Re: [ansible-project] Git Module: Is it a "Pull on Remote" or "Pull on Local and Push to remote"

2017-09-30 Thread Tobias Wolf 
We do that all the time with local_action, module: git or module: 
subversion, and then synchronize onto the server, in a two -step process.
Some internal servers just do not have a route into the internet. The local 
dir is then ignored in .gitignore or svnprop svn:ignore.

Random example: 

   *- 
**name*: get code for collectdweb 
*local_action*:
*module*: git
*repo*: https://github.com/httpdss/collectd-web.git  
*dest*: "{{ role_path }}/files/collectd-web.git"   
*run_once*: true 
*check_mode*: no 
*changed_when*: no  
  *- **name*: 
deploy code to server*synchronize*: 
*src*: {{ item.src 
}}*dest*: {{ item.dest }}   
   *delete*: yes
*checksum*: yes 
 *perms*: no
  *times*: no   
   *rsync_opts*: "--chown=www-data:www-data --cvs-exclude"  
  *with_items*: 
 *- *{ *src*: 'collectd-web.git/', *dest*: '/home/www/collectd-web/' }  
tags: rsync 



On Saturday, September 30, 2017 at 2:54:49 PM UTC+2, indraj joglekar wrote:
>
> I see. The remote server needs to have access to the git server in that 
> case.
>
> Ideally would like it to be 
> a) "Pull on Local and rsync to remote" 
> b) or "Pull on Local from git server" and "Push to remote server from 
> local server"
> c) or "Pull on Local from git server" and "Pull on remote server from 
> local server"
>
> so as to avoid any remote server dependencies.
>
> On Saturday, September 30, 2017 at 6:46:17 AM UTC-4, Andreas Olsson wrote:
>>
>> fre 2017-09-29 klockan 14:03 -0700 skrev indraj joglekar: 
>> > How does the git module work? 
>> > 
>> > a) Does it do a pull on the remote server? 
>> > b) Does it first do a pull on the local admin server and then rsync 
>> > copy the repo to the remote server? 
>> The clone/pull happens locally on the remote server. 
>>
>> > If not, is it possible to do this in some other way? 
>> Which way would you prefer it to work? 
>>
>> // Andreas 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8942b8a8-2594-4e3f-a1f3-90177e4cc356%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Behavior change related to roles_path config with relative include

2016-09-02 Thread Tobias Wolf 
Same problem here.

$ echo $ANSIBLE_CONFIG 
./users/tobias.wolf/ansible.cfg

$ grep role users/tobias.wolf/ansible.cfg 
roles_path = ./roles

ERROR! the role 'actions/common-handlers' was not found in ... 
/home/towolf/src/ansible/users/tobias.wolf/roles

