Re: [ansible-project] centos7 target - sudden python interpreter trouble

2021-10-14 Thread Sandip Bhattacharya 




On 14.10.21 14:03, dulhaver via Ansible Project wrote:

On 10/14/2021 1:41 PM dulhaver via Ansible Project 
 wrote:

  
also I can run ad-hoc commands (like ping) on that target successfully (which should proove to some extend that python can be addressed on target, shouldn't it?)


this i.e. also works

ansible [hostname] -m shell -a 'yum install @postgresql -y' --become



Can you do:
   ansible [hostname] -m setup

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7ca43bae-7ca4-89aa-c1ec-a08e7ed0846f%40showmethesource.org.

Re: [ansible-project] centos7 target - sudden python interpreter trouble

2021-10-14 Thread Sandip Bhattacharya 




On 14.10.21 11:49, dulhaver via Ansible Project wrote:

I am running a playbook to install postgresql  
against a centos7 (python 2.75) target and am getting this error about a bad python 
interpreter .

I try to solve this via the inventory.yml

all:
   hosts:
     [hostname]: # centos7


Is this literally what is in your inventory.yaml file? Is that even valid yaml?
Shouldn't it be:

all:
  hosts:
hostname: # centos7


--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c52cc763-db49-ede0-1663-c0f81318a5a4%40showmethesource.org.

Re: [ansible-project] Getting Permission Denied Error

2021-10-14 Thread Sandip Bhattacharya 




On 13.10.21 13:51, Anirban Das wrote:

I have created aws ec2 instances through Terraform, so that time I have 
mentioned key name for ec2 launching. But yes didn't mention ansible private 
key in terraform script. So in the provisioner bock I put ansible playbook 
command with private-key path. What else do I need to do??

you can check below terraform script and please guide me.
=

# Creating 3 EC2 Instances:

resource "aws_instance" "instance" {
   count           = length(aws_subnet.public_subnet.*.id)
   ami             = var.ami_id
   instance_type   = var.instance_type
   subnet_id       = element(aws_subnet.public_subnet.*.id, count.index)
   security_groups = [aws_security_group.sg.id, ]
   key_name        = "Keypair-01"


1. Confirm that the ssh key mentioned in "Keypair-01" is the one in your 
ssh-agent locally.
2. Confirm that your local user exists on the remote host, and has the ssh-key 
in the authorized_keys file.
3. Confirm that you can do "ssh -i /path/to/private/key AWS_HOST" and can log 
in without any problems.
4. See if you can run 'ansible AWS_HOST -m ping' and get a response.

These can provide clues to what is wrong.

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/292b4912-97d4-d016-740c-cd39114f3356%40showmethesource.org.

Re: [ansible-project] Re: Combining several facts into one array

2021-10-06 Thread Sandip Bhattacharya 




On 06.10.21 14:38, lift...@gmail.com wrote:

However, in my other thread about removing items from the list, I'm trying the 
suggestion as follows:

   - name: Print output
     debug:
       msg: "{{ item.uid[0] }}:  {{ item.gidnumber[0] }}:  {{ item.homedirectory[0] 
}}"
     loop: "{{ user_find.json.result.result|difference(deny) }}"
     vars:
     deny: ["/home/admin","/home/test"]

This gives me the following validation error:

ERROR! conflicting action statements: debug, deny


'deny' is wrongly indented. It is a variable. Should be indented under 'vars'.

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/254ce446-cc77-6716-2975-fa00904be712%40showmethesource.org.

Re: [ansible-project] Ansible performing poorly on scale setups

2021-10-05 Thread Sandip Bhattacharya 




On 01.10.21 23:11, nds.ap...@gmail.com wrote:

We build a stream file to map the interfaces of all the hosts and then trigger 
traffic on respective hosts participating. This stream file is around 100 MB.

So just this line in one of the playbook:

   vars_files:
     - "{{ playbook_dir }}/{{ streams_file_name }}"
Is taking almost 1-2 hrs of time to run.


