[ansible-project] Re: Run a unix script on ansible server that connect to remote servers.
Thanks, Kai Once I changed to localhost instead host name. Ansible is able to grab logs from remote hosts. On Tuesday, October 22, 2019 at 4:32:21 PM UTC-4, R-JRI wrote: > > Hi, all > > I have an existing unix shell script that does ssh to connect to remote > servers to search FAILED key word through logs on the remote server. If the > logs contain FAILED key word, sftp to the servers to bring the logs to a > central server and analyzes them. > Now we want to launch the unix script from Ansible or in the future from > Ansible Tower. > Ansible shell, script and command modules are to copy or run UNIX script > on remote servers not on Ansible server. In my case, I don't want to copy > the script to run on remote servers. I want to run the script on Ansible > server. Is there a way to accomplish this in Ansible? Thanks. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4473a620-0d69-4547-8a96-aa5b5a6013e9%40googlegroups.com.
[ansible-project] Re: Run a unix script on ansible server that connect to remote servers.
Thanks for the reply, Kai After I changed the host to local host name in hosts field of yml file. I ran it without error but I don't see it get logs from remote servers to local /tmp directory. If I ran UNIX script, it takes logs to local /tmp/ directory from remote server. Here is my yml file content: --- - name: grab log hosts: ansidev (this is the host name of ansible server) tasks: - name: get log command: /usr/local/bin/failed_log_analysys.sh On Tuesday, October 22, 2019 at 4:32:21 PM UTC-4, R-JRI wrote: > > Hi, all > > I have an existing unix shell script that does ssh to connect to remote > servers to search FAILED key word through logs on the remote server. If the > logs contain FAILED key word, sftp to the servers to bring the logs to a > central server and analyzes them. > Now we want to launch the unix script from Ansible or in the future from > Ansible Tower. > Ansible shell, script and command modules are to copy or run UNIX script > on remote servers not on Ansible server. In my case, I don't want to copy > the script to run on remote servers. I want to run the script on Ansible > server. Is there a way to accomplish this in Ansible? Thanks. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7e75f45c-2837-455f-9f51-52ea321a0e23%40googlegroups.com.
[ansible-project] Run a unix script on ansible server that connect to remote servers.
Hi, all I have an existing unix shell script that does ssh to connect to remote servers to search FAILED key word through logs on the remote server. If the logs contain FAILED key word, sftp to the servers to bring the logs to a central server and analyzes them. Now we want to launch the unix script from Ansible or in the future from Ansible Tower. Ansible shell, script and command modules are to copy or run UNIX script on remote servers not on Ansible server. In my case, I don't want to copy the script to run on remote servers. I want to run the script on Ansible server. Is there a way to accomplish this in Ansible? Thanks. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/257c71ad-bbd8-445b-9c93-97f0a1316097%40googlegroups.com.
[ansible-project] Re: Get file(s) from a remote host to local host
Thanks, Brian
That works.
On Wednesday, September 18, 2019 at 2:31:17 PM UTC-4, R-JRI wrote:
>
> Hi,
>
> I created a simple yml file to get file or files from a remote host to
> local host:
> $ cat fetch.yml
> ---
> - hosts: serverA
>
> tasks:
> - name: find the files
> find:
> paths: /usr/local/apps/log
> patterns: AppsAdmin.*.ALLAPPS.20190828*
> use_regex: True
> register: Apps_files
>
> - debug:
> var: Apps_files.files.path
>
> - name:
> fetch:
> src: "{{ item }}"
> dest: /APPADMIN/ansible/nonprod/DR_test/
> with_items: "{{ Apps_files.files.path }}"
>
> The variable 'Apps_files.files.path' is getting from the output of debug.
>
> Here is the output when ran it.
>
> [appadmin@serverB][/APPADMIN/ansible/nonprod/DR_test]$ ansible-playbook
> fetch.yml
>
> PLAY [serverA]
>
>
> TASK [Gathering Facts]
> **
> ok: [serverA]
>
> TASK [find the files]
> ***
> ok: [serverA]
>
> TASK [debug]
>
> ok: [serverA] => {
> "Apps_files.files.path": "VARIABLE IS NOT DEFINED!"