On Friday, September 2, 2016 at 9:51:08 AM UTC+2, Julien Tognazzi wrote:
>
> I think I've found what changed between 2.1.0.0 and 2.1.1.0.
>
> it seems to be related to this pull request #16088 
>  
> precisely the change on file lib/ansible/constants.py
>
> So now the path configured in ansible.cfg roles_path are relative to 
> where the ansible.cfg file is !
> Before, it was relative to the execution directory.
>
> This change breaks some of my playbooks. 
> Do I have to modified my layout or can this be considered as a regression 
> and fixed ??
>
> thanks you for reading.
>
> Julien.
>
> On Thursday, August 11, 2016 at 12:25:14 PM UTC+2, Julien Tognazzi wrote:
>>
>> Hi list,
>>
>> I upgraded ansible with the latest epel-testing 
>> version ansible-2.1.1.0-1.el7.noarch and noticed a change with the 
>> roles_path configuration.
>>
>> This is my roles_path:
>> roles_path= /etc/ansible/roles:../base/roles:./roles
>>
>> So I expect that if I run a playbook from /vagrant/ansible/somedir it 
>> will look for roles in /vagrant/ansible/base/roles and 
>> /vagrant/ansible/somedir/roles
>>
>> But it doesn't seem to be the case anymore.
>>
>> With 
>> ansible 2.1.1.0
>>   config file = /etc/ansible/ansible.cfg
>>   configured module search path = ['/usr/local/share/ansible_modules/']
>>
>> If running a play referencing non existant role, I have
>> $ pwd
>> /vagrant/ansible/somedir
>> $ansible-playbook test.yml -v
>> Using /etc/ansible/ansible.cfg as config file
>> ERROR! the role 'somerole' was not found in /vagrant/ansible/somedir
>> /roles:/vagrant/ansible/somedir:/etc/ansible/roles:
>> /etc/base/roles:/etc/ansible/roles
>>
>>
>> With
>> ansible 2.1.0.0
>>   config file = /etc/ansible/ansible.cfg
>>   configured module search path = ['/usr/local/share/ansible_modules/']
>>
>> Running the same play gives me:
>> $ pwd
>> /vagrant/ansible/somedir
>> $ansible-playbook test.yml -v
>>
>>
>>  [WARNING]: provided hosts list is empty, only localhost is available
>>
>>
>> ERROR! the role 'somerole' was not found in /vagrant/ansible/somedir/
>> roles:/vagrant/ansible/somedir:/etc/ansible/roles:../base/roles:./roles
>>
>>
>> The behavior change is highlighted in yellow above.
>>
>> Is this a regression ?
>>
>> thanks for your explanation 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/57c4279b-4255-4acc-b480-92f6fff78f69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Global hooks/tasks

2016-02-15 Thread Tobias Wolf 
That would evidently work to track file changes locally. Our main use case 
however was to track *on the target system* (1) which team member changed a 
file (and who deleted a file, like a suddenly missing firewall rule, which 
precludes just using SVN keywords in the file header) and (2) using which 
playbook. This is to establish a reverse map from system to playbook and 
ansible user.

So somehow we need to trigger etckeeper et al. from Ansible itself. 
Preferably during the runtime so we do not have to load the inventory 
again, which takes up to 20 seconds, depending on Ansible version and local 
performance patches.

I assume this cannot be achieved cleanly in a callback plugin? 

--Tobias

On Thursday, February 11, 2016 at 6:09:48 PM UTC+1, Brian Coca wrote:
>
> i would just have something like incron on the target that triggers 
> etckeeper
>
> On Thu, Feb 11, 2016 at 8:11 AM, Tobias Wolf <tow...@gmail.com 
> > wrote:
>
>> We had this discussion over lunch, i.e., we pondered how we could get 
>> ansible to trigger etckeeper on each host at the conclusion of the 
>> playbook. We excluded handlers because handlers are not executed once a 
>> playbook fails.
>>
>> Did you find a way to cleanly create a hook like this with having to 
>> append this to each playbook individually?
>>
>> --Tobias
>>
>> On Thursday, November 5, 2015 at 4:40:32 PM UTC+1, Dominic Hargreaves 
>> wrote:
>>>
>>> Hi,
>>>
>>> I've had a look around for solutions to this problem, but surprisingly 
>>> I'm starting to think it's not something supported out of the box with 
>>> ansible.
>>>
>>> I would like to define a play or series of plays which are called 
>>> exactly once on a given group of hosts for each ansible run, at the very 
>>> start and very end of that run, regardless of which role or roles are being 
>>> executed. Optionally, the set of tasks at the end could only run if any of 
>>> the other tasks run changed something (a sort of global_changed state), but 
>>> this isn't essential. Using ro
>>>
>>> The use-case is to run etckeeper before and after each run of ansible, 
>>> to provide a definitive record of what changed on the server (at least as 
>>> far as the configuration files in /etc go).
>>>
>>> Does anyone have any suggestions on how I might accomplish this? Would a 
>>> new feature request be appropriate if it's not already achievable? Note 
>>> that I wouldn't want to have to modify every playbook and/or role to 
>>> achieve this, since that would inevitably lead to missed commits and 
>>> default the point of having a complete changelog.
>>>
>>> Just in case it isn't obvious: yes, I am managing the ansible playbooks 
>>> in git already, but etckeeper provides a deeper view of what *actually* 
>>> changed on the server and can be very helpful for looking back to figure 
>>> out when/how something was misconfigured.
>>>
>>> I would be interested to hear other solutions to this.
>>>
>>> Cheers,
>>> Dominic.
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/1a612708-41a9-4ae1-8f8d-c5d2fa85ea19%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/1a612708-41a9-4ae1-8f8d-c5d2fa85ea19%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> --
> Brian Coca
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fc50f5ed-3641-40d0-ad4f-96d21bcf229c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Debian/Ubuntu: Show available updates (or control if all updates are installed)