I believe there are other vars plugins that you can use? They may work better 
than the files module. Or write your own.
https://docs.ansible.com/ansible/latest/plugins/vars.html

Alternatively, instead of using vars plugins, you maybe able to use lookup 
plugins for fetching data, and use faster stores to randomly access data 
instead of loading it all into memory at the beginning.

- Sandip

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eb7746cf-2aff-f132-aeb0-63ae81edceba%40showmethesource.org.

Re: [ansible-project] when condition is not working

2021-10-01 Thread Sandip Bhattacharya 




On 01.10.21 15:32, subbamma natla wrote:


when: htop_is_running.stdout == '0'   did not work

command: pgrep httpd

My question is why the following not working
  when: status_httpd.stdout_lines == 0

ok: [mhost1] => {
     "status_httpd.stdout_lines": [
         "0"
     ]
}



If the 'when' condition, you are effectively working in python land.

Here you are making probably two mistakes:
 -  'stdout_lines' is an array. 'stdout' is a string.
 - you are comparing strings to numbers


--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b68f4065-0bd1-181e-2a7f-f9df8a0c7545%40showmethesource.org.

Re: [ansible-project] when condition is not working

2021-10-01 Thread Sandip Bhattacharya 




What's wrong with asserting that the service should be started?

- systemd:
     name: httpd
     state: started



For the vast majority of cases that should work (the apache service in major
distros being such a case).

Sometimes you do get an edge case where the PID check in the unit file is not a
good enough check for the health of the service as a whole.

- Sandip

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c2b53b98-d69a-646c-32c1-72046eb9c1e8%40showmethesource.org.

Re: [ansible-project] when condition is not working

2021-10-01 Thread Sandip Bhattacharya 




On 01.10.21 02:10, subbamma natla wrote:

can somebody explaine me why service sis not starting

on mhost1:
[root@mhost1 ~]#  ps -ef | grep -v grep | grep httpd


It might be cleaner to use pgrep instead for process check. Then you can use 
something like this:

  tasks:
- name: Process check
  command: pgrep httpd
  register: httpd_check
  ignore_errors: true

- debug:

var: httpd_check.failed

- name: restart httpd if down
  systemd:
name: httpd
state: restarted
  when: httpd_check.failed


--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/934119b9-4e3e-75a9-975f-65ad80fee947%40showmethesource.org.

Re: [ansible-project] expect module

2021-09-30 Thread Sandip Bhattacharya 

On 30.09.21 21:43, Hanumantha Reddy Basireddy wrote:
trying to understand expect functionality using below piece of code... I know I can do using becom_user, 
but I would like to check expect module... since there is requirement where I need to use expect module

for automating client app CLI




In your specific case where pexpect is working on the remote system (else you 
would have got an error),
perhaps the problem is that you are not exiting from the shell?

Instead of just "ls", try "ls; exit"

HTH,
  Sandip

P.S. I once had a similar problem, with the additional constraint that the 
right version of python-expect
was not available on the remote system. So I had to use the system expect 
executable.

I documented my solution here:

https://blog.sandipb.net/2019/06/14/ansible-privilege-escalation-with-expect-when-you-dont-have-root-shell-privileges/

--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a2b7cb6a-bbe0-3429-0e6f-248faed1f09d%40showmethesource.org.

Re: [ansible-project] List manipulation questions

2021-09-28 Thread Sandip Bhattacharya 

Hi Alex,

One additional tip.

The best way to target is using the inventory names. You can use hostname or a group name 
in the "hosts: ", but we generally don't use a variable there.

If you have specified a group in the "hosts: " field, and then at the command line you 
want to restrict the playbook to a single host, you can use the "--limit" parameter to 
specify the specific host.

Thanks,
  Sandip

On 28.09.21 17:02, Alex Wanderley wrote:

Hi Sandip,

What I want is to print/create a clean, well formatted list server_name:kernel_version of servers 
that are not at a certain kernel version (that's why "when" is excluding 
"4.18.0-305.10.2.el8_4.x86_64").

