Re: [ansible-project] Apt behaviour

[Igor Cicimov]

Of course it has everything to do with the module, what else? The 2.4.4 
does the correct thing and takes the list as it is: a list. The module 
documentation also says it needs to be a list.

However, 2.5+ takes that list as a string for some reason and wraps it in a 
list ending in that silly state of a list inside a list. That can't be 
right.



On Monday, March 7, 2022 at 5:08:08 PM UTC+11 Felix Fontein wrote:

> hi,
>
> > Hi all,
> > 
> > Anyone knows why is apt behaving differently here? I have this var
>
> I don't think this is related to the apt module, but to how the
> variable ends up being loaded. It seems to end up as a string, but not
> as a sting in JSON format (which would be converted to a list), but in
> Python format.
>
> Without knowing how exactly you end up with the variable in this format.
>
> (Also please note that both Ansible 2.4.x and 2.5.x are completely
> outdated and End of Line.)
>
> Cheers,
> Felix
>
>
>
> > 
> > fonts_packages:
> > - ttf-wqy-zenhei
> > - fonts-takao-mincho
> > - fonts-indic
> > - ttf-wqy-microhei
> > 
> > and simple task:
> > 
> > - name: install additional fonts
> > apt:
> > name: "{{ fonts_packages }}"
> > state: present
> > 
> > passing the list to apt.
>
>
-- 


* *







Know Your Customer due diligence on demand, powered by 
intelligent process automation




Blogs 
  |  LinkedIn 
  |  Twitter 


 




Encompass Corporation UK Ltd  |  
Company No. SC493055  |  Address: Level 3, 33 Bothwell Street, Glasgow, UK, 
G2 6NL

Encompass Corporation Pty Ltd  |  ACN 140 556 896  |  Address: 
Level 10, 117 Clarence Street, Sydney, New South Wales, 2000

This email 
and any attachments is intended only for the use of the individual or 
entity named above and may contain confidential information. 

If you are 
not the intended recipient, any dissemination, distribution or copying of 
this email is prohibited. 

If received in error, please notify us 
immediately by return email and destroy the original message.








-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7164ed8c-72f7-4ef1-9237-4e6be65e7092n%40googlegroups.com.

[ansible-project] Apt behaviour

[Igor Cicimov]

Hi all,

Anyone knows why is apt behaving differently here? I have this var

fonts_packages:
  - ttf-wqy-zenhei
  - fonts-takao-mincho
  - fonts-indic
  - ttf-wqy-microhei

and simple task:

- name: install additional fonts
  apt:
name: "{{ fonts_packages }}"
state: present

 passing the list to apt.

That works in Ansible 2.4.4 as expected:

"invocation": {
"module_args": {
 
"name": [
"ttf-wqy-zenhei", 
"fonts-takao-mincho", 
"fonts-indic", 
"ttf-wqy-microhei"
], 
"only_upgrade": false, 
"package": [
"ttf-wqy-zenhei", 
"fonts-takao-mincho", 
"fonts-indic", 
"ttf-wqy-microhei"
], 
...
 
But in 2.5+ fails because:

fatal: [hostname]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {

"name": "['ttf-wqy-zenhei', 'fonts-takao-mincho', 
'fonts-indic', 'ttf-wqy-microhei']",
"only_upgrade": false,
"package": [
"['ttf-wqy-zenhei'",
" 'fonts-takao-mincho'",
" 'fonts-indic'",
" 'ttf-wqy-microhei']"
],
...
},
"msg": "No package(s) matching '['ttf-wqy-zenhei'' available"
}

I'm passing a list to apt "name" parameter as per the documentation.

Thanks


-- 


* *







Know Your Customer due diligence on demand, powered by 
intelligent process automation




Blogs 
  |  LinkedIn 
  |  Twitter 


 




Encompass Corporation UK Ltd  |  
Company No. SC493055  |  Address: Level 3, 33 Bothwell Street, Glasgow, UK, 
G2 6NL

Encompass Corporation Pty Ltd  |  ACN 140 556 896  |  Address: 
Level 10, 117 Clarence Street, Sydney, New South Wales, 2000

This email 
and any attachments is intended only for the use of the individual or 
entity named above and may contain confidential information. 

If you are 
not the intended recipient, any dissemination, distribution or copying of 
this email is prohibited. 

If received in error, please notify us 
immediately by return email and destroy the original message.








-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/13465a54-4216-450c-a9f9-a079495425f3n%40googlegroups.com.

Re: [ansible-project] Install&Configure raid1 and bios on a HP ilo server

[Igor Gnatenko]

I think this is the wrong question to ask. Depending on what you want
to configure in iLO, you could simply use the `uri` module to interact
with the redfish API. If you need to set up some BIOS parameters, your
best friend would be `hponcfg` from some OS (possibly during the
installation of OS). Same goes for RAID, I don't think you can easily
create it without having some OS, in our company we build our own
images with `ssacli` and create RAID as a part of %pre section of
kickstart file (we use CentOS).

On Sat, Aug 29, 2020 at 3:01 AM devo...@gmail.com  wrote:
>
> Hi,
>
> Need to install and configure raid1 and bios on a HP ilo server (before OS 
> installation) by ansible playbook. Can we install raid1 and bios by CLI on a 
> HP ILO (has to done by ansible playbook), if yes can you please give me a 
> reference.
>
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/77ab9b14-994e-4750-a9d5-68e27a6dc714n%40googlegroups.com.



-- 
-Igor Gnatenko

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFMg4WCXK8SN69o6JNKqK9ftMbkmwpt_mtYFrq7pxEVU9W5-Ag%40mail.gmail.com.

Re: [ansible-project] Is there a strategy that runs on X hosts as fast as possible

[Igor Gnatenko]

Hello Vladimir,

I saw that one, but I misunderstood how that works because I also had
`serial` set in the playbook. Controlling how many tasks are executed
via forks does exactly what I was looking for.

Thank you for your prompt response!

On Sun, Aug 9, 2020 at 4:52 PM Vladimir Botka  wrote:
>
> On Sun, 9 Aug 2020 04:33:58 -0700 (PDT)
> Igor Gnatenko  wrote:
>
> > Basically I am looking for something like `parallel -jX` linux command. At
> > any time it runs up to X threads with a command.
>
> That's what strategy "host_pinned" does. See
> https://docs.ansible.com/ansible/latest/plugins/strategy/host_pinned.html#host-pinned-executes-tasks-on-each-host-without-interruption
>
> > I noticed that serial: 2 with any strategy will wait for play to run on
> > these 2 hosts and only after that it will move to the next ones.
>
> Only "linear" works this way, I think.
>
> > I'd like Ansible to run on 2 hosts at any time, so once it finishes with 1
> > of 2 in batch, it would already run playbook for the 3rd host.
> > Is such thing does not exist or I just can't find how to do it?
>
> See this example. Is this what you're looking for?
> https://stackoverflow.com/questions/59877712/execute-ansible-playbook-for-next-host-after-finishing-one-host-not-all-forked-h
>
> $ cat hosts
> all:
>   hosts:
> test_01:
>   wait_timeout: 1
> test_02:
>   wait_timeout: 2
> test_03:
>   wait_timeout: 3
> test_06:
>   wait_timeout: 4
> test_09:
>   wait_timeout: 5
>
> $ cat pinned-01.yml
> - name: Play A
>   hosts: all
>   gather_facts: false
>   strategy: host_pinned
>   tasks:
> - debug:
> msg: "A:{{ inventory_hostname }}
>   {{ lookup('pipe', 'date +%H-%M-%S') }}
>   started"
> - wait_for:
> timeout: "{{ wait_timeout }}"
> - debug:
> msg: "A:{{ inventory_hostname }}
>   {{ lookup('pipe', 'date +%H-%M-%S') }}
>   finished"
>
>
> $ ansible-playbook pinned-01.yml -f 3 | grep msg\":
> "msg": "A:test_06 15-33-05 started"
> "msg": "A:test_09 15-33-05 started"
> "msg": "A:test_01 15-33-05 started"
> "msg": "A:test_01 15-33-08 finished"
> "msg": "A:test_02 15-33-08 started"
> "msg": "A:test_06 15-33-11 finished"
> "msg": "A:test_03 15-33-11 started"
> "msg": "A:test_02 15-33-11 finished"
> "msg": "A:test_09 15-33-12 finished"
> "msg": "A:test_03 15-33-15 finished"
> Results
>
> Because of -f 3 Ansible started 3 hosts (1,9,6). Host 1 finished
> first and opened it's slot to a new host that was waiting to start.
> Host 2 started. The same way host 3 started right after host 6
> finished. Host 2, which started after host 9, finished before host 9.
>
>
> --
> Vladimir Botka



-- 
-Igor Gnatenko

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFMg4WDfwGhFZ0VOLsqMZ4pnusxwtDC%3DZvtWTKiZYo0uS5E1vA%40mail.gmail.com.

[ansible-project] Is there a strategy that runs on X hosts as fast as possible

[Igor Gnatenko]

Basically I am looking for something like `parallel -jX` linux command. At 
any time it runs up to X threads with a command.

I noticed that serial: 2 with any strategy will wait for play to run on 
these 2 hosts and only after that it will move to the next ones. However, 
I'd like Ansible to run on 2 hosts at any time, so once it finishes with 1 
of 2 in batch, it would already run playbook for the 3rd host.

Is such thing does not exist or I just can't find how to do it?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d23f8b67-d2d0-4cc8-9ac6-801cc0a3b18dn%40googlegroups.com.

[ansible-project] Getting vault ID passwords in playbook

[Igor Gnatenko]

Hello,

I would like to set up one host to run ansible-pull, however since 
credentials are encrypted with ansible-vault I need some way to deliver 
those credentials to that host. Is there way to get passed passwords from 
the playbook?

Thanks for help in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/261ea03a-2a7f-4b80-9400-ff07c2251172%40googlegroups.com.

Re: [ansible-project] Random anisble failures due to tmp files not found

[Igor Cicimov]

FWIW found the reference: 

https://github.com/dw/mitogen/issues/301#issuecomment-404620821
https://github.com/ansible/ansible/issues/31617

On Friday, March 8, 2019 at 9:46:14 AM UTC+11, Igor Cicimov wrote:
>
>
>
> On Friday, March 8, 2019 at 4:12:37 AM UTC+11, Kai Stian Olstad wrote:
>>
>> On 07.03.2019 01:34, Igor Cicimov wrote: 
>> > Anyone else seeing random playbook execution failuers like this: 
>> > 
>> > Source 
>> /home/user/.ansible/tmp/ansible-tmp-1551917585.84-139567381415844/source 
>> > not found"} 
>>
>> No, you must have some issues with your setup. 
>>
>
> Maybe but highly unlikely. This happened during provisioning of 20 EC2 
> instances with same ansible config and same repository and 19 were 
> successful but 1 failed with the error. All instances autoprovision them 
> self locally and the one that failed has hundreds of tasks successfully 
> executed before the failed one.
>
> I remember seeing an issue where the OP found out that the:
>
> remote_tmp = $HOME/.ansible/tmp
>
> settings works unreliably and ansible looses the tmp path being unable to 
> resolve the $HOME env var. I tried googling it up again but can not find it 
> now :-/
>
>
>>
>> > Any idea what is causing them and how to fix it? 
>>
>> Running with - might give you some more information. 
>>
>
> That's hard since replaying the whole playbook several times after the 
> failure shows no issues at all.
>
>
>>
>> -- 
>> Kai Stian Olstad 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9bfc5812-6b20-4b68-a5cd-bc2e6f1bdb90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Utilizing win_iis_webbinding to update IIS certs

[Igor Turovsky]

Hello, 


Sorry for replying for very old thread, but 
I see exactly the same issue with xWebsite.

Did you find the cause for it? 

Thank you,
- Igor

суббота, 18 ноября 2017 г., 4:25:43 UTC+3 пользователь Jordan Borean 
написал:
>
> That's weird I was able to get this task working in an optional 
> integration test when developing these changes here 
> https://github.com/ansible/ansible/blob/devel/test/integration/targets/win_dsc/tasks/destructive.yml#L62.
>  
> Are you able to open a GitHub issue about this and I'll try and look into 
> it.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/01ce13f8-13ae-4b9f-a955-dac504a44a75%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Random anisble failures due to tmp files not found

[Igor Cicimov]

On Friday, March 8, 2019 at 4:12:37 AM UTC+11, Kai Stian Olstad wrote:
>
> On 07.03.2019 01:34, Igor Cicimov wrote: 
> > Anyone else seeing random playbook execution failuers like this: 
> > 
> > Source 
> /home/user/.ansible/tmp/ansible-tmp-1551917585.84-139567381415844/source 
> > not found"} 
>
> No, you must have some issues with your setup. 
>

Maybe but highly unlikely. This happened during provisioning of 20 EC2 
instances with same ansible config and same repository and 19 were 
successful but 1 failed with the error. All instances autoprovision them 
self locally and the one that failed has hundreds of tasks successfully 
executed before the failed one.

I remember seeing an issue where the OP found out that the:

remote_tmp = $HOME/.ansible/tmp

settings works unreliably and ansible looses the tmp path being unable to 
resolve the $HOME env var. I tried googling it up again but can not find it 
now :-/


>
> > Any idea what is causing them and how to fix it? 
>
> Running with - might give you some more information. 
>

That's hard since replaying the whole playbook several times after the 
failure shows no issues at all.


>
> -- 
> Kai Stian Olstad 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b59d4be9-4ec8-418e-87ee-f18a6e08fa16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Random anisble failures due to tmp files not found

[Igor Cicimov]

Anyone else seeing random playbook execution failuers like this:

Source /home/user/.ansible/tmp/ansible-tmp-1551917585.84-139567381415844/source 
not found"}

Any idea what is causing them and how to fix it?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cfa70ac1-a7d3-4f76-9474-c0dd2d8e7de4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] win_package and check_mode

[Igor Turovsky]

Hello,

I have a question about running win_package in check_mode.

My playbook (part of it):

- name: Copy Splunk Forwarder MSI
  win_copy:
  src: "{{ splunk_forwarder_distro }}"
  dest: "{{ splunk_forwarder_distro_local }}"
  force: yes
  remote_src: no


- name: Install Splunk Forwarder
  win_package:
  expected_return_code: 0,3010
  state: present
  arguments: "{{ splunk_forwarder_arguments }}"
  path: "{{ splunk_forwarder_distro_local }}"

When I run it in check_mode, the first task will work correctly and say 
that it would copy the file. 
The second task fails since the file in path is missing. 

I do not want to set *check_mode:no* for the first task and copy the file 
in check_mode just to have win_package working. 

What is the best way to make win_package working in check_mode if the file 
in path is missing?

Thank you,
- Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5fd91faa-ae0a-41e1-a772-c72f793b7207%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

On Wednesday, February 6, 2019 at 2:14:57 AM UTC+11, Kai Stian Olstad wrote:
>
> On 04.02.2019 04:10, Igor Cicimov wrote: 
> > On Monday, February 4, 2019 at 12:10:51 AM UTC+11, Kai Stian Olstad 
> > wrote: 
>
> Probably pretty useless to answer but anyway. 
>

You are right it was useless.


>
> >> 
> >> On 03.02.2019 01:53, Igor Cicimov wrote: 
> >> > Kai, why would I use vars when I already have tags on my tasks which 
> >> > purpose, and only purpose, is filtering during execution? 
> >> 
> >> Filtering is done on the command line with --tags not inside a 
> >> playbook 
> >> or task file. 
> >> 
> > 
> > That's correct ... and have you tried doing so? In the below example: 
> > 
> > - roles: 
> >- role1 
> >- role2 
> >- role3 
> > 
> > where all 3 roles have the same tags, lets say "instal" and 
> > "configure", 
> > how are you going to filter the "install" tag for the role1 only? 
>
> You can't without having unique tag.
>

You will run our of unique names for every single tag in couple of years :-)

I understand what you are looking for, I just say that is not possible 
> with Ansible at the moment and if you need that kind of functionality 
> use variables instead. 
>
>
> > If you need any other functionality, variables is the way to go. 
> >> 
> > 
> > Yeah like in the example you gave above: 
> > 
> > --- 
> > - include_tasks: install.yml 
> >when: test_install | default(true) == true 
> > 
> > - include_tasks: configure.yml 
> >when: test_configure | default(true) == true 
> > 
> > so you end up with separate file for each tag you have, good luck with 
> > that. 
>
> I don't know why I need good luck with that, been doing it for years and 
> it just work. 
>
>
So for tasks that have multiple tags you just repeat them in every file? 
Great!


