  Can Ansible handle this?  What about 10k servers?  The
> inventory script will contain roughly 100 different groups, totaling about
> 5,000 server entries (1k servers * 5 groups)
> - Maintainability.  The group_vars directory will probably contain 100+
> files.  The all.yaml file itself will probably be hundreds of lines long.
> - Managing group conflict.  What happens when someone puts the
> "ntp_server" setting, which is supposed to be in a site-specific yaml file,
> is put inside one of the project-specific yaml files?   According to the
> documentation, the last file alphabetically gets precedence.  That's really
> not acceptable, but I don't know another way to do it.
>
> Summary: looking for people with real-world Ansible experience who may be
> dealing with a similar setup.
>
>
>
Not exactly this scale (yet), but we found that using include_vars with
dynamically resolved file names (based on groups/properties of hosts) works
well inside roles.

Each role pulls in vars from multiple files based on things like
inventory_name  and group_names. Some roles load a 'config' file and then
load more vars based on what was in that config.

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRUn%3Dvm0kVmnKDKRm6zFHphL%3DSnYjPqccnqrpfcjAPUaCw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Verification of changes

[Pshem Kowalczyk]

Hi,

I'm looking at a project where changes have to be rolled out to a number of
hosts, tested and if something is wrong -  the previous configuration is
restored. The trick is that testing can only happen after the change has
been rolled out to all machines (as they provide a single service). I'm
trying to get this into a single playbook, but I'm not sure how to approach
this. The testing has to be done from another machine, and if it fails -
all the affected machines must be changed, so the flow of changes looks
like this:

- change:
  machine A
  machine B
  machine C
- run tests using machine D (a few different tests)
- finish if all good
- if failed roll back
  machine A
  machine B
  machine C
- run tests using machine D (to confirm rollback worked)

Any suggestions on the approach here? A single playbook with multiple plays
in it?

Thx,

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRX-XLcBO7Rv_mJL1GKg0ArjaRGMkuFbEpV2yjWdztbvFQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Analysing large XML objects

[Pshem Kowalczyk]

Hi,

Thank you for your responses.

For now I've settled on these two plugins:
https://gist.github.com/danieldbower/7b34c45ad5e39576e2e5 a lookup one and
another filter one to turn xml to json that can be further parsed.

So for example to get the config of ge-0/0/0 i can use now this:

 - name: load file
   set_fact:
 rconfig: "{{ lookup('xmlfile', 'file=/tmp/config.xml
xpath=./interfaces') | xml2json  }}"

 - name: show interface
   debug: var=item
   with_items: "{{ rconfig | json_query(query_path) }}"
   vars:
 query_path: "interfaces.interface[?name=='ge-0/0/0']"

kind regards
Pshem


On Wed, 31 May 2017 at 00:35 Daniel JD  wrote:

> Theres no build-in module as far as i know, but this project looks
> promising:
>
> https://github.com/cmprescott/ansible-xml
>
>
> Am Dienstag, 30. Mai 2017 01:42:13 UTC+2 schrieb Pshem Kowalczyk:
>>
>> Hi,
>>
>> I have to analyse relatively large XML objects (Juniper configs). I'd
>> like to check for presence of certain trees, values and attributes. I could
>> write a lookup plugin but that feels like a relatively complicated way to
>> solve a simple problem. Even just loading it as a var would make it easier,
>> but I don't think there is a "clean" ansible way of doing it. How one deals
>> with XML in ansible?
>>
>> kind regards
>> Pshem
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a8aadb8a-5adf-4079-8a47-0477ff3782d3%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/a8aadb8a-5adf-4079-8a47-0477ff3782d3%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXC7D_HtHrgDV%2BErsr5T_zkkmkRnSqtfa-5P5quEqX8zA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Analysing large XML objects

[Pshem Kowalczyk]

Hi,

I have to analyse relatively large XML objects (Juniper configs). I'd like
to check for presence of certain trees, values and attributes. I could
write a lookup plugin but that feels like a relatively complicated way to
solve a simple problem. Even just loading it as a var would make it easier,
but I don't think there is a "clean" ansible way of doing it. How one deals
with XML in ansible?