The input is whichever server name, list of servers, inventory group that I pass on as a 
parameter to the playbook by using the "my_host" variable (it was a poorly 
chosen variable name, I admit...  :-)   ).
This is how the playbook is called: playbook.yml -e 
"my_host=".

After looking again, "server" is actually unnecessary. I should just go with: serverlist: 
"{{ serverlist | default({}) | combine( {ansible_hostname: ansible_kernel} ) }}".

I know I can create that same list using something else like shell script, 
which I'm much more proficient at. The idea of using ansible came as a way of 
learning the basics of working with lists using a very basic example.

"lineinfile" will keep appending to that file indefinitely, I know. But my real 
intention was learning how to write those lines the way I want.

That all being said, thank you very much for taking the time to 
help/advise/question... (Questioning leads to better/more thinking.)
I realized that it will be much better if I read and practice more on my own 
and leave to consume people's time when I'm in trouble with a real-life 
playbook.

All the best,

Alex

On Mon, Sep 27, 2021 at 5:07 PM Sandip Bhattacharya 
 wrote:

Hi,
It would be helpful to us if you could explain a bit more clearly about:

a. What you want to do here
b. What are all the inputs here

Questions:

- What are the variables 'my_host' and 'server' here?
- Do you want a file created on every host? Or only on the control-host?

In any case, using an ansible playbook for the kind of reporting you are 
trying
to do, seems a bit of an overkill.

If you do want to use ansible as a remote execution tool, it is easier to
just use the 'ansible' command to print what you want, and post-process the 
output.

   ansible  all_hosts -m setup -a "filter=ansible_kernel"

If you really want a file created in one place in a playbook, use
"connection: local" in your lineinfile so that the file is created on your
local machine, and make sure "throttle: 1" is also set, so that it is
not clobbered by other threads.

Something like this would work:
https://gist.github.com/sandipb/8ad80e6af9d471b04e2ec7948224ff3d

Also, when using lineinfile, it is really important that you make it as much
idempotent as possible. Else, if you run your playbook on different days, it
would be filled with all the possible values of every host all this while.  
The
regex parameter is really important here, making sure that every host has
exactly one line, or none if it is not desired.


HTH,
   Sandip





On 28.09.21 00:03, Alex Wanderley wrote:
> Hello,
>
> I understand this very basic, but I'm still learning... (And my apologies 
for the long message.)
>
> I built the playbook below so I can check which server is still in need 
of an OS update based on its current kernel version:
> ---
>      - hosts: "{{ my_host }}"
>    remote_user: xx
>
>    vars:
>   server:
>   srvname: "{{ ansible_hostname }}"
>   kernel: "{{ ansible_kernel }}"
>
>    tasks:
>
>      - block:
>      - name: create list
>    set_fact:
>   serverlist: "{{ serverlist | default({}) | combine( 
{item.srvname: item.kernel} ) }}"
>    with_items:
>     - "{{ server }}"
>
>      - name: print list
>    debug:
>   msg: "{{ serverlist }}"
>
>      - name: send list to file
>    lineinfile:
>   create: yes
>   line: "{{ serverlist | string }}"
>   path: "/shared/kernel.list"
>    when: (ansible_distribution ==

Re: [ansible-project] List manipulation questions

2021-09-27 Thread Sandip Bhattacharya 

Hi,
It would be helpful to us if you could explain a bit more clearly about:

a. What you want to do here
b. What are all the inputs here

Questions:

- What are the variables 'my_host' and 'server' here?
- Do you want a file created on every host? Or only on the control-host?

In any case, using an ansible playbook for the kind of reporting you are trying
to do, seems a bit of an overkill.

If you do want to use ansible as a remote execution tool, it is easier to
just use the 'ansible' command to print what you want, and post-process the 
output.

  ansible  all_hosts -m setup -a "filter=ansible_kernel"

If you really want a file created in one place in a playbook, use
"connection: local" in your lineinfile so that the file is created on your
local machine, and make sure "throttle: 1" is also set, so that it is
not clobbered by other threads.