> >> > Also as I said back in 2015 
> >> > 
> https://groups.google.com/d/msg/ansible-project/WimzDEJLHJc/9U10Yjb4CQAJ 
> >> > it 
> >> > is hard to retrofit variables into hundreds of playbooks you have 
> >> > written 
> >> > with tags expecting they will serve the purpose they exist for, 
> *which 
> >> > is 
> >> > filtering*. 
> >> 
> >> They do, the filtering is done on the command line. 
> >> Tags on a role in a playbook is adding the tags to all the task in the 
> >> role. 
> >> 
> > 
> > Which is wrong and useless. 
>
> Strange view on life. 
>
>
> >> So it pretty uniform, tags in in task files and playbooks is adding 
> >> that 
> >> tag to the task. 
> >> Filtering is done at run time on the command line. 
> >> 
> >> 
> >> > From where I stand, the "tags" option that we can pass to the role 
> like 
> >> > this: 
> >> > 
> >> > - roles: 
> >> > - { name: role1 tags: ["tag1","tag2"] } <== this *IS/SHOULD 
> BE* 
> >> > equivalent to a command line 
> >> 
> >> Why should it, in my opinion this will make it pretty confusing for 
> >> when 
> >> tags add a tag and when it's filtering on tags. 
> >> 
> > 
> > Simple, there should had been *tags*, *skip-tags* and *add-tags*, 
> > genius 
> > isn't it :-) 
>
> Yes it is, but I have tried to come up with alternative way to do it in 
> the scope of how Ansible work at the moment. 
>
>
> >> > is pretty much useless since instead filtering the role's tasks based 
> >> > on 
> >> > that "tags" list it adds those tags to each of them. Really not sure 
> >> > how is 
> >> > this helping me in any way and what would be the use case or 
> advantage 
> >> > I 
> >> > get from doing this? I mean if I wanted those tags in a role I would 
> >> > have 
> >> > included them in its tasks already ... or am I missing something? 
> >> 
> >> The functionality is that if you want to run a few of the role(s) in a 
> >> playbook, add a tag to the role and filter the tag on the command 
> >> line. 
> >> I use this feature a lot, a playbook have have tens of roles and I 
> >> just 
> >> want to run one or two of them, so changing that will destroy my and 
> >> everyone else's use of tags. 
> >> 
> > 
> > Why 

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

On Monday, February 4, 2019 at 12:10:51 AM UTC+11, Kai Stian Olstad wrote:
>
> On 03.02.2019 01:53, Igor Cicimov wrote: 
> > Kai, why would I use vars when I already have tags on my tasks which 
> > purpose, and only purpose, is filtering during execution? 
>
> Filtering is done on the command line with --tags not inside a playbook 
> or task file. 
>

That's correct ... and have you tried doing so? In the below example:

- roles:
   - role1
   - role2
   - role3

where all 3 roles have the same tags, lets say "instal" and "configure", 
how are you going to filter the "install" tag for the role1 only?

If you need any other functionality, variables is the way to go. 
>

Yeah like in the example you gave above:

--- 
- include_tasks: install.yml 
   when: test_install | default(true) == true 

- include_tasks: configure.yml 
   when: test_configure | default(true) == true 

so you end up with separate file for each tag you have, good luck with that.


>
> > Also as I said back in 2015 
> > https://groups.google.com/d/msg/ansible-project/WimzDEJLHJc/9U10Yjb4CQAJ 
> > it 
> > is hard to retrofit variables into hundreds of playbooks you have 
> > written 
> > with tags expecting they will serve the purpose they exist for, *which 
> > is 
> > filtering*. 
>
> They do, the filtering is done on the command line. 
> Tags on a role in a playbook is adding the tags to all the task in the 
> role. 
>

Which is wrong and useless.


> So it pretty uniform, tags in in task files and playbooks is adding that 
> tag to the task. 
> Filtering is done at run time on the command line.
>
>
> > From where I stand, the "tags" option that we can pass to the role like 
> > this: 
> > 
> > - roles: 
> > - { name: role1 tags: ["tag1","tag2"] } <== this *IS/SHOULD BE* 
> > equivalent to a command line 
>
> Why should it, in my opinion this will make it pretty confusing for when 
> tags add a tag and when it's filtering on tags. 
>

Simple, there should had been *tags*, *skip-tags* and *add-tags*, genius 
isn't it :-)


>
> > is pretty much useless since instead filtering the role's tasks based 
> > on 
> > that "tags" list it adds those tags to each of them. Really not sure 
> > how is 
> > this helping me in any way and what would be the use case or advantage 
> > I 
> > get from doing this? I mean if I wanted those tags in a role I would 
> > have 
> > included them in its tasks already ... or am I missing something? 
>
> The functionality is that if you want to run a few of the role(s) in a 
> playbook, add a tag to the role and filter the tag on the command line. 
> I use this feature a lot, a playbook have have tens of roles and I just 
> want to run one or two of them, so changing that will destroy my and 
> everyone else's use of tags. 
>

Why would you include a role in a playbook that you don't need executed I 
wonder???


> If you download a role from Galaxy you don't want to change the tags in 
> the role because that makes it very hard to download newer version of 
> that role. 
> But you can at least add your own tags on the role so you can filter to 
> run or not run the role when the playbook is running.
>

Have never seen any Galaxy role that I can use verbatim without applying 
any custom changes so this argument can hardly count.


>
> > So to conclude, when I call a role with *tags* I expect those and only 
> > those tags to be in effect during role's execution. 
>
> But I don't, and it's not feature I need since I use variables for that. 
>

I do too to include what ever I need to get executed. And then I want to 
use the tags I've been applying religiously to all tasks I write (as I do 
with everything I create in AWS) for further filtering. And that is the 
whole point of the discussion. That option does not exists for playbooks 
that include roles.


>
> > Similarly I would 
> > expect to use *skip-tags* for tags I do not want executed during run 
> > time. 
> > Instead of that you are telling me to use vars when I already have tags 
> > that should serve the purpose. 
>
> The problem here is if you have 20 roles where all roles have uniq tag 
> and you only want to run one of them, adding 19 skiped tags instead of 1 
> include tag is not very practical. 
>
>
As said above don't include a role in a playbook if you don't need it. It 
can also be simply solved via variable as you say right? How about if I 
have 90 tasks in a role and want to exclude 45? Much more difficult isn't 
it?


> > Not sure why such a resistance 

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

Kai, why would I use vars when I already have tags on my tasks which 
purpose, and only purpose, is filtering during execution?

Also as I said back in 2015 
https://groups.google.com/d/msg/ansible-project/WimzDEJLHJc/9U10Yjb4CQAJ it 
is hard to retrofit variables into hundreds of playbooks you have written 
with tags expecting they will serve the purpose they exist for, *which is 
filtering*.

>From where I stand, the "tags" option that we can pass to the role like 
this:

- roles:
- { name: role1 tags: ["tag1","tag2"] } <== this *IS/SHOULD BE* 
equivalent to a command line 

is pretty much useless since instead filtering the role's tasks based on 
that "tags" list it adds those tags to each of them. Really not sure how is 
this helping me in any way and what would be the use case or advantage I 
get from doing this? I mean if I wanted those tags in a role I would have 
included them in its tasks already ... or am I missing something?

So to conclude, when I call a role with *tags* I expect those and only 
those tags to be in effect during role's execution. Similarly I would 
expect to use *skip-tags* for tags I do not want executed during run time. 
Instead of that you are telling me to use vars when I already have tags 
that should serve the purpose.

Not sure why such a resistance towards a feature that is very logical to 
have and makes much more sense than what it is atm.

On Saturday, February 2, 2019 at 11:05:40 PM UTC+11, Kai Stian Olstad wrote:
>
> On 02.02.2019 05:39, Igor Cicimov wrote: 
> > Brian, I find the current usage of "tags" when calling a role via 
> > "roles:" 
> > or "include_role/import_role" is counter intuitive. The reason we tag 
> > tasks 
> > in our playbooks is for the purpose of filtering which we would expect 
> > to 
> > be the case in the above mentioned scenarios as well. But it is not, 
> > and 
> > that is major draw back in making reusable (DRY) code. 
> > 
> > I constantly find my self in need to execute just a part of some role 
> > tasks, lets say the ones tagged with "install" but skip the ones tagged 
> > with "configure" lets say. This is exactly what we get by passing 
> > "--tags" 
> > or "--skip-tags" on the command line so why not make this consistent 
> > everywhere? 
>
> I would argue that it's very consistent at the moment. 
> All tags in a yaml file sets/add that tag(s), and which tags you want to 
> run is specified on the command line. 
>
> Use variables if you want to run part of your code. 
> An example: 
>
> roles/test/install.yml 
> roles/test/configure.yml 
>
>
> roles/test/main.yml 
> --- 
> - include_tasks: install.yml 
>when: test_install | default(true) == true 
>
> - include_tasks: configure.yml 
>when: test_configure | default(true) == true 
>
> Then to only run install just do this 
> playbook.yml 
> - hosts: localhost 
>roles: 
>  - role: test 
>test_configure: false 
>
>
> You can also overwrite the variables on the command line too if needed. 
>
> -- 
> Kai Stian Olstad 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3db1ef02-829b-4c06-b0e3-67d0643a480e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

Brian, I find the current usage of "tags" when calling a role via "roles:" 
or "include_role/import_role" is counter intuitive. The reason we tag tasks 
in our playbooks is for the purpose of filtering which we would expect to 
be the case in the above mentioned scenarios as well. But it is not, and 
that is major draw back in making reusable (DRY) code. 

I constantly find my self in need to execute just a part of some role 
tasks, lets say the ones tagged with "install" but skip the ones tagged 
with "configure" lets say. This is exactly what we get by passing "--tags" 
or "--skip-tags" on the command line so why not make this consistent 
everywhere?

On Saturday, February 2, 2019 at 6:07:44 AM UTC+11, Brian Coca wrote:
>
> No, it is not possible 
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1b7ba93b-4cc5-48f1-a264-6346269ec5bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

Anyone knows if this is possible in any ansible release?

On Thursday, December 17, 2015 at 8:08:14 AM UTC+11, Igor Cicimov wrote:
>
> This sounds like very reasonable request, option like:
>
> - { role: A, skip-tags: [t1, t2] }
>
> whould be very useful in case of playbook with many roles having same tags 
> thus --skip-tags is not an option in case one wants to skip tags in couple 
> of roles only.
>
> Any plans to support this?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/06b31bdc-9a22-4352-b3a3-231e515db0a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Playbook ignores attributes auth_pass\authorize and wont enter privilege mode.

[igor]

Yes, i guess i will need to read on that as well... I've tried so many 
different options and still not getting this playbook to work. All i need 
is this playbook to ssh to switch, enter enable mode - run "show run" 
command and save running config on local server, sounds easy and doable but 
having issues on that note. 

On Thursday, March 22, 2018 at 12:07:22 PM UTC-4, Marcos Alano wrote:
>
> Options like "host" and "username" are part of provider option. You 
> should check the options and also the indentation. 
>
> On Wed, Mar 21, 2018 at 7:54 PM,  > wrote: 
> > Hi Everyone! 
> > 
> > I am new to "Ansible". I've created a playbook that backups cisco 
> running 
> > config. My problem is that i get an error Invalid input detector "^" i 
> did 
> > some digging and its alerting due to the command not running in 
> privileged 
> > mode. I've tried using authorize and auth_pass and it gives me an error 
> > saying : 
> > 
> >[WARNING]: Ignoring invalid attribute: username 
> > 
> >  [WARNING]: Ignoring invalid attribute: authorize 
> > 
> >  [WARNING]: Ignoring invalid attribute: auth_pass 
> > 
> >  [WARNING]: Ignoring invalid attribute: host 
> > 
> > here is playbook: 
> > 
> > --- 
> > - hosts: myswitches 
> >   gather_facts: true 
> >   connection: local 
> > 
> >   tasks: 
> >- name: show run 
> >  ios_command: 
> >commands: 
> >- show run 
> >  host: "{{ inventory_hostname }}" 
> >  auth_pass: cisco 
> >  username: cisco 
> >  password: cisco 
> >  authorize: yes 
> >  #provider: 
> >  #  authorize: yes 
> >  #  auth_pass: cisco 
> >  #register: config 
> > 
> >- name: save output to /etc/ansible/backups 
> >  copy: 
> >content: "{{ config.stdout[0] }}" 
> >dest: "/etc/ansible/backups/show_run_{{ inventory_hostname 
> }}.txt" 
> > 
> > 
> > here is - outcome: 
> > 
> > 
> > ansible-playbook backups_test.yml - 
> > ansible-playbook 2.4.3.0 
> >   config file = /etc/ansible/ansible.cfg 
> >   configured module search path = 
> > [u'/home/techops/.ansible/plugins/modules', 
> > u'/usr/share/ansible/plugins/modules'] 
> >   ansible python module location = 
> /usr/lib/python2.7/dist-packages/ansible 
> >   executable location = /usr/bin/ansible-playbook 
> >   python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 
> > 20160609] 
> > Using /etc/ansible/ansible.cfg as config file 
> > setting up inventory plugins 
> > Set default localhost to 127.0.0.1 
> > Parsed /etc/ansible/hosts inventory source with ini plugin 
> >  [WARNING]: Ignoring invalid attribute: username 
> > 
> >  [WARNING]: Ignoring invalid attribute: authorize 
> > 
> >  [WARNING]: Ignoring invalid attribute: auth_pass 
> > 
> >  [WARNING]: Ignoring invalid attribute: host 
> > 
> > Loading callback plugin default of type stdout, v2.0 from 
> > /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc 
> > 
> > PLAYBOOK: backups_test.yml 
> > 
> **
>  
>
> > 1 plays in backups_test.yml 
> > 
> > PLAY [myswitches] 
> > 
> ***
>  
>
> > 
> > TASK [Gathering Facts] 
> > 
> **
>  
>
> > Using module file 
> > /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py 
> > <10.175.0.238> ESTABLISH LOCAL CONNECTION FOR USER: root 
> > <10.175.0.238> EXEC /bin/sh -c '/usr/bin/python && sleep 0' 
> > Using module file 
> > /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py 
> > <10.175.0.234> ESTABLISH LOCAL CONNECTION FOR USER: root 
> > <10.175.0.234> EXEC /bin/sh -c '/usr/bin/python && sleep 0' 
> > ok: [10.175.0.234] 
> > ok: [10.175.0.238] 
> > META: ran handlers 
> > 
> > TASK [show run] 
> > 
> *
>  
>
> > task path: /etc/ansible/playbooks/backups_test.yml:7 
> > <10.175.0.238> using connection plugin network_cli 
> > <10.175.0.234> using connection plugin network_cli 
> > <10.175.0.238> socket_path: /home/techops/.ansible/pc/3b9c1a1e70 
> > <10.175.0.234> socket_path: /home/techops/.ansible/pc/606d5c5780 
> > Using module file 
> > 
> /usr/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py 
> > Using module file 
> > 
> /usr/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py 
> > <10.175.0.238> ESTABLISH LOCAL CONNECTION FOR USER: root 
> > <10.175.0.238> EXEC /bin/sh -c '/usr/bin/python && sleep 0' 
> > <10.175.0.234> ESTA

[ansible-project] Re: Playbook ignores attributes auth_pass\authorize and wont enter privilege mode.

[igor]

Just an update.

I figured where authorize: yes and auth_pass: cisco should stand... 

Under "ios command:"
  tasks:
   - name: show run
 ios_command:
   authorize: yes
   auth_pass: cisco
   commands:

hope this helps if anyone is having same issue.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f98d0a6e-534b-4357-9cdb-2ba8c9e8543e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Playbook ignores attributes auth_pass\authorize and wont enter privilege mode.

[igor]

Hi Everyone!

I am new to "Ansible". I've created a playbook that backups cisco running 
config. My problem is that i get an error Invalid input detector "^" i did 
some digging and its alerting due to the command not running in privileged 
mode. I've tried using authorize and auth_pass and it gives me an error 
saying :

   [WARNING]: Ignoring invalid attribute: username

 [WARNING]: Ignoring invalid attribute: authorize

 [WARNING]: Ignoring invalid attribute: auth_pass

 [WARNING]: Ignoring invalid attribute: host

here is playbook:

---
- hosts: myswitches
  gather_facts: true
  connection: local

  tasks:
   - name: show run
 ios_command:
   commands:
   - show run
 host: "{{ inventory_hostname }}"
 auth_pass: cisco
 username: cisco
 password: cisco
 authorize: yes
 #provider:
 #  authorize: yes
 #  auth_pass: cisco
 #register: config

   - name: save output to /etc/ansible/backups
 copy:
   content: "{{ config.stdout[0] }}"
   dest: "/etc/ansible/backups/show_run_{{ inventory_hostname }}.txt"


here is - outcome:


ansible-playbook backups_test.yml -
ansible-playbook 2.4.3.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = 
[u'/home/techops/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 
20160609]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Set default localhost to 127.0.0.1
Parsed /etc/ansible/hosts inventory source with ini plugin
 [WARNING]: Ignoring invalid attribute: username

 [WARNING]: Ignoring invalid attribute: authorize

 [WARNING]: Ignoring invalid attribute: auth_pass

 [WARNING]: Ignoring invalid attribute: host

Loading callback plugin default of type stdout, v2.0 from 
/usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: backups_test.yml 
**
1 plays in backups_test.yml

PLAY [myswitches] 
***

TASK [Gathering Facts] 
**
Using module file 
/usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.175.0.238> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.175.0.238> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Using module file 
/usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.175.0.234> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.175.0.234> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
ok: [10.175.0.234]
ok: [10.175.0.238]
META: ran handlers

TASK [show run] 
*
task path: /etc/ansible/playbooks/backups_test.yml:7
<10.175.0.238> using connection plugin network_cli
<10.175.0.234> using connection plugin network_cli
<10.175.0.238> socket_path: /home/techops/.ansible/pc/3b9c1a1e70
<10.175.0.234> socket_path: /home/techops/.ansible/pc/606d5c5780
Using module file 
/usr/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py
Using module file 
/usr/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py
<10.175.0.238> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.175.0.238> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
<10.175.0.234> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.175.0.234> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
failed: [10.175.0.238] (item=OVuq7syghNs824LrXc7d) => {
"changed": false,
"invocation": {
"module_args": {
"auth_pass": null,
"authorize": null,
"commands": [
"show run"
],
"host": null,
"interval": 1,
"match": "all",
"password": null,
"port": null,
"provider": null,
"retries": 10,
"ssh_keyfile": null,
"timeout": null,
"username": null,
"wait_for": null
}
},
"item": "OVuq7syghNs824LrXc7d",
"msg": "show run\r\n^\r\n% Invalid input detected 
at '^' marker.\r\n\r\nATL-INT-SW-09>",
"rc": 1
}
failed: [10.175.0.234] (item=OVuq7syghNs824LrXc7d) => {
"changed": false,
"invocation": {
"module_args": {
"auth_pass": null,
"authorize": null,
"commands": [
"show run"
],
"host": 

[ansible-project] cannot get remote_user in a callback plugin

[Igor B.]