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRXcnauZMFf368DH1hoNERO3-RRFesNNZVjCG4%3DtRSSPJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] setting variables inside a loop

[Pshem Kowalczyk]

Turns out it's actually a bug in 'include_role' - a bunch of tickets have
been opened about this. The general issue is that various types of
variables are not visible inside the 'include_role' scope. (see here:
https://github.com/ansible/ansible/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20include_role%20vars
 )

For now I've replaced the 'include_role' with 'include' and a bunch of
hacks to get the paths right.

kind regards
Pshem


On Fri, 12 May 2017 at 14:52 Brian Coca  wrote:

> you want:
>
> loop_control:
>loop_var: resource
>
>
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7cH76oU%3DhcTDc%3DV3ZOqDfw_deKRmTp6D6_NEe17Nk2sYA%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW3S%3DibrxwqkZOi64mheSAOi5xdBO9ahqDRYKWHh1OPeg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] setting variables inside a loop

[Pshem Kowalczyk]

Hi,

I think I'm missing something obvious, so please point me in the right
direction (ansible 2.3).

- name: load and run services
  include_role:
name: "resource_{{ item.resource }}"
  vars:
resource: "{{ item }}"
  with_items:
- "{{ services }}"


How do I set the var ('resource') to something dependent on my item?
Whatever syntax I try I always end up with a literal and not the value. Is
setting variables using loop values not supported?

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWsOg3h%2BU2J6sT5xf_-PhvEbUKk0oY7zpCagcTmKnr56g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Loading vars into a dictionary

[Pshem Kowalczyk]

After a bit of trying I came up with this solution - perhaps not the
cleanest but does the job:

- name: load services definitions for the product
  include_vars:
file: "../model/service/{{ item }}.yaml"
name: "service_data_{{ item }}"
  with_items: "{{ product_data.services }}"

- name: repack services definitions
  set_fact: "services={{ services | default([]) + [
hostvars[inventory_hostname]['service_data_' + item] ] }}"
  with_items: "{{ product_data.services }}"

This builds an array of dictionaries that can be iterated over.

kind regards
Pshem


On Thu, 4 May 2017 at 14:03 Pshem Kowalczyk  wrote:

> Hi,
>
> I'd like to load variables from a file into a dictionary, so I can later
> iterate over that dictionary.
>
> I've managed to load vars into their own dictionaries based on their name:
>
> - name: load services definitions for the product
>   include_vars:
> file: "../model/service/{{ item }}.yaml"
> name: "service_data_{{ item }}"
>   with_items: "{{ product_data.services }}"
>
> I've tried various syntax with the 'name' parameter, but I always end up
> with it being treated as a string.
>
> This ends up looking like this:
> "service_data_access_interface": {
> "resources": [
> "interface"
> ],
> "service_name": "access_interface",
> "service_vars": [
> {
> "mandatory": true,
> "name": "description",
> "type": "string"
> }
> ]
> },
> "service_data_l2vpn": {
> "resources": [
> "routing_instance"
> ],
> "service_name": "l2vpn",
> "service_vars": [
> {
> "mandatory": true,
> "name": "description",
> "type": "string"
> }
> ]
> },
>
> Which makes it very difficult to iterate over. Id like to iterate of this
> to get to the inner level of 'service_vars', names like 'l2vpn' or
> 'access_interface' come from another dictionary (that's loaded earlier)
>
> Any idea how to either import into into a dictionary (so i could use
> subelements) or iterate over the 'service_vars' (knowing part of the string
> used to create the key)?
>
> kind regards
> Pshem
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVN94YC2fyn9hgN5Sd3UrAs48D0tyH1cAvxCCt9Bn6Q9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Loading vars into a dictionary

[Pshem Kowalczyk]

Hi,

I'd like to load variables from a file into a dictionary, so I can later
iterate over that dictionary.

I've managed to load vars into their own dictionaries based on their name:

- name: load services definitions for the product
  include_vars:
file: "../model/service/{{ item }}.yaml"
name: "service_data_{{ item }}"
  with_items: "{{ product_data.services }}"

I've tried various syntax with the 'name' parameter, but I always end up
with it being treated as a string.