Something like this would work:
https://gist.github.com/sandipb/8ad80e6af9d471b04e2ec7948224ff3d

Also, when using lineinfile, it is really important that you make it as much
idempotent as possible. Else, if you run your playbook on different days, it
would be filled with all the possible values of every host all this while.  The
regex parameter is really important here, making sure that every host has
exactly one line, or none if it is not desired.


HTH,
  Sandip





On 28.09.21 00:03, Alex Wanderley wrote:

Hello,

I understand this very basic, but I'm still learning... (And my apologies for 
the long message.)

I built the playbook below so I can check which server is still in need of an 
OS update based on its current kernel version:
---
     - hosts: "{{ my_host }}"
   remote_user: xx

   vars:
  server:
  srvname: "{{ ansible_hostname }}"
  kernel: "{{ ansible_kernel }}"

   tasks:

     - block:
     - name: create list
   set_fact:
  serverlist: "{{ serverlist | default({}) | combine( {item.srvname: 
item.kernel} ) }}"
   with_items:
    - "{{ server }}"

     - name: print list
   debug:
  msg: "{{ serverlist }}"

     - name: send list to file
   lineinfile:
  create: yes
  line: "{{ serverlist | string }}"
  path: "/shared/kernel.list"
   when: (ansible_distribution == "OracleLinux") and 
(hostvars[inventory_hostname].ansible_kernel != "4.18.0-305.10.2.el8_4.x86_64")

It's working, but I'd like to improve the way it presents the list of servers 
in need of update... So, could you help with some hints on how I could:

Make the "print list" task work in a way that instead of printing this:
TASK [print list] 
**
ok: [] => {
     "msg": {
     "x": "4.18.0-240.10.1.el8_3.x86_64"
     }
}
ok: [] => {
     "msg": {
     "": "4.18.0-240.10.1.el8_3.x86_64"
     }
===> It would print something like (or closer to) this:
"msg": {
"x": "4.18.0-240.10.1.el8_3.x86_64'
"": "4.18.0-240.10.1.el8_3.x86_64
}

And, on the "send list to file" task, how would I have the file content changed 
from this:
{'x ': '4.18.0-240.10.1.el8_3.x86_64'}
{'  ': '4.18.0-240.10.1.el8_3.x86_64'}
===> To something like this:
x: 4.18.0-240.10.1.el8_3.x86_64
{: 4.18.0-240.10.1.el8_3.x86_64
I mean, without single quotes and curly braces.

I understand I could build another task to parse that file an "clean" it, but, 
is there a way to do that while writing to the file?



--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/83041a2b-0692-033c-1adc-e9925946b5db%40showmethesource.org.

Re: [ansible-project] Cannot source /etc/lsb-release

2021-09-27 Thread Sandip Bhattacharya 

This won't work for you?

$ sudo bash -c 'source /etc/lsb-release; echo $DISTRIB_CODENAME'
focal



On 27.09.21 19:14, 'Neil Young' via Ansible Project wrote:

Exactly. which source gives nothing.

If I run the command at non-elevated level I get useful results and the 
environment is filled


source /etc/lsb-release

echo $DISTRIB_CODENAME

bionic


sudo source /etc/lsb-release

[sudo] password for ubuntu:

sudo: source: command not found


So it is a matter of elevated access level, but I just don't know how to 
run that at lower level...




Sandip Bhattacharya schrieb am Montag, 27. September 2021 um 19:11:33 UTC+2:

source is a bash built-in command. There is no executable. You can
try "bash -c 'source /etc/lsb-release' "


HTH,
   Sandip


On 27.09.21 19:04, 'Neil Young' via Ansible Project wrote:

Hi,

I'm banging my head trying to make this simple statement work:

- name: Get Ubuntu version definitions
  ansible.builtin.shell: source /etc/lsb-release

But whatever I do I get this:

TASK [Get Ubuntu version definitions]



fatal: [server1]: FAILED! => {"changed": true, "cmd": "source
/etc/lsb-release", "delta": "0:00:00.002579", "end": "2021-09-27
17:02:32.565396", "msg": "non-zero return code", "rc": 127,
"start": "2021-09-27 17:02:32.562817", "stderr": "/bin/sh: 1:
source: not found", "stderr_lines": ["/bin/sh: 1: source: not
found"], "stdout": "", "stdout_lines": []}


This is most likely because I run at elevated permissions.