Hi all,

I am developing a callback plugin to print messages to hipchat when 
playbook starts and finishes, and some additional info like who is running 
the playbook. To get the username I tried 2 ways:

   1. 
   
   cli.options.remote_user -- outputs "None".
   2. 
   
   play.remote_user -- outputs username only if remote_user is defined in a 
   play. Unfortunately we don't do this in our playbooks.
   
I also looked at hipchat 
(https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/callback/hipchat.py)
 
and slack 
(https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/callback/slack.py#L155)
 
callback plugins and it's not working with Ansible 2.4.1.0:


# hipchat

PLAY [aplay] 


[WARNING]: Failure using method (v2_playbook_on_play_start) in callback 
plugin (): 'Play' object has no attribute 'playbook'


#slack

PLAY [aplay] 
**
 [WARNING]: Failure using method (v2_playbook_on_play_start) in callback 
plugin (): 'dict' object has no attribute 'remote_user'


How do I get username which runs the playbook in a callback plugin?


Thanks,

Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a0d6f49a-904a-42d6-bb16-9cfb74732b51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Error while evaluating conditional

[Igor Cicimov]

Yes i tried that it didnt work

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/adb4411c-1eda-4216-8257-dd4ed9bd18ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] wait_for using bastion host

[Igor Cicimov]

Try to connect manually with the same ssh command with -vvv switch to find out 
what went wrong. Also use register in the ansible command and debug the 
returned value. My guess is missing/mismatch key or security group issue ie the 
instance has tcp port 22 blocked.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cfd778be-c059-4279-a38a-354f61aa417e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] wait_for using bastion host

[Igor Cicimov]

Try to connect manually with the same ssh command with -vvv switch to find out 
what went wrong. Also use register in the ansible command and debug the 
returned value. My guess is missing/mismatch key or security group issue ie the 
instance has tcp port 22 blocked.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b07b8fed-83da-4cc1-b748-b74937aec71e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Error while evaluating conditional

[Igor Cicimov]

ok it was simply the order, this works:

  when: ansible_eth0.ipv4.address == server_list.0 and 'does not exist' in 
volume_info.stderr

where this will not:

  when: 'does not exist' in volume_info.stderr and 
ansible_eth0.ipv4.address == server_list.0

no matter in what kind of quotes you wrap it, escape it etc.

On Wednesday, May 17, 2017 at 4:32:56 PM UTC+10, Igor Cicimov wrote:
>
> Any idea why would Ansible error on this?
>
> fatal: [localhost] => error while evaluating conditional: 'does not exist' 
> in volume_info.stderr and "10.99.4.236" == "10.99.3.195"
>
> FATAL: all hosts have already failed -- aborting
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4664b4e7-64a5-4b86-b870-f6bdf968c151%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error while evaluating conditional

[Igor Cicimov]

Any idea why would Ansible error on this?

fatal: [localhost] => error while evaluating conditional: 'does not exist' 
in volume_info.stderr and "10.99.4.236" == "10.99.3.195"

FATAL: all hosts have already failed -- aborting

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e19abbfd-4d9f-433c-9807-e10a2fe621f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible 2.0.2 sts_asume_role error - Region does not seem to be available for aws module boto.sts

[Igor Cicimov]

Hi,

When I run the following playbook on an EC2 instance with IAM instance role:

---
- hosts: localhost
  connection: local
  gather_facts: false
  tasks:
- name: Assume the instance profile role
  sts_assume_role:
region: "eu-west-1"
role_arn: "arn:aws:iam::xx:instance-profile/profile-name"
role_session_name: "someRoleSession"
  register: assumed_role

I get error:

TASK [Assume the instance profile role] 

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": 
"Region eu-west-1 does not seem to be available for aws module boto.sts. If 
the region definitely exists, you may need to upgrade boto or extend with 
endpoints_path"}

Get the same result after trying couple of other regions without success 
(although the instance it self is in the eu-west-1 region). Which is the 
correct region then?

The role ARN is obtained via the instance metadata:

# curl -s http://169.254.169.254/latest/meta-data/iam/info | jq -c -M -r 
'.InstanceProfileArn'

Some details of the setup:

# lsb_release -a
No LSB modules are available.
Distributor ID:Ubuntu
Description:Ubuntu 14.04.5 LTS
Release:14.04
Codename:trusty

# ansible --version
ansible 2.0.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

# python --version
Python 2.7.6

# dpkg -l python-boto | grep ^ii
ii  python-boto  2.20.1-2ubuntu2   
all  Python interface to Amazon's Web Services

What can be the problem? Nothing obvious comes to my attention when looking 
in the module documentation 
http://docs.ansible.com/ansible/sts_assume_role_module.html.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d3e8bebb-f74d-487f-8e5b-f7314297b110%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: apt module behavior

[Igor Schaefer]

Спасибо!
А где можно изменить этот параметр? Я не нашел его 
в /etc/ansible/ansible.cfg

среда, 18 января 2017 г., 12:06:19 UTC+5 пользователь Alexey Vazhnov 
написал:
>
> Ansible set DEBIAN_FRONTEND=noninteractive, so no any dialog.
>
> On Wednesday, January 18, 2017 at 2:06:34 AM UTC+5, Igor Schaefer wrote:
>>
>> Hello, colleagues
>>
>> Sure, all you know the situation, when you install a new version of 
>> package and you get a dialog window with warnings like "use existing 
>> version of config file or replace it with new one" or "that your lovely 
>> function is depricated now, make a note of this", etc.
>> I'd like to know, what's apt module's behavior in such situation? What 
>> will its answer to this warnings?
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ac4b1688-e1f6-4982-89ac-5e6f2694a9df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] apt module behavior

[Igor Schaefer]

Thank you for paying my attention to the Ansible documentation. I read it 
but didn't get the dpkg_options

среда, 18 января 2017 г., 12:36:28 UTC+5 пользователь Andreas Olsson 
написал:
>
> tis 2017-01-17 klockan 01:42 -0800 skrev Igor Schaefer: 
> > Sure, all you know the situation, when you install a new version of 
> > package  and you get a dialog window with warnings like "use existing 
> > version of  config file or replace it with new one" or "that your 
> > lovely function is  depricated now, make a note of this", etc. 
> > I'd like to know, what's apt module's behavior in such situation? 
> > What will its answer to this warnings? 
>
> Ansible defaults to keeping the old/existing config files. 
>
> See https://docs.ansible.com/ansible/apt_module.html and 
> the dpkg_options parameter for the technical details. 
>
> Regarding other questions I guess that depends on their origin. In most 
> cases I assume they come from debconf, in which case they are hidden by 
> DEBIAN_FRONTEND=noninteractive (as mentioned by Alexey). 
>
> // Andreas 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7c9b426e-b357--8f04-5a70bbd5041f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] apt module behavior

[Igor Schaefer]

Hello, colleagues

Sure, all you know the situation, when you install a new version of package 
and you get a dialog window with warnings like "use existing version of 
config file or replace it with new one" or "that your lovely function is 
depricated now, make a note of this", etc.
I'd like to know, what's apt module's behavior in such situation? What will 
its answer to this warnings?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/60f8c985-3f93-42eb-9a81-64920ca9d813%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How create new Git repository from Ansible directly?

[Igor Khomyakov]

Hi,

You simply can't. Git module is supposed to be used to manage git
**checkouts** of repositories.
However command module can be useful  for you

- command: git init {{ repository }}

-- 
Best, Igor

On Fri, Jan 13, 2017 at 3:08 PM, SwApNiL PATIL  wrote:
> Hello All ,
>
> I am only able to clone the repository from Git with the help of Git module
> of Ansible. I am able to create new repository from shell and attach that
> shell script to Ansible.
> But I want to know can I create new repository in Git from ansible directly
> with the help of Git module of Ansible ?
>
> Your help is much appreciated.
>
> Thanks,
> Swapnil Patil.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8e7df72a-2a0c-47d3-903e-5002c210cc3c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansp%2BgjoeC8%3DAGoeiamUhHDjqw4RFA1o%2BkPxNhuHhDqQPaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Counting hosts in a group form an ec2 dynamic inventory

[Igor Cicimov]

The usual way would be to tag the instances and pick them up at the start of 
your play, put them in a group and count them. However, the dynamic inventory 
contains the running instances only otherwise your plays will fail running 
against stopped instances. Not sure how to get around this. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/67924150-030e-407b-ab47-7a7a4d741fbe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Unable to use ec2_vpc_route_table to remove route tables.... anyone else?

[Igor Cicimov]

Just to clarify, was the routing table in use by a subnet(s) at that 
moment? I think AWS will not allow you to remove a resource that is 
referenced by another one.

On Thursday, December 8, 2016 at 7:43:57 AM UTC+11, rc@gmail.com wrote:
>
> Using version:
>
> ansible 2.2.1.0 (stable-2.2 acad2ba246) last updated 2016/12/07 11:28:43 
> (GMT -400)
>   lib/ansible/modules/core: (detached HEAD 8139278530) last updated 
> 2016/12/07 11:28:55 (GMT -400)
>   lib/ansible/modules/extras: (detached HEAD f5f1fc934a) last updated 
> 2016/12/07 11:28:56 (GMT -400)
>   config file = /etc/ansible/ansible.cfg
>   configured module search path = Default w/o overrides
>
> I'm able to build route tables just fine, but trying to utilize the 
> "state:absent" attribute in the module does not result in removing route 
> tables. 
>
> I ended up doing a shell task and calling awscli to handle the removal. I 
> don't see any specific issues on the extras Github site about this 
> behavior, so I thought I'd inquire here... 
>
> Thanks,
>
> --rc
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/58efed36-3eaa-4ccf-ab6a-1c0c589d2051%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible 2.2.0 Final has been released!

[Igor Cicimov]

Hi James,

Although the performance improvements are welcomed, I wonder how does this 
stack compared to 1.9.x version?

There have been discussions here, more specific 
https://groups.google.com/forum/#!starred/ansible-devel/UU0Tpw-qlhY, and 
couple of issues raised and outlined in your post here 
https://groups.google.com/forum/#!starred/ansible-devel/TLEc1NoQ7lA, that 
revel a serious problem in the very core of 2.x release. Has this been 
addressed in 2.2.0 and if yes how close is the 2.2 performance to the old 
1.9.x branch?

Thanks,
Igor

On Wednesday, November 2, 2016 at 12:55:28 AM UTC+11, James Cammarata wrote:
>
> Hi all, we're very happy to announce that Ansible 2.2.0 has been released!
>
> This release includes many new features and improvements (from the RC1 
> release announcement):
>
> * Almost 200 new modules!
> * Major performance improvements. In many cases, you should see a 2-3x 
> improvement over 2.1/2.0.
> * `include_role` now allows for roles to be executed inline with your 
> other tasks, instead of listing them only in the `roles:` section of your 
> plays (http://docs.ansible.com/ansible/include_role_module.html)
> * The `listen` feature for handlers allows for much easier notifications 
> of multiple handlers via a pub/sub mechanism (
> http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change
> ).
> * Serial batches can now be specified as a list rather than a single 
> integer value, meaning you can do something like this to scale up serial 
> batches:
>   `serial: [1, 5, 10]` # the first batch will be 1 host, 2nd=5 hosts, all 
> other batches will be 10 hosts)
> * Windows tasks can now use "async", and can also now use the 
> "environment" option to set environment variables.
> * Support for binary modules.
> * New become method: `ksu` (Kerberos su).
> * New meta option: `end_play`, which allows for early termination of a 
> play without failing.
> * Meta tasks now support conditional statements.
>
> Here is the official announcement on our website:
>
>
> https://www.ansible.com/press/ansible-22-delivers-new-automation-capabilities-for-containers-networks-and-cloud
>
> As always, this update is available via PyPi and releases.ansible.com 
> now, and packages for distros will be available as soon as possible.
>
> Thanks and enjoy!
>
> James Cammarata
>
> Ansible Lead/Sr. Principal Software Engineer
> Ansible by Red Hat
> twitter: @thejimic, github: jimi-c
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ee7e7988-436a-4e6f-a13f-fcdb2f8d4301%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: MongoDB Ansible Deployment

[Igor Cicimov]

On Friday, August 19, 2016 at 12:50:07 PM UTC+10, Igor Cicimov wrote:
>
>
>
> On Friday, August 19, 2016 at 2:41:27 AM UTC+10, adam.a...@gmail.com 
> wrote:
>>
>>  Hello,
>>
>> So I am trying to convert a bunch of Ansible Playbooks that were used to 
>> deploy MongoDB into a more generalized group of roles used to for the 
>> deployment. I have somewhat based it off of the Ansible Example MongoDB 
>> Deployment Repository 
>> <https://github.com/ansible/ansible-examples/tree/master/mongodb>. The 
>> thing I am having trouble with now is the mongod role and the updating of 
>> the startup and configuration files on the arbiter/replica servers. In the 
>> original deployment, I have a play that looks like the one below.
>>
>> - hosts:
>>   - rs1
>>   remote_user: root
>>
>>   tasks:
>>   - name: Create the data directory for the replica sets
>> file: path=/data/db state=directory
>>   - name: Copy the daemon configuration file over to the replica sets
>> copy: src=/ansible/MongoDB/roles/mongod/templates/mongod_rs1.conf 
>> dest=/etc/mongod.conf
>>   - name: Copy the rc.local file over to the replica servers to start the 
>> mongod services at boot
>> copy: src=/ansible/MongoDB/roles/mongod/templates/rc_rep.local 
>> dest=/etc/rc.d/rc.local mode=0755
>>
>> The problem I am having stems from the hosts - there are 20 replica set 
>> hosts with each set having 2 replication servers. Now, it is easy to create 
>> the data directories and the startup file on each replication server as 
>> they all get the same path and startup file. So, I can just simply do the 
>> same task for every server in those groups. The place where I struggle, 
>> though, is the configuration file. The 2 servers in each replication set 
>> get their own configuration files, which are inherently different from all 
>> the other configuration files. My thoughts on how to get this to work - 
>> without doing a different play for each host - involved using the 
>> inventory_hostname variable as I ran through the Playbook. The way I had it 
>> set-up was like this,
>>
>> - name: Create the mongodb configuration file for each set of replica 
>> servers
>>   template: 
>> src=ansible/MongoDB/roles/mongod/templates/mongod_{{inventory_hostname}}.conf
>>  
>> dest=/etc/mongod.conf
>>
>> I thought, then, that this would drop the mongod.conf file onto the 
>> correct servers because it would read in the group, like "rs1", to that 
>> variable and it would work easily. 
>>
>
> If you need to use the group name, if I understand correctly, then make it 
> a variable like:
>
> - hosts: '{{ hosts }}'
>
> and then set the external variable at run time like -e "hosts=rs1" and use 
> that for the conf file name as well mongod_{{ hosts }}.conf
>  
>
>> This made me realize, though, that it would use "ghmrep1" and "ghmrep21" 
>> for example instead of "rs1" as the hostname. Then I thought about just 
>> changing the name of the mongod configuration files in the template folder 
>> to something like "mongod_ghmrep1" so that it would work that way. This 
>> seems unnecessary, though, and I would also have to double the amount of 
>> files I had to make this work. Is there any simpler way to go about this 
>> play where I could just create/copy all the files over in one fell swoop?
>>
>  
 Alternatively, if your groups are named like rs1, rs2, ... etc., then you 
can use the integer sequence loop to dynamically generate the group names 
in play time: 
http://docs.ansible.com/ansible/playbooks_loops.html#looping-over-integer-sequences

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/53509384-bc79-4a69-93f7-bd93b7b924e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: MongoDB Ansible Deployment

[Igor Cicimov]

On Friday, August 19, 2016 at 2:41:27 AM UTC+10, adam.a...@gmail.com wrote:
>
>  Hello,
>
> So I am trying to convert a bunch of Ansible Playbooks that were used to 
> deploy MongoDB into a more generalized group of roles used to for the 
> deployment. I have somewhat based it off of the Ansible Example MongoDB 
> Deployment Repository 
> . The 
> thing I am having trouble with now is the mongod role and the updating of 
> the startup and configuration files on the arbiter/replica servers. In the 
> original deployment, I have a play that looks like the one below.
>
> - hosts:
>   - rs1
>   remote_user: root
>
>   tasks:
>   - name: Create the data directory for the replica sets
> file: path=/data/db state=directory
>   - name: Copy the daemon configuration file over to the replica sets
> copy: src=/ansible/MongoDB/roles/mongod/templates/mongod_rs1.conf 
> dest=/etc/mongod.conf
>   - name: Copy the rc.local file over to the replica servers to start the 
> mongod services at boot
> copy: src=/ansible/MongoDB/roles/mongod/templates/rc_rep.local 
> dest=/etc/rc.d/rc.local mode=0755
>
> The problem I am having stems from the hosts - there are 20 replica set 
> hosts with each set having 2 replication servers. Now, it is easy to create 
> the data directories and the startup file on each replication server as 
> they all get the same path and startup file. So, I can just simply do the 
> same task for every server in those groups. The place where I struggle, 
> though, is the configuration file. The 2 servers in each replication set 
> get their own configuration files, which are inherently different from all 
> the other configuration files. My thoughts on how to get this to work - 
> without doing a different play for each host - involved using the 
> inventory_hostname variable as I ran through the Playbook. The way I had it 
> set-up was like this,
>
> - name: Create the mongodb configuration file for each set of replica 
> servers
>   template: 
> src=ansible/MongoDB/roles/mongod/templates/mongod_{{inventory_hostname}}.conf 
> dest=/etc/mongod.conf
>
> I thought, then, that this would drop the mongod.conf file onto the 
> correct servers because it would read in the group, like "rs1", to that 
> variable and it would work easily. 
>

If you need to use the group name, if I understand correctly, then make it 
a variable like:

- hosts: '{{ hosts }}'

and then set the external variable at run time like -e "hosts=rs1" and use 
that for the conf file name as well mongod_{{ hosts }}.conf
 

> This made me realize, though, that it would use "ghmrep1" and "ghmrep21" 
> for example instead of "rs1" as the hostname. Then I thought about just 
> changing the name of the mongod configuration files in the template folder 
> to something like "mongod_ghmrep1" so that it would work that way. This 
> seems unnecessary, though, and I would also have to double the amount of 
> files I had to make this work. Is there any simpler way to go about this 
> play where I could just create/copy all the files over in one fell swoop?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd0b3a38-4d59-4b35-b031-946fa0cd30d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] yum groupinstall "Development tools" for mutliple Linux-based OS

[Igor P.]