This ends up looking like this:
"service_data_access_interface": {
"resources": [
"interface"
],
"service_name": "access_interface",
"service_vars": [
{
"mandatory": true,
"name": "description",
"type": "string"
}
]
},
"service_data_l2vpn": {
"resources": [
"routing_instance"
],
"service_name": "l2vpn",
"service_vars": [
{
"mandatory": true,
"name": "description",
"type": "string"
}
]
},

Which makes it very difficult to iterate over. Id like to iterate of this
to get to the inner level of 'service_vars', names like 'l2vpn' or
'access_interface' come from another dictionary (that's loaded earlier)

Any idea how to either import into into a dictionary (so i could use
subelements) or iterate over the 'service_vars' (knowing part of the string
used to create the key)?

kind regards
Pshem

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRVtd-m92tGv%3DS%3DYyXP76VEwovRgu8txiob2_JEh369Mow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Proxy for Cloning Git Repo

[Pshem Kowalczyk]

Hi,

Have you tried setting the environmental variable HTTP_PROXY to the point
to your internal proxy server?

http://docs.ansible.com/ansible/playbooks_environment.html

kind regards
Pshem




On Thu, 16 Mar 2017 at 23:17 Taseer Ahmed  wrote:

> Hi all,
>
> I wanted to know if there is any way to pull git repos via a proxy when
> using Ansible. My setup does not have direct connection to the internet.
>
> Any help would be greatly appreciated.
>
> Thank you
>
> Best Regards,
> Taseer Ahmed
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/163ecacb-5ce5-4f57-84e7-686149691fdd%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWO12TLvimJ%2BZe2Bx2sAyC%3DXPPm1BiobfzGsX6vd6%3DaCA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Apply Task for one Host

[Pshem Kowalczyk]

If the requirements per host are different you can do it two ways:

1. Create a role per host
2. Split your current roles into 'generic' that are applicable to all hosts
and 'specific' that only apply to given hosts

It's probably easier to have a playbook per host then trying to coerce a
single playbook and and a single role to do multiple things.

kind regards
Pshem


On Tue, 14 Mar 2017 at 23:11 Dennis Klein  wrote:

> Having one file with tasks for all hosts is worse than having one file for
> each host, but i already have a host_vars file for every host.
>
> Why do i need a different file to configure a host in another directory?
>
> That makes ansible pretty hard for other contributors to understand, if
> one host get's it's tasks and configuration from different files.
>
> Puppet has just one file for each host where every configuration is in!
>
> Jenkins was just an example, this is a general problem of the design of
> Ansible.
>
> Is there any solution for this or is Ansible just not usable if you
> need individual settings for hosts outside of the scope of your roles?
>
>
> Am Donnerstag, 2. März 2017 18:02:02 UTC+1 schrieb Kai Stian Olstad:
>
> On 02. mars 2017 11:27, Dennis Klein wrote:
> > Hello,
> >
> > i'm not sure if i understand the Ansible structure correctly and if
> Ansible
> > is the best solution for us.
> >
> > Our scenario: We are a webhosting company with about 200 VMs (and
> counting) with
> > mostly individual websites.
> > We also have 4 server farms where multiple VMs serve one website. (3x
> > Webserver, 2x Varnish, 2x DB, etc)
> >
> > We have started to use Ansible and are now at a point where the best
> > practices from the docs are not usable.
> >
> > An example for the problem: We have a Jenkins-Server in evey server
> farm.
> > So we use a Jenkins Role to install it.
> > But every instance needs different packages installed for Jenkins to
> build
> > the software on it.
> > So the Task for Ansible to do is to install one package on one Host.
> >
> > I simply can do that in Puppet or Saltstack, but in Ansible i can't
> apply a
> > task to a Host as i know.
> > How am i supposed to organize this situation?
> >
> > I think it is not meant to have a role that is only used once or a
> playbook
> > for every host.
>
> - name: Install a package on one host
>package:
>  name: 
>when: inventory_hostname == 'host.example.com'
>
> A better way might be to set a variable in host_vars/host.example.com.yml
> ---
> packages_to_install_on_jenkins:
>- 
>- 
>
>
> The in the role you could do this.
>
> - name: Install some packages needed for Jenkins build
>package:
>  name: "{{ item }}"
>with_items: "{{ packages_to_install_on_jenkins }}"
>
> I hope this gives you an idea of how you can solve it in Ansible.
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e7065861-3679-407b-ad61-94f0eb04d0f2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRULJdZogjwWP4kCiq1%2BgnZva4S1CZkGUGQMyhrOjZQtrg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] reboot with ignore_errors still errors out

[Pshem Kowalczyk]

Hi,

Perhaps not directly answering your question - but a workaround I used in a
number of playbooks (added to the tasks that times out, in your case the
one that unsets the noout):