What can I do in order to make this work?

TIA

-- 
You received this message because you are subscribed to the Google

Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/ansible-project/fe78c00b-ac97-4960-a70b-449b0e1fcf41n%40googlegroups.com

<https://groups.google.com/d/msgid/ansible-project/fe78c00b-ac97-4960-a70b-449b0e1fcf41n%40googlegroups.com?utm_medium=email&utm_source=footer>.


-- 
https://blog.sandipb.net  <https://blog.sandipb.net>

https://twitter.com/sandipb  <https://twitter.com/sandipb>

--
You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to ansible-project+unsubscr...@googlegroups.com 
<mailto:ansible-project+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ac9b0dba-6437-4332-9901-2f4089e1063fn%40googlegroups.com 
<https://groups.google.com/d/msgid/ansible-project/ac9b0dba-6437-4332-9901-2f4089e1063fn%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2cd55231-de3e-9829-97a4-50ff17802345%40showmethesource.org.

Re: [ansible-project] Cannot source /etc/lsb-release

2021-09-27 Thread Sandip Bhattacharya 
source is a bash built-in command. There is no executable. You can try 
"bash -c 'source /etc/lsb-release' "



HTH,
  Sandip


On 27.09.21 19:04, 'Neil Young' via Ansible Project wrote:

Hi,

I'm banging my head trying to make this simple statement work:

- name: Get Ubuntu version definitions
  ansible.builtin.shell: source /etc/lsb-release

But whatever I do I get this:

TASK [Get Ubuntu version definitions] 



fatal: [server1]: FAILED! => {"changed": true, "cmd": "source 
/etc/lsb-release", "delta": "0:00:00.002579", "end": "2021-09-27 
17:02:32.565396", "msg": "non-zero return code", "rc": 127, "start": 
"2021-09-27 17:02:32.562817", "stderr": "/bin/sh: 1: source: not 
found", "stderr_lines": ["/bin/sh: 1: source: not found"], "stdout": 
"", "stdout_lines": []}



This is most likely because I run at elevated permissions.

What can I do in order to make this work?

TIA

--
You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fe78c00b-ac97-4960-a70b-449b0e1fcf41n%40googlegroups.com 
.


--
https://blog.sandipb.net
https://twitter.com/sandipb

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1fe79e0d-7e1c-8353-91ca-c7e0f1bcfada%40showmethesource.org.

Re: [ansible-project] Folder Permission for Multiple directories at once

2019-08-07 Thread Sandip Bhattacharya 
 Please always share your actual error message to help people helping you.




On August 7, 2019 at 6:23:31 PM, Bishwajit Samanta 
(bishwajitsamanta1...@gmail.com(mailto:bishwajitsamanta1...@gmail.com)) wrote:

> Hi All,  
>  
> I am trying to achieve mentioning multiple directories in var.yml so that in 
> loop i can give them folder permission however it is not working. Can anyone 
> help me here.  
>  
> ---  
> - name: "File List"
> hosts: localhost
> gather_facts: no
> become: yes
> become_user: root
>  
> tasks:  
> - include_vars: var.yml
> - name: "Folder Permission"
> file:
> path: '{{ item }}'
> mode: '{{ folder_perm }}'
> loop: "{{ folder_path }}"
>  
> ignore_errors: true  
> - name: "File Permission"  
> file:
> path: '{{ file_path }}'
> mode: '{{ file_perm }}'
> ignore_errors: true
>  
> vars.yml  
>  
> ---  
> folder_path:  
> - /home/sysops/bishwajit/ansible/folder_perm/
> - /home/sysops/bishwajit/ansible/demo_perm
> - /home/sysops/bishwajit/ansible/sample_perm
> file_path: /home/sysops/bishwajit/ansible/folder_perm/file_perm
> folder_perm: 0755
> file_perm: 0644
>  
>  


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d4b7e4c.2c086b0b.38c%40showmethesource.org.