Hi,

I am new to Ansible and I am working a playbook that requires to have 
Development-tool installed on on CentOS based server. However, I was 
thinking about writing playbook that will be applicable to Debian-based OSs 
such as Ubuntu for example. What would be the module that can install 
Development-tools on both Fedora and Debian based systems?

This is what I currently have:

tasks:
  - name: Install Development Tools, git, curl, htop
yum: name={{ item }} state=present update_cache=yes
with_items:
  - "@development_tools"
  - git
  - curl
  - htop



Thanks for you help. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d67a4b96-d83b-447e-b525-5be26589721c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Execution order of handles in notify

[Igor Cicimov]

On Wednesday, July 13, 2016 at 7:21:08 PM UTC+10, Kai Stian Olstad wrote:
>
> On 13.07.2016 10:25, Igor Cicimov wrote: 
> > - name: template configuration file 
> >   template: src=template.j2 dest=/etc/foo.conf 
> >   notify: 
> >  - restart memcached 
> >  - restart apache 
> > 
> > 
> > does this guarantee that memcached is always going to be restarted 
> > before 
> > apache when the handles get flushed? 
>
> No. 
> All notify will run at the end an in the order they are in handlers 
> file. 
>
> -- 
> Kai Stian Olstad 
>

I guess same goes in case of different tasks calling different handles? 
Like:

- task1
  notify:
 - restart memcached

- tasks2
  notify:
 - restart apache

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9d2cc89a-b761-4d46-9fab-f76a65135bef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Execution order of handles in notify

[Igor Cicimov]

Hi,

I can't find anywhere in the documentation any mention of the task order 
executed under notify. Having the example from the web docs:
 

- name: template configuration file
  template: src=template.j2 dest=/etc/foo.conf
  notify:
 - restart memcached
 - restart apache


does this guarantee that memcached is always going to be restarted before 
apache when the handles get flushed?

Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e1fe075f-42e1-4814-b485-3f7f3e2974e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: -m setup -a filter="ansible_eth0.ipv4.address" returns no results

[Igor I]

$ ansible -i inventory -m setup -a "filter=facter_ipaddress_eth1" 
hostname.example.org

hostname.example.org | SUCCESS => {
"ansible_facts": {
"facter_ipaddress_eth1": "192.168.33.10"
},
"changed": false
}


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38b45f98-a9fd-4372-8e3d-ddd2ec66d217%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Need help with nested variables to use in a "when:" directive inside of a role playbook

[Igor Cicimov]

Try this:

- name: Ensure user directory exists
  file:
path=/opt/{{ item.item }}
state=directory
owner={{ item.item }}
group={{ item.item }}
mode=0755
  with_items: passinfo.results

not tested though.

On Wednesday, February 3, 2016 at 7:48:21 AM UTC+11, Dayton Jones wrote:
>
> I have a requirement to create directories only if the specified user(s) 
> exist on the remote host... given my role defintion below, what is the 
> proper syntax to use with "when" (or other method) to only create the 
> directory only if that user exists on the host and skip the task if not 
> present?  
>
> ../vars/main.yml:
>
>> ---
>> my_user_list:
>>   - user1
>>   - user2
>>
>
>
> ../tasks/main.yml:
>
>> - name: Check for existence of users
>>   getent: database=passwd key={{item}} fail_key=False
>>   with_items: my_user_list
>>   register: passinfo
>> - name: Ensure user directory exists (user1)
>>   file:
>> path=/opt/user1
>> state=directory
>> owner=user1
>> group=user1
>> mode=0755
>>   when: ??? filter to only run if user1 exists ???
>>   ignore_errors: yes
>> - name: Ensure user directory exists (user2)
>>   file:
>> path=/opt/user2
>> state=directory
>> owner=user2
>> group=user2
>> mode=0755
>>   when: ??? filter to only run if user2 exists ???
>>   ignore_errors: yes
>>
>
>
> here is the "output" of the passinfo variable:
>
> "passinfo": {
> "changed": false, 
> "msg": "All items completed",
> "results": [
> {
> "_ansible_no_log": false,
> "ansible_facts": {
> "getent_passwd": {
> "user2": [
> "x",
> "1002",
> "1002",
> "",
> "/home/user2",
> "/bin/bash"
> ]
> }
> },
> "changed": false,
> "invocation": {
> "module_args": {
> "_ansible_check_mode": false,
> "_ansible_debug": false,
> "_ansible_diff": false,
> "_ansible_no_log": false,
> "_ansible_verbosity": 0,
> "database": "passwd",
> "fail_key": false,
> "key": "user2",
> "split": null
> },
> "module_name": "getent"
> },
> "item": "user2"
> },
> {
> "_ansible_no_log": false,
> "ansible_facts": {
> "getent_passwd": {
> "user1": null
> }
> },
> "changed": false,
> "invocation": {
> "module_args": {
> "_ansible_check_mode": false,
> "_ansible_debug": false,
> "_ansible_diff": false,
> "_ansible_no_log": false,
> "_ansible_verbosity": 0,
> "database": "passwd",
> "fail_key": false,
> "key": "user1",
> "split": null
> },
> "module_name": "getent"
> },
> "item": "user1",
> "msg": "One or more supplied key could not be found in the 
> database."
> }
> ]
> }
> }
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0876b6df-58a5-4ff5-a279-b485c082b311%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Retrieving the dictionary key from the dictionary variable

[Igor Kaplan]

Hi all,


  Could someone please help me with the following issue.
I have created the EC2 security group using the
ec2_group module.

ec2_group
  name: group name
  description: group description
  rules:
- proto: tcp
  to_port: 22
  cidr_ip: 127.0.0.1
...
register: sg

If I display the sg variable using the debug, I see all security group 
information.

Now I need to retrieve the rules array from the sg variable, actually need 
to retrieve the cidr_ip from rules and I am not sure how.

  I tried the following: sg.rules[0].cidr_ip, gave me an incorrect variable 
error. It even gives me the incorrect "rules" variable if I do something 
like
sg.rules

However I can do sg.group_id with no problems.

  So I am probably missing something simple. Could someone please tell me 
what is the proper way to retrieve the dictionary value, for the key, which 
is the dictionary or array of dictionaries itself.

Thanks so much in advance for any help.

  -Igor.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a3d221bf-7bb3-40a5-9d78-9f66a46342c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible 1.9.4-1ppa~trusty removed from ansible ppa?

[Igor Cicimov]

I noticed the same and that sucks. In the future, is it possible to make 
people aware of this fact before the ppa just disappear so we can prepare 
for the impact and don't get our automated envs brake?
I apologies if this has already been done and I have somehow missed it.

Thanks,
Igor

On Thursday, January 14, 2016 at 1:33:28 AM UTC+11, Brian Coca wrote:
>
> Sadly we don't seem able to host multiple versions of a package 
> through the PPA, so 2.0 will removes 1.9. 
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c52c6cf0-f760-43dc-aa7d-c4b6c9754ccd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

Yeah, for sure there can be some workarounds but very tedious ones. Your 
example can work but needs to be thought of at the very beginning of 
organizing your repository and I can't see anyone that clever foreseeing 
that far in the future about issue like this. Ones you have repository of 
30 roles and more than hundred of playbooks retrofitting this into every 
playbook for every task and who knows how many different variables (you 
obviously need separate variable per tag type) is really impossible.

On Friday, December 18, 2015 at 6:37:18 AM UTC+11, Mike Biancaniello wrote:
>
> I agree that I'd like to be able to have roll contain a number of tasks 
> and then have then selective run. A use-tags or play-tags option would be 
> nice to use in that case. While you can certainly implement that with vars 
> (see #2 below), it seems that a tags solution would be more elegant.
>
> There are also times when you want to insert debug tasks but don't want 
> them to play by default and don't want to have to remember to always send 
> --skip-tags='debug' every time you run a playbook. 
>
> However, for now, I work around this in two ways:
>
> 1. I write a python script that calls the playbook and it sets the tags 
> for me.
>
> e.g.
> ./run_playbook.py site.yml
>
> would essentially run:
>
> ansible-playbook -i hosts site.yml --skip-tags='debug'
>
> or something to that effect.
>
> 2. I require an extra-var to *not* skip.
>
> e.g. 
>   tasks:
> - name: Show vars
>   debug: msg={{item.ansible_facts}}
>   with_items: some_loaded_vars.results
>   tags: debug
>   when: debug|default(false)
>
>
> then:
>
> ansible-playbook site.yml -e '{"debug":true}'
>
> would execute that task.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/194f03e2-26f9-4bf7-bcbe-f80731b4b63c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] --skip-tags equivalent inside playbooks

[Igor Cicimov]

This sounds like very reasonable request, option like:

- { role: A, skip-tags: [t1, t2] }

whould be very useful in case of playbook with many roles having same tags thus 
--skip-tags is not an option in case one wants to skip tags in couple of roles 
only.

Any plans to support this?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/19aac0be-f7da-4c30-bf22-ce9d09462321%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] variables messed up when using including tasks

[Igor Cicimov]

Well of course they get overwritten in the *same* play since all variables 
are *global* during the play execution, otherwise if you call group1 after 
group0 what will happen is group1 will get the variables from group0, which 
is not desirable, right?

What you need to do is rethink your playbooks and inventory structure, 
think of using multiple roles instead of single one with many tasks and 
keep the global variables names unique if you don't want them overwritten.

On Sunday, December 13, 2015 at 3:31:17 AM UTC+11, silverdr wrote:
>
> I /think/ I know where the problem comes from: I encountered it with group 
> vars defined in the inventory file. I eventually moved both the role 
> variables and group_vars into inventory file, trying to establish one place 
> where the variables are defined. Now:  

My inventory file looks like this (IPs are dummy): 
>
> [group0] 
> 234.123.41.44 
> [group0:vars] 
> var0=00 
> var1=01 
>
> [group1] 
> 234.123.41.45 
> [group1:vars] 
> var0=10 
> var1=11 
>
> Now, in this configuration, variables have their values intact. But when I 
> refer with both groups to the same host, like: 
>
> [group0] 
> 234.123.41.44 
> [group0:vars] 
> var0=00 
> var1=01 
>
> [group1] 
> 234.123.41.44 
> [group1:vars] 
> var0=10 
> var1=11 
>
> which I guess is rather typical when deploying to development environment, 
> then the group0 variables get overwritten! 
>
> Since my configuration with "defaults" has been applied to similar 
> inventory, my best guess is that this caused the problem there too. Now - 
> what to do in order to have the variables keep their values for different 
> groups, even if the host happens to be the same? And shouldn't it be the 
> case anyway?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c74dc634-04fc-4380-8800-99b5978e649d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] variables messed up when using including tasks

[Igor Cicimov]

Also if you can put

- debug: var=destination

before and after every include call would be very helpful to see where the 
var actually gets changed.

Just realized that my previous message might not be clear enough, what I 
mean is add:

--extra-vars '{"destination":"some_value_here"}'

to the ansible-playbook command and move back all your vars in their 
respective defaults files as they were before.

On Friday, December 11, 2015 at 3:37:37 PM UTC+11, Igor Cicimov wrote:
>
> Just out of curiosity, what happens when you supply destination via 
> extra_vars and leave everything as it was in defaults file?
>
>
> On Friday, December 11, 2015 at 11:09:30 AM UTC+11, silverdr wrote:
>>
>>
>> > On 2015-12-10, at 23:13, Igor Cicimov  
>> wrote: 
>> > 
>> > Strange, because I'm sure every time I call a tasks file from another 
>> role I have to explicitly include that role's defaults|vars file via 
>> vars_files to be able to use its variables. So you are saying you are 
>> seeing this happen without this linking. Do you mind showing us the whole 
>> main playbook? 
>>
>> FYI: I - kind of - worked the problem around by moving the variables from 
>> "defaults" to "vars" but this causes other inconveniences when I actually 
>> want to overwrite them. 
>>
>> Example playbook ({{destination}} value changes after the first -include: 
>>
>> --- 
>> - hosts: api 
>>   remote_user: teamcity 
>>   sudo: yes 
>>   gather_facts: no 
>>
>>   pre_tasks: 
>>
>>   roles: 
>> - { role: "api" } 
>>
>>   tasks: 
>>
>>   post_tasks: 
>>
>>  
>> roles/api/tasks/main.yml: 
>>
>> # Prerequisities / system dependencies 
>> - name: install dependencies 
>>   apt: name={{item}} state=present 
>>   with_items: 
>> - python-httplib2 
>> - supervisor 
>>
>> # Configuring PHP 
>> - include: php.yml 
>>
>> # Getting and preparing / installing the code 
>>
>> - name: if exists - remove previously cloned repository 
>>   file: 
>> path: "{{destination}}" 
>> state: absent 
>>   when: clear_destination is defined 
>>   tags: 
>> - api 
>>
>> - name: clone repository 
>>   git: 
>> repo: "{{repository}}" 
>> dest: "{{destination}}" 
>> accept_hostkey: yes 
>>   tags: 
>> - api_debug 
>>
>> - name: copy default env file # TODO - process the env file out of 
>> env.dist 
>>   template: src=env.ini.j2 dest={{destination}}/api/.env 
>>   tags: env_file 
>>
>> - name: install using composer 
>>   composer: command=install working_dir={{destination}}/api/ no_dev=no 
>>
>> - name: change ownership of the cloned repository 
>>   file: dest={{destination}} owner={{owneruser}} group={{ownergroup}} 
>> state=directory recurse=yes 
>>
>> # Configuring database 
>> - name: stop supervisor service 
>>   supervisorctl: name='api:' state=stopped 
>>   tags: api_database 
>>
>> - include: database.yml 
>>
>> - name: run migrations 
>>   sudo_user: "{{owneruser}}" 
>>   command: php artisan migrate chdir={{destination}}/api/ 
>>
>> - name: seed the database 
>>   sudo_user: "{{owneruser}}" 
>>   command: php artisan db:seed chdir={{destination}}/api/ 
>>
>> # Cleaning elastic index 
>> - name: cleanup elastic index 
>>   uri: url=http://{{elastic_hostname}}:{{elastic_port}}/{{listing_index}} 
>> method=DELETE status_code=200,404 
>>   when: clean_elastic_index is defined 
>>   tags: 
>> - clean_elastic_index 
>>
>> # Run artisan queue daemon with supervisord 
>> - name: copy queue daemon configuration 
>>   template: src=supervisord.conf.j2 dest=/etc/supervisor/conf.d/api.conf 
>>   tags: queue 
>>
>> - name: add new service 
>>   supervisorctl: name='api:' state=started 
>>   tags: queue 
>>
>> - name: start added service 
>>   supervisorctl: name='api:' state=restarted 
>>   tags: queue 
>>
>> # Configuring network 
>> - include: network.yml 
>>
>> # Configuring httpd 
>> - include: httpd.yml 
>>
>> # Generating apidocs 
>> - include: apidocs.yml 
>>
>> ** 
>> roles/api/tasks/php.yml: 
>>
>> --- 
>> - name: install php5 extensions

Re: [ansible-project] variables messed up when using including tasks

[Igor Cicimov]

Just out of curiosity, what happens when you supply destination via 
extra_vars and leave everything as it was in defaults file?