- name: Unset the noout flag
command: ceph osd unset noout
register: result
  until: result.failed is undefined
  retries: 10
  delay: 10

to overcome the issues with premature failure due to timeouts.

you might also find
- pause: seconds=60

useful if you know it takes some time for the machine to come back.

kind regards
Pshem




On Sun, 19 Feb 2017 at 16:56 pixel fairy  wrote:

> trying to reboot with ignore_errors: true still errors out.  control
> machine and all ceph nodes run ubuntu 16.04. ansible 2.2.1.0 installed with
> pip
>
> ---
>
> - hosts: osds
>   serial: 1
>
>   tasks:
>
>   - name: Set the noout flag
> command: ceph osd set noout
>
>
>   - name: Reboot the server
> command: shutdown -r now "Ansible updates triggered"
> async: 0
> poll: 0
> ignore_errors: true
>
>
>   - name: Wait for the server to come up
> local_action: wait_for host={{ ansible_host }} state=started delay=10
> timeout=3600
> become: false
>
>
>   - name: Unset the noout flag
> command: ceph osd unset noout
>
>
> when running,
>
> < PLAY [osds] >
>  -
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
>  __
> < TASK [setup] >
>  --
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
> ok: [ceph1]
>  ___
> < TASK [Set the noout flag] >
>  ---
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
> changed: [ceph1]
>  __
> < TASK [Reboot the server] >
>  --
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
> fatal: [ceph1]: UNREACHABLE! => {"changed": false, "msg": "Failed to
> connect to the host via ssh: Shared connection to 10.1.10.31 closed.\r\n",
> "unreachable": true}
>  to retry, use: --limit
> @/home/user/victims/wdc/ansible/cluster/ceph-rollingboot.retry
>  
> < PLAY RECAP >
>  
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
> ceph1  : ok=2changed=1unreachable=1
>  failed=0
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bf7dde53-f0e1-4ad9-a273-16e91dd4fc75%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRU-5_RfETg5BinS5hSkikgVaAvvjK_yBE%2BNy5Wi1tLouQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] remote access to lxc containers on lxc-host without ssh inside the containers

[Pshem Kowalczyk]

One could argue that if you run lxc/lxd you're after system-like
functionality (and not docker-style containers) hence you treat it the same
way you'd treat a VM.

One easy way of installing ssh inside a container is to use images with
cloud-init.

kind regards
Pshem


On Thu, 26 Jan 2017 at 06:14 'Hadmut Danisch' via Ansible Project <
ansible-project@googlegroups.com> wrote:

>
>
> Am Mittwoch, 25. Januar 2017 17:56:22 UTC+1 schrieb Mario Keller:
>
> Running a bunch of sshd on a single host in every container just for
> automation is the opposite to the lightweight idea of ansible.
>
>
>
>
> It is, furthermore, illogical and causes a chicken-egg-problem:
>
> How would one install an sshd with ansible, if ansible requires an sshd to
> be present?
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/412b1002-811a-4acf-a0fc-6c1d9776efa4%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRW%3DjmcPLhuUS5nQ1Oqz%2BS_V%2B0MmqYBrPDdc_jGbZFYS1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] remote access to lxc containers on lxc-host without ssh inside the containers

[Pshem Kowalczyk]

Is there any particular reason you don't want have ssh inside the container
at least initially? You can always disable it after you're done with
initial configuration.

kind regards
Pshem


On Wed, 25 Jan 2017 at 12:31 'Mario Keller' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Hello,
>
> I'm trying to configure lxc containers via ansible running on a remote
> host. I have ssh access to the remote host, but inside the containers there
> are no ssh services running. There is a lxc connection plugin that handle
> access to the containers via lxc-attach but it seems that this works only
> on the lxc-host.
>
> There is also third party plugin (
> https://github.com/chifflier/ansible-lxc-ssh) that should to this via an
> ssh connection, but it does not work (was written for ansible 2.0 with last
> update over 11 months ago) and also need direct root access to the remote
> machine (no sudo after ssh connect). So this is also no option.
>
> Is there a way for the built in lxc connector to be used remote?
>
> I could manage the config for all containers in a git repo and use ansible
> in my local machine to trigger "git pull" and "ansible-playbook runs" on
> the remote lxc-host to configure the containers, but it would be nice if
> there's a simpler way to do this.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8a172e53-babd-42e0-94c9-97672eaa69e4%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEaZiRWQH4wqVdtxsMiBGKTkSvU1vgPbz-pVh9HYY8fGWTTXgw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Design ideas ansible provision with docker compose

[Pshem Kowalczyk]

Hi,

LXC containers that I use have cloud-init build in, so that the main way of
configuring them.