Re: [ansible-project] Typo in hard link example for file module?

2019-08-07 Thread Sandip Bhattacharya 
On August 7, 2019 at 4:10:31 PM, Andrew Latham 
(lath...@gmail.com(mailto:lath...@gmail.com)) wrote:
> It appears to be correct in code, maybe a recent fix that just has not 
> resulted in a refreshed docs page. See 
> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/files/file.py#L147
>  

Thanks. Didn't realize the docs are generated from code :)

You are right. It seems the bug was reported and fixed last month itself. 
https://github.com/ansible/ansible/issues/58451

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d4b717c.1345e3c.38c%40showmethesource.org.

[ansible-project] Typo in hard link example for file module?

2019-08-07 Thread Sandip Bhattacharya 
 

[my third attempt to send this message got lost somehow. Trying again.]  

In the documentation for the file module at: 
https://docs.ansible.com/ansible/latest/modules/file_module.html

An example for creating hard links is given as below:

  - name: Create two hard links  
    file:
      src: '/tmp/{{ item.src }}'
      dest: '{{ item.dest }}'
      state: link
    with_items:
      - { src: x, dest: y }
      - { src: z, dest: k }

According to the documentation of the “state” parameter however, the value 
should be “hard” and not “link". Is this a typo?  

Thanks,  
Sandip


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d4b3e91.34d78290.38c%40showmethesource.org.

Re: [ansible-project] Ansible [Errno 13] Permission denied

2019-08-05 Thread Sandip Bhattacharya 



On Mon, Aug 5, 2019, at 5:34 PM, Andrew Morgan wrote:
> Ahh, you are right, I am getting the error:
> 
> Sorry, user andrewm is not allowed to execute '/bin/sh -c echo hello from 
> bash; python -c 'print "hello"' ' as root on ip-10-0-0-162
> 
> but in ansible I am becoming root! Now when I become the root user I am able 
> to :
> # sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "
hello from bash
hello
> 
> 
> How can I fix this issue?


You need to change your sudo config to allow executing /bin/sh. This has always 
been an Ansible requirement - to be able to use privilege escalation, you need 
to let sudo run arbitrary commands.

The relevant config to fix  should be somewhere in /etc/sudoers or some file in 
/etc/sudoers.d. The specific config varies from installation to installation, 
and changing it has security implications. So if you have a different person 
handling system level setup (you mentioned in your first mail that there are 
certain security requirements at work) you should definitely work with them to 
change this, else you can leave your system vulnerable in an unexpected way. 
Else if you can do this yourself, look up "man sudoers" to understand the 
current config and change it.

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6b26a7ca-7d14-49d9-9bfb-5dac07401434%40www.fastmail.com.

Re: [ansible-project] Ansible [Errno 13] Permission denied

2019-08-05 Thread Sandip Bhattacharya 
[ Yeah, it should have been -vvv and not --debug. I am missing up apps. :) My 
apologies. ] 




On August 5, 2019 at 4:45:33 PM, Andrew Morgan 
(alonsoamor...@gmail.com(mailto:alonsoamor...@gmail.com)) wrote:
> <54.236.183.46> ESTABLISH SSH CONNECTION FOR USER: andrewm
> <54.236.183.46> SSH: EXEC sshpass -d42 ssh -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o 
> 'IdentityFile="/Users/confluencetrades/Desktop/andrewm.pem"' -o 
> 'User="andrewm"' -o ConnectTimeout=10 -o 
> ControlPath=/private/var/root/.ansible/cp/a3358dc28d -tt 54.236.183.46 
> '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, 
> key=fahckbxvjwfjuwfziuxflwkbjtwbsyfl] password:" -u root /bin/sh -c 
> '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fahckbxvjwfjuwfziuxflwkbjtwbsyfl ; 
> /usr/bin/python 
> /home/andrewm/.ansible/tmp/ansible-tmp-1565048685.95-166747859799287/AnsiballZ_command.py'"'"'"'"'"'"'"'"'
>  && sleep 0'"'"''
> Escalation succeeded
> <54.236.183.46> (1, '\r\n', 'Shared connection to 54.236.183.46 closed.\r\n')
> <54.236.183.46> Failed to connect to the host via ssh: Shared connection to 
> 54.236.183.46 closed.