On Friday, December 11, 2015 at 11:09:30 AM UTC+11, silverdr wrote:
>
>
> > On 2015-12-10, at 23:13, Igor Cicimov  > wrote: 
> > 
> > Strange, because I'm sure every time I call a tasks file from another 
> role I have to explicitly include that role's defaults|vars file via 
> vars_files to be able to use its variables. So you are saying you are 
> seeing this happen without this linking. Do you mind showing us the whole 
> main playbook? 
>
> FYI: I - kind of - worked the problem around by moving the variables from 
> "defaults" to "vars" but this causes other inconveniences when I actually 
> want to overwrite them. 
>
> Example playbook ({{destination}} value changes after the first -include: 
>
> --- 
> - hosts: api 
>   remote_user: teamcity 
>   sudo: yes 
>   gather_facts: no 
>
>   pre_tasks: 
>
>   roles: 
> - { role: "api" } 
>
>   tasks: 
>
>   post_tasks: 
>
>  
> roles/api/tasks/main.yml: 
>
> # Prerequisities / system dependencies 
> - name: install dependencies 
>   apt: name={{item}} state=present 
>   with_items: 
> - python-httplib2 
> - supervisor 
>
> # Configuring PHP 
> - include: php.yml 
>
> # Getting and preparing / installing the code 
>
> - name: if exists - remove previously cloned repository 
>   file: 
> path: "{{destination}}" 
> state: absent 
>   when: clear_destination is defined 
>   tags: 
> - api 
>
> - name: clone repository 
>   git: 
> repo: "{{repository}}" 
> dest: "{{destination}}" 
> accept_hostkey: yes 
>   tags: 
> - api_debug 
>
> - name: copy default env file # TODO - process the env file out of 
> env.dist 
>   template: src=env.ini.j2 dest={{destination}}/api/.env 
>   tags: env_file 
>
> - name: install using composer 
>   composer: command=install working_dir={{destination}}/api/ no_dev=no 
>
> - name: change ownership of the cloned repository 
>   file: dest={{destination}} owner={{owneruser}} group={{ownergroup}} 
> state=directory recurse=yes 
>
> # Configuring database 
> - name: stop supervisor service 
>   supervisorctl: name='api:' state=stopped 
>   tags: api_database 
>
> - include: database.yml 
>
> - name: run migrations 
>   sudo_user: "{{owneruser}}" 
>   command: php artisan migrate chdir={{destination}}/api/ 
>
> - name: seed the database 
>   sudo_user: "{{owneruser}}" 
>   command: php artisan db:seed chdir={{destination}}/api/ 
>
> # Cleaning elastic index 
> - name: cleanup elastic index 
>   uri: url=http://{{elastic_hostname}}:{{elastic_port}}/{{listing_index}} 
> method=DELETE status_code=200,404 
>   when: clean_elastic_index is defined 
>   tags: 
> - clean_elastic_index 
>
> # Run artisan queue daemon with supervisord 
> - name: copy queue daemon configuration 
>   template: src=supervisord.conf.j2 dest=/etc/supervisor/conf.d/api.conf 
>   tags: queue 
>
> - name: add new service 
>   supervisorctl: name='api:' state=started 
>   tags: queue 
>
> - name: start added service 
>   supervisorctl: name='api:' state=restarted 
>   tags: queue 
>
> # Configuring network 
> - include: network.yml 
>
> # Configuring httpd 
> - include: httpd.yml 
>
> # Generating apidocs 
> - include: apidocs.yml 
>
> ** 
> roles/api/tasks/php.yml: 
>
> --- 
> - name: install php5 extensions 
>   apt: name={{item}} state=present 
>   with_items: 
> - php5-mcrypt 
> - php5-json 
> - php5-pgsql 
> - php5-xsl 
> - php5-gmp 
>
> - name: enable php5-mcrypt extension 
>   command: php5enmod mcrypt 
>   args: 
> creates: /etc/php5/apache2/conf.d/20-mcrypt.ini 
>
> # when installing xdebug make sure that xdebug.max_nesting_level = 250 
> # is also set in the php's php.ini configuration file 
> - name: install php5 xdebug extension 
>   apt: name={{item}} state=present 
> - php5-xdebug 
>   when: xdebug is defined 
>
> - name: set php5 xdebug configuration param 
>   lineinfile: 
> dest: "{{php_ini_path}}" 
> backup: true 
> backrefs: true 
> state: present 
> regexp: "{{item.regexp}}" 
> line: "{{item.line}}" 
>   with_items: 
> - {regexp: '^xdebug.max_nesting_level', line: 
> 'xdebug.max_nesting_level = 250'} 
>   notify: restart httpd 
>   when: xdebug is defined 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/47154092-8c8e-464a-a1a7-1757fc31c1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] variables messed up when using including tasks

[Igor Cicimov]

Strange, because I'm sure every time I call a tasks file from another role I 
have to explicitly include that role's defaults|vars file via vars_files to be 
able to use its variables. So you are saying you are seeing this happen without 
this linking. Do you mind showing us the whole main playbook?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/daa01dcf-1ba9-4e56-879e-1a5626dbde30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] variables messed up when using including tasks

[Igor Cicimov]

Do you by any chance have some of those vars also defined in the group_vars/all 
file? In that case they overide the ones in the roles default file causing 
unexpected results for people unaware of this fact.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/09bab1fc-a54f-4b61-937d-ac38ddd7637c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: gluster_volume module

[Igor Cicimov]

Just for the record, removing quotes from your example like this:

options={ group: virt, storage.owner-uid: '36', storage.owner-gid: '36' }

works for me on 1.9.4.

On Wednesday, August 12, 2015 at 11:21:23 PM UTC+10, Chris Weeks wrote:
>
> Thank you for sharing this information, I had come across the exact same 
> problem - use case: gluster storage backends for oVirt clusters.
>
> My role includes the following:
>
> - name: Gluster volume exists - {{gvol_name}}
>   gluster_volume: >
> state=present
> name={{gvol_name}}
> brick={{gvol_brick}}
> options="{ group: virt, storage.owner-uid: '36', storage.owner-gid: 
> '36' }"
>
> Unfortunately, that syntax still fails with msg: unable to evaluate 
> dictionary for options.
>
> Do you have any tips on the fix or are you able to send a working 
> role/playbook that I can use as an example?
>
> Either way, I appreciate you posting your fault and some success online!   
> :)
>
>
>
> On Saturday, July 4, 2015 at 3:52:09 PM UTC+12, Michael Goodness wrote:
>>
>> Well, apparently I hadn't tried everything yet. I was able to get a 
>> successful run by including the options parameter in the creation task, 
>> rather than keeping them separate. I also had to double-quote the expansion 
>> in my playbook, and single-quote the integers in my variable dictionary:
>>
>> # file: group_vars/gluster_hosts
>>> ...
>>> options: { group: virt, storage.owner-uid: '36', storage.owner-gid: '36' 
>>> }
>>> ...
>>
>>
>> (Note the corrections to owner-uid and owner-gid.)
>>
>> # file: roles/gluster/tasks/main.yml
>>> ...
>>> - name: Create gluster volumes
>>>   sudo: true
>>>   gluster_volume:
>>> name={{ item.name }}
>>> brick="{% for brick in item.bricks %}{{ brick.mount }}/{{ item.name 
>>> }}{% if not loop.last %},{% endif %}{% endfor %}"
>>> cluster="{{ groups.gluster_hosts|join(',') }}"
>>> options="{{ item.options }}"
>>> state=present
>>>   with_items: gluster_volumes
>>>   tags: gluster
>>> ...
>>
>>
>> Seems like there's a bug in the module, and the documentation is 
>> definitely incorrect. I'll experiment more and see if I can offer a fix.
>>
>>
>> On Friday, July 3, 2015 at 10:33:24 PM UTC-5, Michael Goodness wrote:
>>>
>>> Greetings, Ansiblites!
>>>
>>> I'm attempting to write a role that uses the gluster_volume module. All 
>>> is well right up until I try to specify an 'options' parameter. According 
>>> to the documentation, I'm to use "a dictionary/hash with 
>>> options/settings for the volume". The example given is as follows:
>>>
>>> gluster_volume: state=present name=test1 
 options='{performance.cache-size: 256MB}'
>>>
>>>
>>> I've matched that syntax in my playbook, and all I get is a complaint 
>>> from Ansible about quoting. I've tried just about every variation of 
>>> quoting I can think of: single, double, double-double, escaped, etc.. The 
>>> closest I (think) have gotten is by specifying the options as a variable, 
>>> then single-quoting the expansion:
>>>
>>> # file: group_vars/gluster_hosts
 ...
 options: { group: virt, storage.owner_uid: 36, storage.owner_gui: 36 }
 ...

>>>  
>>>
 # file: roles/gluster/tasks/main.yml
 ...
  gluster_volume: name={{ name }} options='{{ options }}' state=present
 ...
>>>
>>>
>>> Even then, the result is:
>>>
>>> msg: unable to evaluate dictionary for options
>>>
>>>
>>> Can anyone shed some light on this? I'm at my wit's end.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/22028701-e8cf-44e6-afa1-072a629d30f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] hipchat module problem

[Igor Khomyakov]

Hi,

I'm afraid hipchat module is not very well tested with  private
hipchat servers. There is a chance that we've missed something here. I
committed some changed to the module in regard of API V2 support so I
would be happy to help you. Please drop me a line off the list. I hope
I will be able to help you.

-- Best, Igor

On Mon, Nov 23, 2015 at 9:18 PM,   wrote:
> I'm trying to do a simple hipchat module test.  Here's my playbook (note
> that we use an in-house hosted HipChat server, if that makes a difference):
>
> test.yml:
> ---
> - hosts: all
>   tasks:
> - name: test hipchat v1 module
>   hipchat:
> api: "https://chat.mycompany.com/v1/";
> token: 70fafbe800ad93f6c37dce3eed388c
> room: "53"
> msg: "Ansible notify test"
> validate_certs: no
>
> $ ansible-playbook -i hosts test.yml
>
> and this is what I get in output:
>
> TASK: [test hipchat v1 module]
> 
> failed: [web01.mycompany.com] => {"failed": true}
> msg: failed to send message, return status=-1
>
> FATAL: all hosts have already failed -- aborting
>
>
> I've tried v2 (with v2 room tokens), v1, etc... but I can't get the damn
> thing to post a message.  What stupidly simple thing am I missing here?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ddfb9e37-cb6f-4cb1-ad39-054a04394351%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansoZHLjMPhs1QCx0QSgpcwTU2w6-oe5XuLfNCLV0pikFTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How can append values into host variable

[Igor Cicimov]

Try

- set_fact: locked_domains="{{ locked_domains }}item.ID"

Also using with_dict might be better option instead of with_items in this case.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e82693a9-ba5a-4bf2-a467-220cf32e7110%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] The file module failing when directory exists

[Igor Cicimov]

Directory.

On Tuesday, November 17, 2015 at 9:21:51 AM UTC+11, Tim Fletcher wrote:
>
> On 16/11/15 07:06, Igor Cicimov wrote: 
> > Hi all, 
> > 
> > Currently a task like this: 
> > 
> > file: path=/data state=directory owner=root group=root mode=0755 
> > 
> > fails with the following error: 
> > 
> > failed: [localhost] => {"failed": true, "parsed": false} 
> > BECOME-SUCCESS-pquapqcakqrmffxonpxknqbulycqfmls 
> > Traceback (most recent call last): 
> >   File 
> > "/root/.ansible/tmp/ansible-tmp-1447656411.96-95869428580440/file", line 
> > 2012, in  
> > main() 
> >   File 
> > "/root/.ansible/tmp/ansible-tmp-1447656411.96-95869428580440/file", line 
> > 279, in main 
> > os.mkdir(curpath) 
> > OSError: [Errno 17] File exists: '/data' 
> > 
> > on Ansible 1.9.4. Doesn't it make more sense for the task to continue 
> > and just set the permissions instead of failing when the directory 
> > already exists? 
>
> Is it a directory or a file? 
>
> I have come across this error when a file existed which I requested be a 
> directory. 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f94c3e62-0cb2-40f3-a446-300af23c9d01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: The file module failing when directory exists

[Igor Cicimov]

Absolutely sure. This should be easily reproducible if you are willing to try 
it.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ba4eae22-dfff-487f-9447-17592b7fca01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] The file module failing when directory exists

[Igor Cicimov]

Hi all,

Currently a task like this:

file: path=/data state=directory owner=root group=root mode=0755

fails with the following error:

failed: [localhost] => {"failed": true, "parsed": false}
BECOME-SUCCESS-pquapqcakqrmffxonpxknqbulycqfmls
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1447656411.96-95869428580440/file", 
line 2012, in 
main()
  File "/root/.ansible/tmp/ansible-tmp-1447656411.96-95869428580440/file", 
line 279, in main
os.mkdir(curpath)
OSError: [Errno 17] File exists: '/data'

on Ansible 1.9.4. Doesn't it make more sense for the task to continue and 
just set the permissions instead of failing when the directory already 
exists?

Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/55ba151e-d042-4375-8eec-b11750c333a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] new AWS EC2 instance created using ansible does not use SSD

[Igor Cicimov]

Probably it is not supported and I can't see any of examples in the docs 
referring to /dev/sda1 in the volumes section.

What you can do though is go to your ec2 console and set gp2 type as default 
when launching new instances.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f90091ac-3e39-42ca-bcec-4d8bdee8b8b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Dynamic deployment to AWS w/ Groups

[Igor Cicimov]

Hey Rob,

Well you definitely need a dynamic inventory which in case of AWS is 
provided by the *ec2.py* script. I guess you have already read on how to 
setup this, some helpful links below:

http://docs.ansible.com/ansible/intro_dynamic_inventory.html#example-aws-ec2-external-inventory-script
https://aws.amazon.com/blogs/apn/getting-started-with-ansible-and-dynamic-amazon-ec2-inventory-management/

So basically you download the script from 
https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.py, make 
it executable and set it as */etc/ansible/hosts* (please take backup first 
of your existing file). Then you just drop 
https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.ini
 
to */etc/ansible/ec2.ini* and you are good to go.

This is the way I have it set up. In this way I don't even have to provide 
inventory file when I'm running some default stuff since Ansible by default 
reads the /etc/ansible/hots file. So instead:

$ ansible-playbook -i /some/inventory/path some-playbook.yml

I just run:

$ ansible-playbook some-playbook.yml

and Ansible understands by default that I want to run against the dynamic 
inventory.

So, this dynamic inventory will be the one that will provide you with all 
the groups you want to work with later. So after running your creation 
playbook for first time, next time you run a playbook it will have the new 
instances included in the inventory for you and nicely sorted under 
appropriate groups. There will be groups available for zones, subnets, 
security groups, tags etc etc etc. If you run the */etc/ansible/hosts* file 
(which is actually the ec2.py script renamed in our case) manually, it will 
give you a screen output of the whole inventory including the groups you 
have on your disposal.

To conclude, you do not need inventory for your instance creation playbook 
but you DO need it for any other playbook you want to run against already 
created instances, like the config playbook for example. 

Now about the variables. True you can set the variables in the group_vars 
but the problem is you need them to be dynamic, thus you need to modify 
them in runtime. So you can have some default valuse lets say in your 
group_vars file like:

var1: 1

and then change that accordingly depending on the env you are running 
against:

  - set-fact:
  var1: {%- if my_env|lower == 'prod' -%}5{%- endif -%}

OR you can have different set of variables per environment which might 
become more messy since you will have to maintain different files and 
possibly directories. That's my recommendation was to keep it simple to 
start with and do it all in single playbook using the above logic. The 
bottom line is you will have to set those variable somewhere and somehow, 
it is up to you how you want to do it. Then later when you feel more 
comfortable with Ansible you might start braking it down to roles, 
dependencies, different inventory dirs per environment, upload it to 
GitHub  etc etc etc.

Just my 2 cents.

Cheers,
Igor

On Tuesday, October 27, 2015 at 12:26:17 AM UTC+11, Rob Wilkerson wrote:
>
> Thanks, Igor. This has been great. It sounds like you're saying I 
> can't/shouldn't use an inventory file at all, but explicitly pass an extra 
> var  for the environment. Rather than dropping conditionals everywhere I 
> need env-specific values, is there any way to get Ansible to use that env 
> value to automatically read variables from a file? Originally, it seemed 
> like group_vars made the most sense, but if an inventory file doesn't make 
> sense, I'm not sure group_vars make sense either.
>
> Thanks again.
>
> On Sunday, October 25, 2015 at 9:18:09 PM UTC-4, Igor Cicimov wrote:
>>
>> Well as I expected this might be little bit confusing to a beginner. So 
>> basically the answer to your question was: tag the instances you create 
>> based on the environment you are creating them in and then use that tag for 
>> the configuration task(s).
>>
>> Which means you need to base the exact_count on the parameter you want to 
>> group on, in this case the environment tag:
>>
>> exact_count: "5"
>> count_tag:
>>   Env: "prod"
>>
>> In this way when ever you run the creation playbook it will check if 
>> there are exactly 5 instances with tag named Env and value of prod and if 
>> no will create them and if yes will skip the creation task.
>>
>> There aren't any "tons" of input vars in my example, it is just the 
>> environment tag name you want to run the playbook for. Very simple.
>>
>> For the configuration playbook as I said you just need to use:
>>
>> - hosts: tag_Env_
>>
>> to configure the ec2 instances you have created for the environment.
>>
>> Sorry 

[ansible-project] Re: apt update failing on ubuntu-14.04 in ec2

[Igor Cicimov]

Thanks Mark for confirming this. Now off to update all of my playbooks :-(

On Saturday, October 24, 2015 at 7:36:45 AM UTC+11, Mark McWilliams wrote:
>
> I am noticing exactly the same thing. Like you, it just started happening 
> in the last few days. I believe its related to Canonical's Ubuntu AMI that 
> was updated on October, 19th. This issue only started for me after 
> switching to this updated AMI. I've been able to mostly workaround it by 
> having an explicit apt cache update task with a retry:
>
> - name: Update apt cache
>   apt: update_cache=yes
>   register: result
>   until: result|success
>   retries: 10
>
> The cache update often fails on the first attempt, and then succeeds on 
> the next. This happens frequently, but inconsistently any time I launch a 
> new instance with this AMI.
>
> On Thursday, October 22, 2015 at 6:28:54 PM UTC-7, Igor Cicimov wrote:
>>
>> Hi all,
>>
>> The following task:
>>
>> - name: Update apt
>>   apt: update_cache=yes cache_valid_time=3600
>>   when: ansible_os_family == "Debian"
>>
>> suddenly failed today on the newly created ec2 host after running 
>> successfully for a long long time.
>>
>> The trace is given below:
>>
>> Traceback (most recent call last):
>>   File "", line 2258, in 
>>   File "", line 554, in main
>>   File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 107, in 
>> __init__
>> self.open(progress)
>>   File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 153, in open
>> self._records = apt_pkg.PackageRecords(self._cache)
>> SystemError: E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_restricted_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_multiverse_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_multiverse_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_restricted_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_universe_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_restricted_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_multiverse_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_main_i18n_Translation-en
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_multiverse_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_universe_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_restricted_binary-amd64_Packages
>>  
>> - open (2: No such file or directory), E:Could not open file 
>> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty_main_binary-amd64_Packages
>>  
>> - open (2: No such file or directory)
>>
>>
>> FATAL: all hosts have already failed -- aborting
>>
>> - name: Update apt
>>   apt: update_cache=yes cache_valid_time=3600
>>   when: ansible_os_family == "Debian"
>>
>> 

[ansible-project] Re: Dynamic deployment to AWS w/ Groups

[Igor Cicimov]

Well as I expected this might be little bit confusing to a beginner. So 
basically the answer to your question was: tag the instances you create 
based on the environment you are creating them in and then use that tag for 
the configuration task(s).