All example below use LXD as the 'hypervisor'. I spin up a container with
one basic profile ('bootstrap') (bound to a network that has full internet
access), configure the container (i.e. apply all my roles) and then
reconfigure it to the target profile (which usually means different
network/IP) and restart.

Tasks to create a container profile:
- name: create a service profile
  lxd_profile:
name: service
description: "used for services containers"
state: present
devices:
  eth0:
   name: eth0
   nictype: bridged
   parent: vlan3
   type: nic

- name: create a bootstrap profile
  lxd_profile:
name: bootstrap
description: "used for bootstrapping of containers"
state: present
config: { "user.user-data": "#cloud-config\nssh_authorized_keys:\n  -
ssh-rsa B3x\npackages:\n  - openssh-server"}
devices:
  eth0:
   name: eth0
   nictype: bridged
   parent: vlan2
   type: nic

Playbook to spin up a container  and configure it. I pass the final role as
a parameter. "gather facts" is off since the container images don't have
python by default and I install it manually using role "common".

- name: create container
  hosts: "{{ lxdhost | default(t1) }}"
  connection: ssh
  user: pshemk
  become: true
  tasks:
  - name: build container
register: result
lxd_container:
  name: "{{ lxcname }}"
  state: started
  source:
type: image
properties:
  os: "ubuntu"
  release: "xenial"
  architecture: "amd64"
  profiles: ["bootstrap"]
  timeout: 600
  wait_for_ipv4_addresses: true

  - name: update local inventory
delegate_to: 127.0.0.1
connection: local
become: false
copy: content="[{{ lxcname }}]\n{{ result.addresses.eth0[0] }}
type=lxc" dest="./inventory/dyn-{{ lxcname }}"

  - meta: refresh_inventory
  - pause: seconds=60

- name: setup container
  hosts: "{{ lxcname }}"
  connection: ssh
  user: ubuntu
  become: true
  gather_facts: false
  roles:
- common
- resolver
- "{{ lxcrole }}"

- name: restart container
  hosts: "{{ lxdhost }}"
  connection: ssh
  user: pshemk
  become: true
  tasks:
   - name: reasign profile
 register: result
 lxd_container:
   name: "{{ lxcname | default(totara) }}"
   state: restarted
   profiles: ["{{
hostvars[inventory_hostname]['hosts'][lxcname]['profile'] }}"]
   timeout: 600
   wait_for_ipv4_addresses: true

   - name: update local inventory
 delegate_to: 127.0.0.1
 connection: local
 become: false
 copy: content="[{{ lxcname }}]\n{{ result.addresses.eth0[0] }}
type=lxc" dest="./inventory/dyn-{{ lxcname }}"


kind regards
Pshem



On Tue, 24 Jan 2017 at 05:27 Sonny Heer  wrote:

> do you have examples of using lxd/lxc in this use case?   initial start -
> provision - subsequent starts have provisioning
>
>
> On Monday, January 23, 2017 at 7:23:27 AM UTC-8, Pshem Kowalczyk wrote:
>
> Hi,
>
> If you want to run containers, but not necessarily docker - have a look at
> lxd/lxc. I currently use it exactly the way you mentioned - reusing roles
> and configs and simply pointing to different environments.
>
> kind regards
> Pshem
>
>
> On Mon, 23 Jan 2017 at 14:24 Sonny Heer  wrote:
>
> Thanks for that info.  I do see what you mean.  I'd like to reuse existing
> ansible roles if possible.  Assuming I'm only doing basic things like
> setting up a yum repo and installing packages on groups of nodes.  Here is
> the lifecycle of what I'm thinking:
> 1. start up a configurable set of base containers (base os only).
> 2. run ansible to setup repos/ install yum packages
> 3. commit changes to snapshot the "configured images"
> 4. all the above is for initial setup - subsequent calls would call
> another play book to simply start the set of containers.
>
> sample of testing this use case:
>
> - name: Create a network
>   docker_network:
> name: dev
> - name: test out docker service
>   docker_container:
> image: centos:7
> name: "node{{ item }}"
> state: started
> interactive: yes
> networks:
>   - name: dev
>   with_sequence: count=2
> 
> - name: provision shtuff
>   hosts: node1
>   connection: docker
>   tasks:
> - name: run some echo cmd
>   shell: mkdir foobar
>
> -- stop containers and exit initial setup.  this is all done with vagrant
> / ansible pro