At this point, the only possible problem I can think of is sudo restrictions.

Are you sure you can run arbitrary commands via sudo on your box. My workplace 
doesn't let me execute shells via sudo, for example. We use a workaround to 
make sensible work.

e.g. Can you run on your remote box something like this?

    sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "

- Sandip


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d48c3d0.2073a8e4.38c%40showmethesource.org.

Re: [ansible-project] Ansible [Errno 13] Permission denied

2019-08-05 Thread Sandip Bhattacharya 
 




On August 5, 2019 at 4:35:34 PM, Andrew Morgan 
(alonsoamor...@gmail.com(mailto:alonsoamor...@gmail.com)) wrote:

> Thank you, but I also tried that, but no luck  
>  
> > ansible all -i inventory 
> > --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u andrewm -k 
> > --become --ask-become-pass -m command -a "/usr/sbin/useradd -s /bin/bash -m 
> > test"
> > SSH password:
> 

Can you run with --debug and see the output? It shows the exact command 
executed remotely.

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d48bdfd.4d8a6eae.38c%40showmethesource.org.

Re: [ansible-project] Ansible [Errno 13] Permission denied

2019-08-04 Thread Sandip Bhattacharya 
On August 4, 2019 at 3:06:25 PM, Andrew Morgan 
(alonsoamor...@gmail.com(mailto:alonsoamor...@gmail.com)) wrote:
> More verbose output  
>  
> ansible all -vvv -i inventory -m command -a "/usr/sbin/useradd -s /bin/bash 
> -m test" --private-key="/Users/confluencetrades/Desktop/andrewm.pem" -u 
> andrewm --ask-become-pass -k  

You are not really adding "—-become” here, even though you are supplying the 
become password. I am not sure that supplying the become password automatically 
enables "become”.

- Sandip


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d477ccd.3546b30c.14764%40showmethesource.org.

Re: [ansible-project] Re: Need small help

2019-08-04 Thread Sandip Bhattacharya 
 

> No even if the dest is /tmp the file is not visible in the remote server.
>  

Run our command using “-v” or “—debug” to find out what is happening in that 
particular task. If you still cannot find out, share the output here.

- Sandip

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/etPan.5d477b52.5c2d1707.14764%40showmethesource.org.

[ansible-project] Re: Need small help

2019-08-04 Thread Sandip Bhattacharya 
Check your "dest" parameter value. From your scp command example, I think 
you want this to be "/tmp"

- Sandip

On Saturday, August 3, 2019 at 10:27:27 PM UTC-7, Bubunia Patra wrote:
>
> Hi all,
>
> I am having a issue with copy module copying from localhost to remote 
> server. The problem is when the playbook runs the playbook works fine 
> without any error.  But the* contents **copy_dir_ex* is not visible in 
> remote server. I am using ubuntu 14.04.I have provided 777 permission to 
> destination directory. Still  i am suspecting it is something pretty silly 
> I am missing. Ansible version is 2.xx
>
> When I run scp command on local hosts it works fine and the contents is 
> available in remote server. Can anyone throw some light what i am missing?
>
> scp -i   ubuntu@remotehost:/tmp 
>
> The code is pretty simple as follows
>
> ---
>
> -hosts: all
>  gather_facts: false
>  become: yes
>   tasks:
>   - name: Ansible copy directory to the remote server
> copy:
>   src:/Users/mdtutorials2/Documents/Ansible/copy_dir_ex
>   dest:/Users/mdtutorials2/Documents/Ansible/tmp
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6091da02-a3a9-4ec1-96fe-95d8d774b9d4%40googlegroups.com.