Which means you need to base the exact_count on the parameter you want to 
group on, in this case the environment tag:

exact_count: "5"
count_tag:
  Env: "prod"

In this way when ever you run the creation playbook it will check if there 
are exactly 5 instances with tag named Env and value of prod and if no will 
create them and if yes will skip the creation task.

There aren't any "tons" of input vars in my example, it is just the 
environment tag name you want to run the playbook for. Very simple.

For the configuration playbook as I said you just need to use:

- hosts: tag_Env_

to configure the ec2 instances you have created for the environment.

Sorry I really don't know how to better explain this to a beginner. Don't 
get discouraged though keep working and when you come back to this post in 
couple of weeks when you master Ansible it will all be crystal clear :-)

On Monday, October 26, 2015 at 5:51:09 AM UTC+11, Rob Wilkerson wrote:
>
> I've been running this over in my head and I think I'm more confused than 
> ever. I don't really care whether I specifically use dynamic inventory or 
> any other specific technique. I care that my script is idempotent, 
> reasonably simple to execute for any developer and somewhat consistent with 
> Ansible recommendations. \
>
> If I run the staging deployment, it should create any instances (to meet 
> the exact_count) that don't exist, update any configuration deltas in those 
> that do exist and then deploy any projects to those servers.
>
> I guess the bottom line question is simply, what's the appropriate 
> strategy to make this work? Within that context, I do still need variables 
> specific to each group/environment so the question I asked Arbab still 
> stands. I really don't want to force developers to drop a ton of "extra 
> vars" when the deploy. I'd like to keep that command line execution as dead 
> simple as possible:
>
> # Run the deploy playbook against environment X
> ansible-playbook -i staging deploy.yml
>
> I really do appreciate the help with this. Learning Ansible has been 
> fairly simple, but figuring out how to organize for a non-trivial 
> infrastructure has definitely been a challenge.
>
> On Sunday, October 25, 2015 at 2:50:21 AM UTC-4, Igor Cicimov wrote:
>>
>> Arbib is right, you will have to add them to a new group and use that in 
>> the next play in the same playbook. I went overboard trying to simplify so 
>> it does not confuse the beginner folk that might read this post.
>>
>> Anyway, the point is: in AWS the tags are very powerful in terms of 
>> automation so tag everything and tag as much as possible and use that later 
>> to your own advantage.
>>
>> On Sunday, October 25, 2015 at 12:31:29 PM UTC+11, Arbab Nazar wrote:
>>>
>>>  Excellent method but you cannot use dynamic inventory group Ansible 
>>> creates based on Tags:
>>>
>>> - hosts: tag_Env_prod
>>> ...
>>>
>>> - hosts: tag_Env_dev
>>> ...
>>>
>>> - hosts: tag_Env_stage
>>> ...
>>>
>>> in the same playbook because it will give the create that group doesn't 
>>> exist or no host inside the group instead you can use the add_host module. 
>>> Thanks 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/196669a8-8ec3-456f-87b5-fde91270dd50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Dynamic deployment to AWS w/ Groups

[Igor Cicimov]

Arbib is right, you will have to add them to a new group and use that in 
the next play in the same playbook. I went overboard trying to simplify so 
it does not confuse the beginner folk that might read this post.

Anyway, the point is: in AWS the tags are very powerful in terms of 
automation so tag everything and tag as much as possible and use that later 
to your own advantage.

On Sunday, October 25, 2015 at 12:31:29 PM UTC+11, Arbab Nazar wrote:
>
>  Excellent method but you cannot use dynamic inventory group Ansible 
> creates based on Tags:
>
> - hosts: tag_Env_prod
> ...
>
> - hosts: tag_Env_dev
> ...
>
> - hosts: tag_Env_stage
> ...
>
> in the same playbook because it will give the create that group doesn't 
> exist or no host inside the group instead you can use the add_host module. 
> Thanks 
>
> On Saturday, October 24, 2015 at 8:43:17 PM UTC-4, Igor Cicimov wrote:
>>
>> You don't need any groups at all I would say, just use the --extra-vars 
>> parameter when launching the playbook to tell it what kind of instances you 
>> want to launch. For example:
>>
>> -- extra-vars '{"my_env":"prod"}'
>>
>> then in the playbook you evaluate this variable and set some facts 
>> accordingly:
>>
>>   - set-fact:
>>   var1: |
>>{%- if my_env|lower == 'prod' -%}
>>5
>>{%- elif my_env|lower == 'dev' -%}
>>1
>>{%- endif -%}
>>var2: |
>>...
>>
>> and use those vars as you wish in the tasks section.
>>
>> Make sure you have jinja2 extensions enabled in your ansible.cfg file 
>> though:
>>
>> jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
>>
>> Now, when you create your ec2 instances you tag them with your 
>> environment variable given as input, per your example:
>>
>>  instance_tags:
>> Name: Demo
>> Env: "{{ my_env }}"
>>
>> so you can later use dynamic inventory group Ansible creates for you 
>> based on Tags:
>>
>> - hosts: tag_Env_prod
>> ...
>>
>> - hosts: tag_Env_dev
>> ...
>>
>> - hosts: tag_Env_stage
>> ...
>>
>> in the same or a new playbook depending on your requirements.
>>
>> Hope I'm getting your question right 
>>
>> Cheers,
>> Igor
>>
>> On Saturday, October 24, 2015 at 2:27:03 AM UTC+11, Rob Wilkerson wrote:
>>>
>>> I'd like to be able to create an Ansible script that launches (or 
>>> updates) 1 or more EC2 instances depending on the group (dev, staging, 
>>> prod) that I'm deploying. In looking through the examples and the AWS 
>>> guide, the EC2 module and this dynamic inventory stuff, I feel like I'm 
>>> missing something: How do I execute this script against a particular 
>>> inventory group if/when I have no inventory file because of the dynamic 
>>> inventory recommendation?
>>>
>>> Hopefully that makes some sense. As an example, I have a playbook with 2 
>>> roles: launch and provision. The launch role begins with this code from one 
>>> of the documented examples:
>>>
>>> - name: Provision a set of instances
>>>   ec2:
>>>  key_name: "{{ aws_keypair }}"
>>>  group: test
>>>  instance_type: t2.micro
>>>  image: "{{ ami_id }}"
>>>  wait: true
>>>  exact_count: 5
>>>  count_tag:
>>> Name: Demo
>>>  instance_tags:
>>> Name: Demo
>>> register: ec2
>>>
>>> Using this example, based on the inventory group, the exact_count value 
>>> will be different, as will the key_name and perhaps other values. How do I 
>>> read those from the right place since they would be group_vars? In 
>>> development, exact_count would be 1 while in production it would be at 
>>> least 2.
>>>
>>> Thanks.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/846e9114-8de4-4bd3-84dd-9839f87d7878%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Dynamic deployment to AWS w/ Groups

[Igor Cicimov]

You don't need any groups at all I would say, just use the --extra-vars 
parameter when launching the playbook to tell it what kind of instances you 
want to launch. For example:

-- extra-vars '{"my_env":"prod"}'

then in the playbook you evaluate this variable and set some facts 
accordingly:

  - set-fact:
  var1: |
   {%- if my_env|lower == 'prod' -%}
   5
   {%- elif my_env|lower == 'dev' -%}
   1
   {%- endif -%}
   var2: |
   ...

and use those vars as you wish in the tasks section.

Make sure you have jinja2 extensions enabled in your ansible.cfg file 
though:

jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n

Now, when you create your ec2 instances you tag them with your environment 
variable given as input, per your example:

 instance_tags:
Name: Demo
Env: "{{ my_env }}"

so you can later use dynamic inventory group Ansible creates for you based 
on Tags:

- hosts: tag_Env_prod
...

- hosts: tag_Env_dev
...

- hosts: tag_Env_stage
...

in the same or a new playbook depending on your requirements.

Hope I'm getting your question right 

Cheers,
Igor

On Saturday, October 24, 2015 at 2:27:03 AM UTC+11, Rob Wilkerson wrote:
>
> I'd like to be able to create an Ansible script that launches (or updates) 
> 1 or more EC2 instances depending on the group (dev, staging, prod) that 
> I'm deploying. In looking through the examples and the AWS guide, the EC2 
> module and this dynamic inventory stuff, I feel like I'm missing something: 
> How do I execute this script against a particular inventory group if/when I 
> have no inventory file because of the dynamic inventory recommendation?
>
> Hopefully that makes some sense. As an example, I have a playbook with 2 
> roles: launch and provision. The launch role begins with this code from one 
> of the documented examples:
>
> - name: Provision a set of instances
>   ec2:
>  key_name: "{{ aws_keypair }}"
>  group: test
>  instance_type: t2.micro
>  image: "{{ ami_id }}"
>  wait: true
>  exact_count: 5
>  count_tag:
> Name: Demo
>  instance_tags:
> Name: Demo
> register: ec2
>
> Using this example, based on the inventory group, the exact_count value 
> will be different, as will the key_name and perhaps other values. How do I 
> read those from the right place since they would be group_vars? In 
> development, exact_count would be 1 while in production it would be at 
> least 2.
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/714ba117-521a-41e0-9e82-070ca85c2cf1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Running parallely a playbook on the same host but with different values of the same extra var

[Igor Cicimov]

You mean like:

for i in value1 value2; do playbook -i inventory/myhost playbook/test.yml 
--extra-vars "var=$i" &; done

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e4377aea-52fd-4887-9d06-7dd310627bb6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] apt update failing on ubuntu-14.04 in ec2

[Igor Cicimov]

r--r-- 1 root root  1913553 Oct 22 23:50 
ap-southeast-2.ec2.archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_binary-amd64_Packages
-rw-r--r-- 1 root root   870209 Oct 22 18:40 
ap-southeast-2.ec2.archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_i18n_Translation-en
-rw-r--r-- 1 root root   666802 Oct 22 23:50 
ap-southeast-2.ec2.archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_source_Sources
-rw-r- 1 root root0 Jun  7  2014 lock
drwxr-xr-x 2 root root 4096 Oct 23 01:09 partial
-rw-r--r-- 1 root root64441 Oct 23 01:03 
security.ubuntu.com_ubuntu_dists_trusty-security_InRelease
-rw-r--r-- 1 root root  2394096 Oct 23 01:03 
security.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages
-rw-r--r-- 1 root root  2422009 Oct 21 07:18 
security.ubuntu.com_ubuntu_dists_trusty-security_main_i18n_Translation-en
-rw-r--r-- 1 root root   484300 Oct 23 01:03 
security.ubuntu.com_ubuntu_dists_trusty-security_main_source_Sources
-rw-r--r-- 1 root root   701202 Oct 23 01:03 
security.ubuntu.com_ubuntu_dists_trusty-security_universe_binary-amd64_Packages
-rw-r--r-- 1 root root   345076 Oct 21 07:18 
security.ubuntu.com_ubuntu_dists_trusty-security_universe_i18n_Translation-en
-rw-r--r-- 1 root root   125499 Oct 23 01:03 
security.ubuntu.com_ubuntu_dists_trusty-security_universe_source_Sources

$ ansible --version
ansible 1.9.4
  configured module search path = /usr/share/ansible

Any ideas?

Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/197d5573-c436-436e-b46c-bf83f55127ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Send payload using uri module

[Igor Cicimov]

Well first of all if you check the module docs 
http://docs.ansible.com/ansible/uri_module.html you can see that body_format 
was introduced in ansible 2.0 so you can't use it in 1.9.1

It also shows an example of supplying the json file to the body parameter that 
looks much cleaner than what you are trying to do:

body: "{{ lookup('file','issue.json') }}"

Have you tried that?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/53fde8bb-cca0-43aa-b464-8c6e6ad1bf9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to create multiple folders with loop in ansible

[Igor Cicimov]

You have typo here

register: dies

it shoild be:

register: dirs

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8740c3c0-7e06-4ca1-8406-09b2ac59b9a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] - Include Help. Include at start of playbook

[Igor Cicimov]

- hosts: all
  sudo:  yes
  tasks:
   - include: ../register_katello/register-katello.yml
   - name: TEST
 shell: echo "TEST"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f775b81f-9dcf-410b-8a58-706f173c656a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Launching multiple ec2 instances in different AZs playbook issue.

[Igor Cicimov]

Shouldn't that be ec2.results.instances instead of ec2.result.instances ?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dcaa4638-434c-486a-b801-d8e4ced62bf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Do decrypted variables get copied to the host?

[Igor Khomyakov]

Hi Tom,

Only the variables involved in that task get copied to the host. You
can set the environment variable ANSIBLE_KEEP_REMOTE_FILES=1 on the
controlling host to prevent ansible from deleting the remote files so
you can check that by yourself.

-- Best, Igor

On Tue, Sep 8, 2015 at 1:22 AM, Tom Paine  wrote:
> After decrypting a vault and running a task using that vault data:
>
> - Do only the variables involved in that task get copied to the host or do
> all decrypted variables get copied (even temporarily)?
>
>
> If all get copied, do group_vars restrict that copy only to the hosts in
> that group?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1ac8e8e4-1b48-48e6-acb8-811f5b19ee07%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansrgDPj8Eq8vKHpx_GmCiP1_%3DpW2KLsuFDMeOfG5Yr7vLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible docker module missing CP command?

[Igor Homyakov]

Hi Hristo,

You didn't. Docker module does not support copying files or folders
from a container.

There is no simple way to do so. I mean you need a hack. Off the top
of my head you can play with '-' argument for docker cp option. But it
will break idempotency for sure.

However from my point of view if you wish to copy something into a
container you're probably doing something wrong. Containers should be
ephemeral. https://docs.docker.com/articles/dockerfile_best-practices/

-- Best, Igor

On Mon, Aug 17, 2015 at 10:13 AM, Hristo Stoyanov  wrote:
> See:
> http://stackoverflow.com/questions/32044399/ansible-docker-module-missing-cp-command
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/41a9508a-ca90-4e6e-9461-84b56c6f3bdc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansqPkek2XFJkddUp%2Bo0Vqzphzo4-qcYDX8xt7A2FBgcAtw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: register and looping

[Igor Cicimov]

Ok wrote this simple playbook just to test it:

---
- hosts: localhost
  gather_facts: false
  connection: local
  sudo: false
  tasks:
   - set_fact:
   vard: "Chassis Power is on"

   - shell: "echo {{ vard }} | grep 'Chassis Power is on'"
 ignore_errors: yes
 register: vard_result

   - debug: msg="Found it!"
 when: vard_result.rc == 0
 with_items: vard_result.stdout_lines

   - debug: msg="Found it again!"
 when: vard_result.stdout.find('Chassis Power is on') != -1

   - debug: msg="Found it again and again!"
 when: "'Chassis Power is on' in vard"

the run output:

$ ansible-playbook -i local tt4.yml

PLAY [localhost] 
** 

TASK: [set_fact ] 
* 
ok: [localhost]

TASK: [shell echo {{ motd }} | grep 'Chassis Power is on'] 
 
changed: [localhost]

TASK: [debug msg="Found it!"] 
* 
ok: [localhost] => (item=Chassis Power is on) => {
"item": "Chassis Power is on",
"msg": "Found it!"
}

TASK: [debug msg="Found it again!"] 
*** 
ok: [localhost] => {
"msg": "Found it again!"
}

TASK: [debug msg="Found it again and again!"] 
* 
ok: [localhost] => {
"msg": "Found it again and again!"

so no surprises here I can match the string in 3 different ways. This is 
based on the result of running ipmi on one of my servers:

root@virtual:~# ipmitool power status
Chassis Power is on
root@virtual:~#

which shows a single line being returned upon execution.

Now the only thing I can think of is that this might be different in your 
case. Do you mind showing us the output of your playbook run? I'm 
especially interested to see the output of

debug: var=power.stdout


Cheers,
Igor

On Wednesday, August 5, 2015 at 6:20:47 PM UTC+10, kevin parker wrote:
>
> *contents of input.yml*
>
> ---
>
> computeserver1:
>   - name: compute4
> ipaddress: 192.168.211.251
> console: 192.168.211.10
> consoleuser: administrator
> consolepassword: 1
>
>
> computeserver2:
>   - name: compute5
> ipaddress: 192.168.211.253
> console: 192.168.211.11
> consoleuser: administrator
> consolepassword: 1
>
> with out register: everything works but i want to take action based on the 
> result returned by ipmi.So i am trying register: to save result of ipmi and 
> then based on the result ,sending ipmi reset/ON for a set of servers.
>
> On Wednesday, August 5, 2015 at 9:03:36 AM UTC+5:30, Igor Cicimov wrote:
>>
>> Can you share the structure of the "computeserver1" or even better the 
>> content of the input.yml file?
>>
>> I guess you have confirmed that executing the same ipmi command from the 
>> Ansible station manually works properly?
>>
>> On Tuesday, August 4, 2015 at 3:06:49 AM UTC+10, kevin parker wrote:
>>>
>>> i am trying to use "ipmitools" to check power status and based on the 
>>> result i will start/reset the server.But i am not able to continue as 
>>> register: and looping are not working .Is there any alternate approach for 
>>> achieving below? 
>>>
>>>
>>>
>>> ---
>>> - hosts: compute
>>>   gather_facts: no
>>>   vars_files:
>>> - input.yml
>>>
>>>   tasks:
>>>
>>>- name: check Power status of target
>>>  local_action:  command ipmitool -I lanplus -H {{item.console}} -U 
>>> {{item.consoleuser}} -P {{item.consolepassword}} power status
>>>  with_items:
>>>- "{{ computeserver1 }}"
>>>  when: item.console and item.consoleuser and item.consolepassword is 
>>> defined
>>>  register: power
>>>
>>>- name: check Debug
>>>  debug: var=power.stdout
>>>
>>>- name: Power Reset
>>>  local_action: command ipmitool -I lanplus -H {{item.console}} -U 
>>> {{item.consoleuser}} -P {{item.consolepassword}} power reset
>>>  with_items:
>>>- "{{ computeserver1 }}"
>>>  when: item.console and item.consoleuser and item.consolepassword is 
>>> defined and power.stdout.find('Chassis Power is on') != -1
>>>
>>>- name: Power On
>>>  local_action: command ipmitool -I lanplus -H {{item.console}} -U 
>>> {{item.consoleuser}}

[ansible-project] Re: register and looping

[Igor Cicimov]

Can you share the structure of the "computeserver1" or even better the 
content of the input.yml file?