> }
>
> TASK [fetch]
>
> fatal: [serverA]: FAILED! => {"msg": "'list object' has no attribute
> 'path'"}
>
> PLAY RECAP
> **
> serverA : ok=3changed=0unreachable=0failed=1
> skipped=0rescued=0ignored=0
>
>
> When debug model only has Apps_files as variable:
> -debug:
> var: Apps_files
>
> The output of debug is:
> TASK [debug]
>
> ok: [serverA] => {
> "Apps_files": {
> "changed": false,
> "examined": 36,
> "failed": false,
> "files": [
> {
> "atime": 1567021803.0147924,
> "ctime": 1567021803.0087924,
> "dev": 64770,
> "gid": 0,
> "gr_name": "root",
> "inode": 134304,
> "isblk": false,
> "ischr": false,
> "isdir": false,
> "isfifo": false,
> "isgid": false,
> "islnk": false,
> "isreg": true,
> "issock": false,
> "isuid": false,
> "mode": "0644",
> "mtime": 1567021803.0047922,
> "nlink": 1,
> "path":
> "/usr/local/apps/log/AppsAdmin.stop.ALLAPPS.201908281548.21882.log", <--
> file wanted to get from serverA
> "pw_name": "root",
> "rgrp": true,
> "roth": true,
> "rusr": true,
> "size": 10253,
> "uid": 0,
> "wgrp": false,
> "woth": false,
> "wusr": true,
> "x
[ansible-project] Get file(s) from a remote host to local host
Hi,
I created a simple yml file to get file or files from a remote host to
local host:
$ cat fetch.yml
---
- hosts: serverA
tasks:
- name: find the files
find:
paths: /usr/local/apps/log
patterns: AppsAdmin.*.ALLAPPS.20190828*
use_regex: True
register: Apps_files
- debug:
var: Apps_files.files.path
- name:
fetch:
src: "{{ item }}"
dest: /APPADMIN/ansible/nonprod/DR_test/
with_items: "{{ Apps_files.files.path }}"
The variable 'Apps_files.files.path' is getting from the output of debug.
Here is the output when ran it.
[appadmin@serverB][/APPADMIN/ansible/nonprod/DR_test]$ ansible-playbook
fetch.yml
PLAY [serverA]
TASK [Gathering Facts]
**
ok: [serverA]
TASK [find the files]
***
ok: [serverA]
TASK [debug]
ok: [serverA] => {
"Apps_files.files.path": "VARIABLE IS NOT DEFINED!"
}
TASK [fetch]
fatal: [serverA]: FAILED! => {"msg": "'list object' has no attribute
'path'"}
PLAY RECAP
**
serverA : ok=3changed=0unreachable=0failed=1
skipped=0rescued=0ignored=0
When debug model only has Apps_files as variable:
-debug:
var: Apps_files
The output of debug is:
TASK [debug]
ok: [serverA] => {
"Apps_files": {
"changed": false,
"examined": 36,
"failed": false,
"files": [
{
"atime": 1567021803.0147924,
"ctime": 1567021803.0087924,
"dev": 64770,
"gid": 0,
"gr_name": "root",
"inode": 134304,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1567021803.0047922,
"nlink": 1,
"path":
"/usr/local/apps/log/AppsAdmin.stop.ALLAPPS.201908281548.21882.log", <--
file wanted to get from serverA
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 10253,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
},
{
"atime": 1568752920.7074213,
"ctime": 1567023296.6011353,
"dev": 64770,
"gid": 0,
"gr_name": "root",
"inode": 134315,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1567023296.5971353,
"nlink": 1,
"path":
"/usr/local/apps/log/AppsAdmin.start.ALLAPPS.201908281606.30560.log", <--
file wanted to get from serverA
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 8549,
"uid": 0,
"wgrp": false,
"woth": false,
Re: [ansible-project] Run script that requires 'sudo' on remote hosts.
Thanks Sebastian.
I added warning option as you suggested and the warning message went away
and applications can be stopped/started.
On Thursday, March 28, 2019 at 10:21:23 AM UTC-4, Sebastian Meyer wrote:
> Hi,
>
> On 28.03.19 14:49, R-JRI wrote:
> > TASK [Gathering Facts]
> >
> **
>
>
> > fatal: [host1]: FAILED! => {"changed": false, "module_stderr": "Shared
> > connection to host1 closed.\r\n", "module_stdout": "Sorry, user
> appsadmin
> > is not allowed to execute '/bin/sh -c echo
> > BECOME-SUCCESS-fxdiujleiigrbgciqkixarzuxhsbngrr; /usr/bin/python
> >
> /u/appadmin/.ansible/tmp/ansible-tmp-1553780641.69-82349845573466/AnsiballZ_setup.py'
>
>
> > as root on host1.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for
> the
> > exact error", "rc": 1}
>
> If the user you use with ansible is only allowed to execute this script
> with sudo and not use sudo for ALL, then you are right to use
>
> command: sudo /usr/local/bin/application_stop_start.sh stop
>
> You may want to add
>
> warn: no
>
> See:
>
> https://docs.ansible.com/ansible/latest/modules/command_module.html?highlight=warn
>
>
> Sebastian
>
> --
> Sebastian Meyer
> Linux Consultant & Trainer
> Mail: me...@b1-systems.de
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e9670e4a-e9e2-46c4-a1c8-a85a0e549501%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Run script that requires 'sudo' on remote hosts.