Re: [ansible-project] Design ideas ansible provision with docker compose

[Pshem Kowalczyk]

Hi,

If you want to run containers, but not necessarily docker - have a look at
lxd/lxc. I currently use it exactly the way you mentioned - reusing roles
and configs and simply pointing to different environments.

kind regards
Pshem


On Mon, 23 Jan 2017 at 14:24 Sonny Heer  wrote:

> Thanks for that info.  I do see what you mean.  I'd like to reuse existing
> ansible roles if possible.  Assuming I'm only doing basic things like
> setting up a yum repo and installing packages on groups of nodes.  Here is
> the lifecycle of what I'm thinking:
> 1. start up a configurable set of base containers (base os only).
> 2. run ansible to setup repos/ install yum packages
> 3. commit changes to snapshot the "configured images"
> 4. all the above is for initial setup - subsequent calls would call
> another play book to simply start the set of containers.
>
> sample of testing this use case:
>
> - name: Create a network
>   docker_network:
> name: dev
> - name: test out docker service
>   docker_container:
> image: centos:7
> name: "node{{ item }}"
> state: started
> interactive: yes
> networks:
>   - name: dev
>   with_sequence: count=2
> 
> - name: provision shtuff
>   hosts: node1
>   connection: docker
>   tasks:
> - name: run some echo cmd
>   shell: mkdir foobar
>
> -- stop containers and exit initial setup.  this is all done with vagrant
> / ansible provisioning.
>
> is this still considered an antipattern?  The key is I'd like to separate
> out the creation x #of containers, base provisioning, and runtime.  by
> doing this it allows new nodes to be added with simple plays to the
> network.  I may go with your suggestion of templating the Dockerfile if
> this proves to be too much of a pain.  I actually started out with
> templating a Dockerfile - then moved to docker_service (compose), and
> finally back to docker_container.  docker_service seemed to have too many
> issues with version mismatches between docker-compose/ docker-py...
>
> On Sunday, January 22, 2017 at 4:41:48 PM UTC-8, James Beake wrote:
>
> If you are trying to use containers this way ( ansible provisioning inside
> running container) you are pushing against the philosophy behind
> containers. My suggestion is to use ansible to construct the files used to
> create containers. That way you get the control / power of ansible without
> trying to shoehorn it into the docker world.
>
> For example I have a Dockerfile.j2 template that I pump a list of packages
> I want to install into it using ansible. Then I just run docker build.
>
> eg
> (partial /templates/Dockerfile.j2)
>
> RUN DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y install
> \
> {{ container_packages | join (" ") }} \ Magic happens here
> && rm -rf /var/lib/apt/lists/*
>
> and
> (/vars/mail.yml)
> container_packages:
>   - apache2
>   - curl
>   - git
>   - mysql-client
>   - php5
>   - php-apc
>   - php5-curl
>   - php5-gd
>   - php5-json
>   - php5-mysql
>   - php5-sqlite
>   - sqlite
>
> > On 21 Jan 2017, at 1:58 AM, Sonny Heer  wrote:
> >
> > Goal:
> >
> > 1. use same roles regardless of container, VM, bare metal, swarm, or
> other cloud provider
> > 2. easily add/remove nodes (containers)
> > 3. use existing docker-compose files
> >
> > I can't seem to find an example of docker_service which has ansible
> provisioning after container is up.   e.g. I want to keep the containers
> very basic (bare centos), and use ansible to install all
> packages/configure.  I'm assuming this happens first by defining the
> containers and then connecting to those containers from host machine (in my
> case a unix VM).   Let me know if this makes sense or if more info is
> needed...
> >
> > Thanks
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
>
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-proje...@googlegroups.com.
> > To post to this group, send email to ansible...@googlegroups.com.
>
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a8b37474-d921-47e5-94d5-a5196cba7e8d%40googlegroups.com.
>
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/27bfdb17-ab57-48b0-8378-fa7e0486caec%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/o