I guess you have confirmed that executing the same ipmi command from the 
Ansible station manually works properly?

On Tuesday, August 4, 2015 at 3:06:49 AM UTC+10, kevin parker wrote:
>
> i am trying to use "ipmitools" to check power status and based on the 
> result i will start/reset the server.But i am not able to continue as 
> register: and looping are not working .Is there any alternate approach for 
> achieving below? 
>
>
>
> ---
> - hosts: compute
>   gather_facts: no
>   vars_files:
> - input.yml
>
>   tasks:
>
>- name: check Power status of target
>  local_action:  command ipmitool -I lanplus -H {{item.console}} -U 
> {{item.consoleuser}} -P {{item.consolepassword}} power status
>  with_items:
>- "{{ computeserver1 }}"
>  when: item.console and item.consoleuser and item.consolepassword is 
> defined
>  register: power
>
>- name: check Debug
>  debug: var=power.stdout
>
>- name: Power Reset
>  local_action: command ipmitool -I lanplus -H {{item.console}} -U 
> {{item.consoleuser}} -P {{item.consolepassword}} power reset
>  with_items:
>- "{{ computeserver1 }}"
>  when: item.console and item.consoleuser and item.consolepassword is 
> defined and power.stdout.find('Chassis Power is on') != -1
>
>- name: Power On
>  local_action: command ipmitool -I lanplus -H {{item.console}} -U 
> {{item.consoleuser}} -P {{item.consolepassword}} power on
>  with_items:
>- "{{ computeserver1 }}"
>  when: item.console and item.consoleuser and item.consolepassword is 
> defined and power.stdout.find('Chassis Power is off') != -1
>
>  Thanks for any help
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/328074b9-0c2c-4868-9b79-9468554c1e56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Problem with parameterizing role

[Igor Cicimov]

Roger, the documentation you are quoting is perfectly fine, it shows you 
how to invoke the same role with different parameters. What you are then 
doing inside the role is wrong. It is two different things right?

You need to understand how playbooks and roles work in Ansible and Paul's 
comment is doing a good job to help you. Read it again carefully.

On Sunday, August 2, 2015 at 2:11:48 AM UTC+10, Roger Sherman wrote:
>
> Ok, so what you’re telling me is the documentation is wrong? Because 
> that’s literally exactly what it’s saying to do - if you look at my 
> original post, you’ll see I quoted what the documentation says to do.
>
> I’m not saying it’s right and you’re wrong. If it’s wrong, that’s what I 
> want to hear.
>
> Thank you,
>
> Roger Sherman
> public key - A3068658
>
> On Jul 31, 2015, at 7:47 PM, Paul Markham  > wrote:
>
> You're executing the role twice, each time with different parameters. If 
> the role writes a single file each time, you end up with two files. The way 
> you've got it now, the role will write both files each time it's executed; 
> the result is what you're seeing: both files have the same content, which 
> comes from the second call to the role.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d449071a-33cc-4560-8737-7a587fadb7a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Problem with parameterizing role

[Igor Cicimov]

You forgot to include condition in the tasks, like for example: 

- name: Template to 1st server.xml
  template: src=server.xml.j2 dest=/var/opt/tomcat_1/conf/server.xml 
owner=tomcat7 group=nogroup mode=0600
  when: port == "5000"
 
- name: Template to 2nd server.xml
  template: src=server.xml.j2 dest=/var/opt/tomcat_2/conf/server.xml 
owner=tomcat7 group=nogroup mode=0600
  when: port == "5001"

otherwise each will get executed on each run, of course.

On Thursday, July 30, 2015 at 4:23:41 AM UTC+10, Roger Sherman wrote:
>
> I have a group of hosts that have two tomcat instances on them, and I need 
> the server.xml to have different values in each instance. Initially, I 
> tried to write a jinja2 loop into a template, which I bailed on when 
> someone in the IRC channel pointed out parameterizing the role (from 
> http://docs.ansible.com/ansible/playbooks_roles.html - there's not a 
> direct anchor, so I'll quote):
>
> Also, should you wish to parameterize roles, by adding variables, you can 
>> do so, like this:
>
> - hosts: webservers
> roles:
> - common
> - { role: foo_app_instance, dir: '/opt/a', port: 5000 } 
> - { role: foo_app_instance, dir: '/opt/b', port: 5001 } 
>
>  But when I try the above, both server.xml's end up with the same value. 
> It looks like each subsequent pass through the role puts it's value in both 
> directories, so after the second time it runs, both server.xml's have the 
> second value. I pastebinned my playbook, role, and the line from the 
> template: http://pastebin.com/eDMQkY3H
>
> If anybody could help me with this, or tell me what I'm doing wrong, I'd 
> greatly appreciate it.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8fe9dc5a-39fb-44fe-b0a4-16bcb6709cdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: How to manage authorized_keys?

[Igor Homyakov]

Hi Eugene,

Here is a fairly old snipped I used for such purpose. I hope you will
find it useful

it uses template to produce authorized_keys

https://gist.github.com/hostmaster/fc4bb8a2a9301bc2285f

I think it is possible to do the same with assemble module but I have not tried.

-- Best

On Tue, Jul 28, 2015 at 10:08 AM, Eugene Knoxville  wrote:
> Unfortunately, It's not useful for multiple keys :(
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>>
>> > But, when I decide to remove user2_key, It still persists in
>> > authorized_key file! It's unacceptable!
>>
>> maybe you find the
>> 'exclusive' parameter useful?
>> http://docs.ansible.com/ansible/authorized_key_module.html
>>
>> > Whether to remove all other non-specified keys from the
>> > authorized_keys file. Multiple keys can be specified in a single
>> > key string value by separating them by newlines. This option is not
>> > loop aware, so if you use with_ , it will be exclusive per
>> > iteration of the loop, if you want multiple keys in the file you
>> > need to pass them all to key in a single batch as mentioned above.
>>
>> -BEGIN PGP SIGNATURE-
>>
>> iQIcBAEBCgAGBQJVtMACAAoJEFv7XvVCELh011UP/RookFyHqk1N4qGGiQTSNmaK
>> 7ul5NsyovbOBOk74pQgjn+CzjgHUHPQYDptznatSTTJTXaULUm7BRz74yfQplJtW
>> OhVVP32lbtul9FxWLPcNBscfQ3wmh0DzbI0BODMRpHdqqmw2/Kjw2eoZU2Y5Mopv
>> fC4gH8c76xx6IZVzcQdBvtvkOhPTHWviXHMPVp9DRSa4QByhStE01TTqxK2Iz/nX
>> dUMA7WNXwYCi/tLIBihdxo9sYznmSD8sdhwdyPCXDtaab6d6WEk+jj/mzZgqL3OE
>> QJ36+ltG8geml9+d13P3bdGH4RWbzzexftKm+iQbE6CEh2E4+4olFcbmNvislL//
>> CgnonTHFtxDpv8wCVRH8vKehFk+gqNWlvk7PSwfNm2wp3+joUb2FtC6sPv6YV7Zi
>> BRjCSnbj54prdESNo7I9TrlljVtSCNtkq3boM4h0uD4X+7g7s6Ltwuf/5pP/h0zo
>> WbnPjMXkDvbXT12w4DIh6jBLwd+FFEHaJk9W1d/HYuX0s/ZLTVQl7fgLY6CASOeM
>> OhJlBP2Nse9vGWSbuhSlpop5916Bre5UaEW/bBSrUexr0Y3dBF9Uoe90RYT2dJVv
>> fp2IMJla6QEgy6hmTXzpvSfs/4Omi7gfh/p92yIQF0pkg/A6BddoHGY9XtR8LJbi
>> GhWxfYqOVIGR5nRJV3tA
>> =ypo0
>> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/299c08e3-8c25-4403-a0bd-0638d36bfb58%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansrBpJxzT6ZbzpZzEKHnZJT9Vq_QRJ4-Rq0H-Q4io3ek3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Constructing a List.

[Igor Homyakov]

Hi Jon,

That is awesome. Thank you for sharing.

-- Best, Igor

On Wed, Jul 22, 2015 at 8:05 PM, Jon Hadfield  wrote:
> Hi,
>
> Instead of using shell, you could use a lookup plugin that will query the
> ids by name for you.
> So when creating the subnets, give them a name and also store them in a
> list, e.g.
> mysubnets:
>   - subnet1
>   - subnet2
>
> You can then define your ELB like this:
>
>  ec2_elb_lb:
> ...
> subnets: "{{ lookup('aws_subnet_ids_from_names', (region,
> mysubnets)) }}"
>
> Where region is a variable containing a region name, i.e. 'eu-west-1'.
> This will return a list of the subnet ids that the ec2_elb_lb module
> expects.
> To use this, just copy the lookup plugin from here into a directory called
> lookup_plugins in the root of your project.
>
> Jon
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2b5850e9-5e1f-4886-9775-bfbe458801c2%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuanspb4dv2U-qPScGk-PKZ2m51%2B39QA%3DX6cLYVtVAJapuHKw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

[Igor Cicimov]

Have to correct myself, you do provide the subnet information. So in answer 
to you questions/conclusions they way I do it is:

- Use private routing table for the private subnets pointing to the NAT as 
IGW
- Use 2 x NAT instances and NAT takeover script that modifies the the 
private subnets routing table and points the IGW to itself in case the 
other NAT instance has failed

On Wednesday, July 15, 2015 at 10:21:38 AM UTC+10, Igor Cicimov wrote:
>
> I'm using Ansible with AWS VPC's, where most of them have public and 
> private subnets, and have never had the problem you are seeing. This is 
> definitely a misconfiguration on your side and nothing to do with Ansible. 
> The ec2_facts is doing the right thing, there is no other way of collecting 
> data except querying the meta-data repository which is what the AWS CLI 
> tools do anyway. Meaning you will get wrong data using AWS CLI as well. 
> Don't forget you are in the cloud and your networking is configured in the 
> hypervisor/SDN level and NOT on instance level. Meaning you can create as 
> many network interfaces as you want on instance level and set IP's on those 
> but none of them will work since you have bypassed the SDN and there is no 
> record of those in the meta-data repository. Which finally means that 
> collecting facts on the instance locally really means nothing if those 
> values don't match what is in the meta-data repository.
>
> Now that we have that cleared, lets move to your problem, which looks to 
> me is AWS routing tables. Or more specific the lack of those. For an 
> instance to be in a private subnet it needs separate routing table from the 
> VPC's default one (which has IGW created for you when the VPC was created) 
> that has the NAT instance as IGW (internet gateway). And that is all you 
> need, you don't have to set any routing tables on the system level, the SDN 
> will route the traffic for you.
>  
> Hope this makes sense. Since you haven't provided any info about your 
> subnets, routing tables, ACL's etc. this is more of a guess what's going on 
> so please correct my assumptions if needed.
>
> Thanks,
> Igor
>
> On Tuesday, July 14, 2015 at 10:16:49 PM UTC+10, sirkubax wrote:
>>
>> *THE PROBLEM:*
>> I've just realised why sometimes my playbook fills the template with 
>> false data
>>
>> This happens, when the instance is in my VPC subnet (with internet 
>> gateway), while in configuration there is *NAT route table on the system 
>> level*, then *reguest to the internet goes through NAT instance *and the 
>> AWS response is *covered.*
>> Then the* NAT_instance facts *are *returned*, NOT the current_instance 
>> facts about.
>>
>>
>> *THE DEBUGGING:*
>>
>> If You look into the code, the ec2_facts fetch a bunch of requests to
>>
>> 'http://169.254.169.254/latest/meta-data'
>>
>>
>> in Example:
>>
>> curl http://169.254.169.254/latest/meta-data/local-ipv4
>> *172.16.0.200*
>>
>>
>> while* real data* is
>>
>> eth0: ***
>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>
>>
>> THE INSTANCE CONFIGURATION:
>>
>> $ ip r
>> default via 172.16.0.200 dev eth0 
>> 172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110 
>> 172.16.0.0/16 via 172.16.0.1 dev eth0 
>>
>>$ ip a 
>>
>> eth0: ***
>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>
>>
>>
>> If You keep remote files, You can check it Yourself
>>
>> export ANSIBLE_KEEP_REMOTE_FILES=1
>>
>> and then 
>>
>> python 
>> /home/ubuntu/.ansible/tmp/ansible-tmp-1436872330.49-72199016469620/ec2_facts
>>
>> will return as one of the facts:
>> "ansible_ec2_local_ipv4": "172.16.0.200",
>> (or run a curl)
>>
>> curl http://169.254.169.254/latest/meta-data/local-ipv4
>>
>>
>> *THE CURRENT WORKAROUND:*
>>
>>1. do NOT use (in *roles *nor *tasks*)
>>   1. - action: ec2_facts
>>   2. DRAWBACKS:
>>  1. You will not have some variables available (*ansible_ec2_* 
>>  will be unavailable)*
>>  2. You will have only *ec2_* facts *from you LOCAL* inventory 
>>  cache (ec2.py* if I'm correct now)
>>  3. If You add in playbook ("gather_facts: True") then You can 
>>  also use *ansible_* facts *gathered by *setup.py* module
>> 1. so instead of *ansible_ec2_local_ipv4* You can use 
>> *ansible_eth0['ipv

[ansible-project] Re: ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

[Igor Cicimov]

I'm using Ansible with AWS VPC's, where most of them have public and 
private subnets, and have never had the problem you are seeing. This is 
definitely a misconfiguration on your side and nothing to do with Ansible. 
The ec2_facts is doing the right thing, there is no other way of collecting 
data except querying the meta-data repository which is what the AWS CLI 
tools do anyway. Meaning you will get wrong data using AWS CLI as well. 
Don't forget you are in the cloud and your networking is configured in the 
hypervisor/SDN level and NOT on instance level. Meaning you can create as 
many network interfaces as you want on instance level and set IP's on those 
but none of them will work since you have bypassed the SDN and there is no 
record of those in the meta-data repository. Which finally means that 
collecting facts on the instance locally really means nothing if those 
values don't match what is in the meta-data repository.

Now that we have that cleared, lets move to your problem, which looks to me 
is AWS routing tables. Or more specific the lack of those. For an instance 
to be in a private subnet it needs separate routing table from the VPC's 
default one (which has IGW created for you when the VPC was created) that 
has the NAT instance as IGW (internet gateway). And that is all you need, 
you don't have to set any routing tables on the system level, the SDN will 
route the traffic for you.
 
Hope this makes sense. Since you haven't provided any info about your 
subnets, routing tables, ACL's etc. this is more of a guess what's going on 
so please correct my assumptions if needed.