Hi, Raghavendra
Added 'become_user = root' in ansible.cfg and ran failed with below message:
TASK [Gathering Facts]
**
fatal: [host1]: FAILED! => {"changed": false, "module_stderr": "Shared
connection to host1 closed.\r\n", "module_stdout": "Sorry, user appsadmin
is not allowed to execute '/bin/sh -c echo
BECOME-SUCCESS-fxdiujleiigrbgciqkixarzuxhsbngrr; /usr/bin/python
/u/appadmin/.ansible/tmp/ansible-tmp-1553780641.69-82349845573466/AnsiballZ_setup.py'
as root on host1.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the
exact error", "rc": 1}
On Wednesday, March 27, 2019 at 5:04:02 PM UTC-4, Raghavendra Rao wrote:
>
>
> On Thu, 28 Mar 2019 at 01:59, R-JRI >
> wrote:
>
>> Hi, all
>>
>> We have an application stop/start script that starts/stops application
>> without root privilege and with 'sudo'.
>> If I am on the host, I login as the application user and then run the
>> script to stop/start application as 'sudo application_stop_start.sh
>> stop/start'.
>>
>> On the ansible server (v2.7), I created a simple test file. The
>> application user ID is the same on ansible host and remote node (ssh
>> authentication has no problem)
>>
>> tasks:
>> - name: run script to stop/start application
>> command: sudo /usr/local/bin/application_stop_start.sh stop
>>
>> It ran successfully on the remote host with a warning message.
>>
>> PLAY [Stop application]
>> *
>> TASK [Gathering Facts]
>> **
>> ok: [host1]
>> TASK [run application_stop_start.sh script to stop application]
>> **
>> [WARNING]: Consider using 'become', 'become_method', and 'become_user'
>> rather than running sudo
>> changed: [host1]
>> PLAY RECAP
>> **
>> host1 : ok=2changed=1unreachable=0failed=0
>>
>> I don't need 'become' and 'become_user' at least since the UID is the
>> same.
>>
>
> 'become' is used for privilege escalation. Meaning "Whether to
> automatically switch user on the managed
> host (typically to root) after connecting". Though you have same UIDs on
> both control node and managed host, don't forget that the UID on managed
> host needs root privileges to run 'application_stop_start.sh' (as you are
> running sudo to run that command normally as well).
>
> Tried to use 'become_method = sudo' and remove 'sudo' from 'command:
>> /usr/local/bin/application_stop_start.sh stop' and it did not work. Does
>> anyone have any suggestions?
>>
>
> You need to inform ansible about these two things:
>
> become = true
> become_user = root
> become_method = sudo
>
> Put this under ansible.cfg of your pwd and it should run fine.
>
> -R.Rao
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4324dc3b-4756-48bf-8f7b-43c98d5d4a82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Run script that requires 'sudo' on remote hosts.
Hi, Sebastian I did not say clearly. I checked my ansible.cfg and it has 'become = true' in it and ran failed. On Wednesday, March 27, 2019 at 4:57:48 PM UTC-4, Sebastian Meyer wrote: > On 27.03.19 21:29, R-JRI wrote: > > I don't need 'become' and 'become_user' at least since the UID is the > same. > > Tried to use 'become_method = sudo' and remove 'sudo' from 'command: > > /usr/local/bin/application_stop_start.sh stop' and it did not work. Does > > anyone have any suggestions? > > Thanks. > > You still need `become: true`, since you want to _become_ root executing > this script. Just setting the become_method to sudo won't do anything. > > Sebastian > > > > > -- > Sebastian Meyer > Linux Consultant & Trainer > Mail: me...@b1-systems.de > > B1 Systems GmbH > Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de > GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/734e263a-8ce2-4134-9996-193ad4c4de5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Run script that requires 'sudo' on remote hosts.
Hi, all We have an application stop/start script that starts/stops application without root privilege and with 'sudo'. If I am on the host, I login as the application user and then run the script to stop/start application as 'sudo application_stop_start.sh stop/start'. On the ansible server (v2.7), I created a simple test file. The application user ID is the same on ansible host and remote node (ssh authentication has no problem) tasks: - name: run script to stop/start application command: sudo /usr/local/bin/application_stop_start.sh stop It ran successfully on the remote host with a warning message. PLAY [Stop application] * TASK [Gathering Facts] ** ok: [host1] TASK [run application_stop_start.sh script to stop application] ** [WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo changed: [host1] PLAY RECAP ** host1 : ok=2changed=1unreachable=0failed=0 I don't need 'become' and 'become_user' at least since the UID is the same. Tried to use 'become_method = sudo' and remove 'sudo' from 'command: /usr/local/bin/application_stop_start.sh stop' and it did not work. Does anyone have any suggestions? Thanks. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ff766cb2-195f-480f-90c8-dea378289399%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