2016-02-12 Thread Tobias Wolf 
For one thing, once my apt module pull request #2944 gets merged you can 
use « --check --diff » to see the list of packages to be upgraded.


On Thursday, February 11, 2016 at 8:10:56 PM UTC+1, Johannes Kastl wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA1 
>
> Hi everyone, 
>
> is it possible to show all available updates on Debian/Ubuntu/... 
> via apt? Or rather, check if all updates have been installed without 
> errors? 
>
> Basically something like this (which does not work, I have not 
> tested why): 
>
> > --- 
> > 
> > - name: refresh cache 
> >  apt: update_cache=yes 
> > 
> > 
> > - name: Show all available updates become: true shell: apt-get 
> > upgrade -u | mail -s "Available Updates on $(hostname -f)" root 
>
> Thanks in advance! 
>
> Johannes 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
> Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ 
>
> iEYEARECAAYFAla83KcACgkQzi3gQ/xETbIqcwCgklsEpGA0ozVe9UbVA4B5T9Qa 
> Sn4AniOhuEnc90YjfGyxAFbgqLPPKWDq 
> =id1c 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/360201ea-d88d-4bb8-8c33-1f68d4974b41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Global hooks/tasks

2016-02-11 Thread Tobias Wolf 
We had this discussion over lunch, i.e., we pondered how we could get 
ansible to trigger etckeeper on each host at the conclusion of the 
playbook. We excluded handlers because handlers are not executed once a 
playbook fails.

Did you find a way to cleanly create a hook like this with having to append 
this to each playbook individually?

--Tobias

On Thursday, November 5, 2015 at 4:40:32 PM UTC+1, Dominic Hargreaves wrote:
>
> Hi,
>
> I've had a look around for solutions to this problem, but surprisingly I'm 
> starting to think it's not something supported out of the box with ansible.
>
> I would like to define a play or series of plays which are called exactly 
> once on a given group of hosts for each ansible run, at the very start and 
> very end of that run, regardless of which role or roles are being executed. 
> Optionally, the set of tasks at the end could only run if any of the other 
> tasks run changed something (a sort of global_changed state), but this 
> isn't essential. Using ro
>
> The use-case is to run etckeeper before and after each run of ansible, to 
> provide a definitive record of what changed on the server (at least as far 
> as the configuration files in /etc go).
>
> Does anyone have any suggestions on how I might accomplish this? Would a 
> new feature request be appropriate if it's not already achievable? Note 
> that I wouldn't want to have to modify every playbook and/or role to 
> achieve this, since that would inevitably lead to missed commits and 
> default the point of having a complete changelog.
>
> Just in case it isn't obvious: yes, I am managing the ansible playbooks in 
> git already, but etckeeper provides a deeper view of what *actually* 
> changed on the server and can be very helpful for looking back to figure 
> out when/how something was misconfigured.
>
> I would be interested to hear other solutions to this.
>
> Cheers,
> Dominic.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1a612708-41a9-4ae1-8f8d-c5d2fa85ea19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.