Thanks,
Igor

On Tuesday, July 14, 2015 at 10:16:49 PM UTC+10, sirkubax wrote:
>
> *THE PROBLEM:*
> I've just realised why sometimes my playbook fills the template with false 
> data
>
> This happens, when the instance is in my VPC subnet (with internet 
> gateway), while in configuration there is *NAT route table on the system 
> level*, then *reguest to the internet goes through NAT instance *and the 
> AWS response is *covered.*
> Then the* NAT_instance facts *are *returned*, NOT the current_instance 
> facts about.
>
>
> *THE DEBUGGING:*
>
> If You look into the code, the ec2_facts fetch a bunch of requests to
>
> 'http://169.254.169.254/latest/meta-data'
>
>
> in Example:
>
> curl http://169.254.169.254/latest/meta-data/local-ipv4
> *172.16.0.200*
>
>
> while* real data* is
>
> eth0: ***
> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>
>
> THE INSTANCE CONFIGURATION:
>
> $ ip r
> default via 172.16.0.200 dev eth0 
> 172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110 
> 172.16.0.0/16 via 172.16.0.1 dev eth0 
>
>$ ip a 
>
> eth0: ***
> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>
>
>
> If You keep remote files, You can check it Yourself
>
> export ANSIBLE_KEEP_REMOTE_FILES=1
>
> and then 
>
> python 
> /home/ubuntu/.ansible/tmp/ansible-tmp-1436872330.49-72199016469620/ec2_facts
>
> will return as one of the facts:
> "ansible_ec2_local_ipv4": "172.16.0.200",
> (or run a curl)
>
> curl http://169.254.169.254/latest/meta-data/local-ipv4
>
>
> *THE CURRENT WORKAROUND:*
>
>1. do NOT use (in *roles *nor *tasks*)
>   1. - action: ec2_facts
>   2. DRAWBACKS:
>  1. You will not have some variables available (*ansible_ec2_* 
>  will be unavailable)*
>  2. You will have only *ec2_* facts *from you LOCAL* inventory 
>  cache (ec2.py* if I'm correct now)
>  3. If You add in playbook ("gather_facts: True") then You can 
>  also use *ansible_* facts *gathered by *setup.py* module
> 1. so instead of *ansible_ec2_local_ipv4* You can use 
> *ansible_eth0['ipv4]['address']*
>  4. *BUT* this can bring some problems when You have a role, that 
>  expects some vatiable (example: ansible_hostname), but in the 
> playbook You 
>  have disabled system fact gathering  ("gather_facts: False") - 
>  You will have to be carefull
>  5. *OR* You would like to access some AWS variable, independent 
>  form Your LOCAL cache
>   2. configure you VPC routing tables so it will point to 
>NAT-instance-interface, rather than IP address
>   1. 0.0.0.0/0  eni-xxx / i-xxx
>   1. instead of:
>  1. 0.0.0.0/0  igw-z  + system routing tables
>   2. Then You do not have to override the routing table on the system 
>   level
>   3. You rely on AWS Router
>   4. DRAWBACKS
>  1. You will have to change the routi

[ansible-project] Run Docker container as ordinary user

[Igor Cicimov]

sudo: false

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fc109657-9e33-4fa5-aaf3-62391cc96db5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Reload inventory variables inside playbook execution

[Igor Cicimov]

May I ask why would you not go with the usual way of adding the newly created 
instance to a new host group and then configure it? As in the example from the 
ec2 page:

- name: Create a sandbox instance
  hosts: localhost
  gather_facts: False
  vars:
key_name: my_keypair
instance_type: m1.small
security_group: my_securitygroup
image: my_ami_id
region: us-east-1
  tasks:
- name: Launch instance
  ec2:
 key_name: "{{ keypair }}"
 group: "{{ security_group }}"
 instance_type: "{{ instance_type }}"
 image: "{{ image }}"
 wait: true
 region: "{{ region }}"
 vpc_subnet_id: subnet-29e63245
 assign_public_ip: yes
  register: ec2
- name: Add new instance to host group
  add_host: hostname={{ item.public_ip }} groupname=launched
  with_items: ec2.instances
- name: Wait for SSH to come up
  wait_for: host={{ item.public_dns_name }} port=22 delay=60 timeout=320 
state=started
  with_items: ec2.instances

- name: Configure instance(s)
  hosts: launched
  sudo: True
  gather_facts: True
  tasks:
- include: config.yml
- include: config2.yml


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/50b3f086-2da8-4183-8173-fbe27f263bf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: selectattr with ansible

[Igor Cicimov]

This works for me:

---
- hosts: localhost
  connection: local
  gather_facts: false
  vars:
   interfaces:
- name: lo0
  unit0:
ip_primary: 1.1.1.1
ip_secondary: 2.2.2.2
  unit1:
ip_primary: 3.3.3.3
ip_secondary: 4.4.4.4
- name: xyz
  unit0:
ip_primary: 9.9.9.9
  tasks:
   - set_fact:
  myip: |
   {%- set ips = [] -%}
   {% for interface in interfaces if interface.name == "lo0" %}
 {%- do ips.append(interface.unit0.ip_primary) -%}
   {%- endfor -%}
   {{ ips }}
   - debug: var=myip

$ ansible-playbook -i local test101.yml 

PLAY [localhost] 
** 

TASK: [set_fact ] 
* 
ok: [localhost]

TASK: [debug var=myip] 
 
ok: [localhost] => {
"var": {
"myip": [
"1.1.1.1"
]
}
}

PLAY RECAP 
 
set_fact  --- 
0.04s
debug var=myip -- 
0.00s
localhost  : ok=2changed=0unreachable=0failed=0



On Saturday, July 4, 2015 at 11:18:50 PM UTC+10, Vishal Chainani wrote:
>
> Hi,
>
> I have a list like below, and I need to select the sequence which has 
> "name" attribute equal to "lo0". I use this selectattr statement *{% set 
> lo0 = interfaces|selectattr("name", "equalto", lo0) | first%}*
>
> But while running the playbook throws me an error {'msg': 
> "TemplateRuntimeError: no test named 'equalto'", 'failed': True}
>
> interfaces:
> - name: lo0
>   unit0:
> ip_primary: 1.1.1.1
> ip_secondary: 2.2.2.2
>   unit1:
> ip_primary: 3.3.3.3
> ip_secondary: 4.4.4.4
> - name: xyz
>   unit0:
> ip_primary: 9.9.9.9
>
> Jinja2 version 2.7.3.
>
> Any pointer what am I  missing?
>
>
> Vishal
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/862068e6-1c55-4e2e-a671-b28c3cc03d82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] selectattr with ansible

[Igor Cicimov]

I think the 'equalto' test is only available in the 2.8+ version of jinja2

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/210c12a5-9a29-4fba-aef6-46b9fdcc68db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error 401 in Ansible Tower

[Igor Fedorov]

I installed Ansible Tower (2.1.4), it worked fine. 
I did some initial setup - users, credentials, etc.
After a while I got back to this, and could not login in the interface. 

when I try I see the message:   "Failed to access user information. GET 
returned status: 401"

and /var/log/tower/tower_warnings.log : "2015-06-11 09:46:15,154 WARNING 
awx.api.generics status 401 received by user AnonymousUser attempting to 
access /api/v1/me/"


attempt to install again nothing changed 



 
How can this be resolved?



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ffe7f843-726d-47bb-a9e0-4ec79ac9fef5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Weird issue with ec2_eip module

[Igor Cicimov]

I expected to be some syntax error on my side but nothing that obvious and 
embarrassing :-(

I better go and check my eyes.

Thanks, Benno.
Igor

On Tuesday, June 9, 2015 at 2:27:35 PM UTC+10, benno joy wrote:
>
> you have *var="{{ ec_asg_info.instances }}"*
>
> *and in with_items: ec2_asg_info   shouldnt it be : e**c_asg_info*
>
>
> On Tue, Jun 9, 2015 at 9:08 AM, Igor Cicimov <
> ig...@encompasscorporation.com > wrote:
>
>> Hi all,
>>
>> I'm creating an ASG in my playbook from which I launch the following 
>> instances:
>>
>> TASK: [create auto scaling group] 
>> * 
>> changed: [localhost]
>>
>> TASK: [debug *var="{{ ec_asg_info.instances }}"]* 
>> *** 
>> ok: [localhost] => {
>> "var": {
>> "['i-9abfff30', 'i-ee4ea517', 'i-08ec48a2']": "['i-9abfff30', 
>> 'i-ee4ea517', 'i-08ec48a2']"
>> }
>> }
>>
>> TASK: [debug var="{{ item }}"] 
>>  
>> ok: [localhost] => (item=i-9abfff30) => {
>> "item": "i-9abfff30",
>> "var": {
>> "i-9abfff30": "i-9abfff30"
>> }
>> }
>> ok: [localhost] => (item=i-ee4ea517) => {
>> "item": "i-ee4ea517",
>> "var": {
>> "i-ee4ea517": "i-ee4ea517"
>> }
>> }
>> ok: [localhost] => (item=i-08ec48a2) => {
>> "item": "i-08ec48a2",
>> "var": {
>> "i-08ec48a2": "i-08ec48a2"
>> }
>> }
>>
>> and then I pass the list of the create instances to the ec2_eip task:
>>
>> - name: associate new elastic IPs with each of the instances
>>   ec2_eip:
>>   instance_id={{ item }} 
>>   region={{ vpc_region }} 
>>   in_vpc=yes
>>   with_items: *ec2_asg_info.instances*
>>   register: eip_info
>>
>> which fails with the following error:
>>
>> TASK: [associate new elastic IPs with each of the instances] 
>> ** 
>> failed: [localhost] => (item=ec2_asg_info.instances) => {"failed": true, 
>> *"item": 
>> "ec2_asg_info.instances"*}
>> msg: EC2ResponseError: 400 Bad Request
>> 
>> InvalidInstanceID.Malformed*Invalid
>>  
>> id: "ec2_asg_info.instances*
>> "9c204182-d5b6-41e0-badb-c6e85a9bc8e5
>>
>> FATAL: all hosts have already failed -- aborting
>>
>> Note the invalid ID message coming back which has the list name instead 
>> of the item set.
>>
>> Which is strange since if I run another playbook with the ec2_eip module 
>> only in which I set the list manually (after I created the instances with 
>> the previous asg playbook of course):
>>
>> - name: associate new elastic IPs with each of the instances:
>>   ec2_eip:
>>   instance_id={{ item }}
>>   region={{ vpc_region }}
>>   in_vpc=yes
>>   *with_items: "['i-9abfff30', 'i-ee4ea517', 'i-08ec48a2']"*
>>   register: eip_info
>>
>> the tasks executes fine:
>>
>> TASK: [associate new elastic IPs with each of the instances] 
>> ** 
>> changed: [localhost] => (item=i-9abfff30)
>> changed: [localhost] => (item=i-ee4ea517)
>> changed: [localhost] => (item=i-08ec48a2)
>>
>> What is going on here?
>>
>> Thanks,
>> Igor
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/96f3764c-00e8-47b2-bf11-3ccbdc7936e0%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/96f3764c-00e8-47b2-bf11-3ccbdc7936e0%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8b233a11-c21f-4e67-8c2b-5efcec80ed4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Weird issue with ec2_eip module

[Igor Cicimov]

Hi all,

I'm creating an ASG in my playbook from which I launch the following 
instances:

TASK: [create auto scaling group] 
* 
changed: [localhost]

TASK: [debug *var="{{ ec_asg_info.instances }}"]* 
*** 
ok: [localhost] => {
"var": {
"['i-9abfff30', 'i-ee4ea517', 'i-08ec48a2']": "['i-9abfff30', 
'i-ee4ea517', 'i-08ec48a2']"
}
}

TASK: [debug var="{{ item }}"] 
 
ok: [localhost] => (item=i-9abfff30) => {
"item": "i-9abfff30",
"var": {
"i-9abfff30": "i-9abfff30"
}
}
ok: [localhost] => (item=i-ee4ea517) => {
"item": "i-ee4ea517",
"var": {
"i-ee4ea517": "i-ee4ea517"
}
}
ok: [localhost] => (item=i-08ec48a2) => {
"item": "i-08ec48a2",
"var": {
"i-08ec48a2": "i-08ec48a2"
}
}

and then I pass the list of the create instances to the ec2_eip task:

- name: associate new elastic IPs with each of the instances
  ec2_eip:
  instance_id={{ item }} 
  region={{ vpc_region }} 
  in_vpc=yes
  with_items: *ec2_asg_info.instances*
  register: eip_info

which fails with the following error:

TASK: [associate new elastic IPs with each of the instances] 
** 
failed: [localhost] => (item=ec2_asg_info.instances) => {"failed": true, 
*"item": 
"ec2_asg_info.instances"*}
msg: EC2ResponseError: 400 Bad Request

InvalidInstanceID.Malformed*Invalid
 
id: "ec2_asg_info.instances*
"9c204182-d5b6-41e0-badb-c6e85a9bc8e5

FATAL: all hosts have already failed -- aborting

Note the invalid ID message coming back which has the list name instead of 
the item set.

Which is strange since if I run another playbook with the ec2_eip module 
only in which I set the list manually (after I created the instances with 
the previous asg playbook of course):

- name: associate new elastic IPs with each of the instances:
  ec2_eip:
  instance_id={{ item }}
  region={{ vpc_region }}
  in_vpc=yes
  *with_items: "['i-9abfff30', 'i-ee4ea517', 'i-08ec48a2']"*
  register: eip_info

the tasks executes fine:

TASK: [associate new elastic IPs with each of the instances] 
** 
changed: [localhost] => (item=i-9abfff30)
changed: [localhost] => (item=i-ee4ea517)
changed: [localhost] => (item=i-08ec48a2)

What is going on here?

Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/96f3764c-00e8-47b2-bf11-3ccbdc7936e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ec2_asg Missing required arguments for autoscaling group create/update: launch_config_name

[Igor Cicimov]

Done.

https://github.com/ansible/ansible/issues/11209

On Tuesday, June 9, 2015 at 12:13:17 PM UTC+10, benno joy wrote:
>
> Hi,
>
> It seems like it is a documentation bug, the min_size, max_size and 
> lc_config_name are required paramters, there is a feature request to add 
> default values to min_size and max_size , could you please raise a bug 
> report for this in github.
>
> - Benno
>
>  
>
> On Tue, Jun 9, 2015 at 6:31 AM, Igor Cicimov <
> ig...@encompasscorporation.com > wrote:
>
>> When using ec2_asg I get:
>>
>> TASK: [ec2_asg ] 
>> ** 
>> failed: [localhost] => {"failed": true}
>> msg: Missing required arguments for autoscaling group create/update: 
>> launch_config_name
>>
>> where is in the module man page:
>>
>> http://docs.ansible.com/ec2_asg_module.html
>>
>> this attribute is listed as not required.
>>
>> This is on Ansible 1.9.1
>>  
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/105fb140-c9ae-4472-8668-7a43573f%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/105fb140-c9ae-4472-8668-7a43573f%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e5741c6e-951a-4888-9eed-f6ea2b514360%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ec2_asg Missing required arguments for autoscaling group create/update: launch_config_name

[Igor Cicimov]

When using ec2_asg I get:

TASK: [ec2_asg ] 
** 
failed: [localhost] => {"failed": true}
msg: Missing required arguments for autoscaling group create/update: 
launch_config_name

where is in the module man page:

http://docs.ansible.com/ec2_asg_module.html

this attribute is listed as not required.

This is on Ansible 1.9.1

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/105fb140-c9ae-4472-8668-7a43573f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Launch ec2 instances in multiple availability zones in single play

[Igor Cicimov]

Thanks Benno, that's a good point, I usually associate ASG with launch 
config but for sure it is another way to do it.

On Friday, June 5, 2015 at 3:57:14 PM UTC+10, benno joy wrote:
>
> wouldn't ec2_asg do that automatically for you ?
>
>
>
> On Fri, Jun 5, 2015 at 10:35 AM, Igor Cicimov <
> ig...@encompasscorporation.com > wrote:
>
>> Hi all,
>>
>> I've been looking for the best way to achieve what is mentioned in the 
>> title of the message but haven't found any. At least not one that will 
>> produce a satisfactory result which can be used further down in the same 
>> playbook. 
>>
>> For example I've been testing the following loop:
>>
>> - name: create instance
>>   ec2: image="{{ images[item.0.region] }}"
>>keypair={{ keypair }}
>>instance_type={{ instance_type }}
>>instance_tags="{{ tags }}"
>>vpc_subnet_id={{ item.1.subnet }}
>>region={{ item.0.region }}
>>group_id={{ group_id }}
>>assign_public_ip=yes
>>wait=true
>>wait_timeout={{ wait_timeout }}
>>   with_subelements:
>> - vpc 
>> - subnets
>>   when: item.0.name == ec2_env
>>   register: ec2_info
>>
>> which does what I want, launches one instance per AZ in the chosen 
>> region, but the output registered is way too complicated to be of any use:
>>
>> TASK: [debug var=ec2_info] 
>>  
>> ok: [localhost] => {
>> "var": {
>> "ec2_info": {
>> "changed": true,
>> "msg": "All items completed",
>> "results": [
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": false,
>> "skipped": true
>> },
>> {
>> "changed": true,
>> "instance_ids": [
>> "i-"
>> ],
>> "instances": [
>> {
>> "ami_launch_index": "0",
>> "architecture": "x86_64",
>> "dns_name": "
>> .eu-west-1.compute.amazonaws.com",
>> "ebs_optimized": false,
>> "groups": {
>> "sg-": "sg-"
>> },
>> "hypervisor": "xen",
>> "id": "i-",
>> "image_id": "ami-47a23a30",
>> "instance_type": "t2.micro",
>> "kernel": null,
>> "key_name":"",
>> "launch_time": "2015-06-05T02:48:14.000Z",
>> "placement": "eu-west-1a",
>> "private_dns_name": 
>> ".eu-west-1.compute.internal",
>> "private_ip": "",
>> "public_dns_name&

[ansible-project] Launch ec2 instances in multiple availability zones in single play

[Igor Cicimov]

': 'type', 'Name': 
u'ec2-type-', 'Datacenter': u''}\" 
vpc_subnet_id=subnet- region=eu-west-1 group_id=sg- 
assign_public_ip=yes wait=true wait_timeout=300",
"module_name": "ec2"
},
"item": [
{
"cidr": "",
"name": "",
"region": "eu-west-1",
"subnets_app": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
],
"subnets_db": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
]
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
}
],
"tagged_instances": []
},
{
"changed": true,
"instance_ids": [
"i-"
],
"instances": [
{
"ami_launch_index": "0",
"architecture": "x86_64",
"dns_name": 
".eu-west-1.compute.amazonaws.com",
"ebs_optimized": false,
"groups": {
"sg-": "sg-"
},
"hypervisor": "xen",
"id": "i-",
"image_id": "ami-47a23a30",
"instance_type": "t2.micro",
"kernel": null,
"key_name":"",
"launch_time": "2015-06-05T02:49:14.000Z",
"placement": "eu-west-1c",
"private_dns_name": 
".eu-west-1.compute.internal",
"private_ip": "",
"public_dns_name": 
".eu-west-1.compute.amazonaws.com",
"public_ip": "",
"ramdisk": null,
"region": "eu-west-1",
"root_device_name": "/dev/sda1",
"root_device_type": "ebs",
"state": "running",
    "state_code": 16,
"tags": {},
"tenancy": "default",
"virtualization_type": "hvm"
}
],
"invocation": {
"module_args": "image=\"ami-47a23a30\" 
keypair= instance_type=t2.micro instance_tags=\"{'Environment': 
u'', 'Role': u'server', 'Type': 'type', 'Name': 
u'ec2-type-', 'Datacenter': u''}\" 
vpc_subnet_id=subnet- region=eu-west-1 group_id=sg- 
assign_public_ip=yes wait=true wait_timeout=300",
"module_name": "ec2"
},
"item": [
{
"cidr": "",
"name": "",
"region": "eu-west-1",
"subnets_app": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
],
"subnets_db": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
]
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
],
"tagged_instances": []
},
{
"changed": false,
"skipped": true
},
{
"changed": false,
"skipped": true
}
]
}
}
}

So, any idea how to make this usable? Or maybe share your experience if you 
have already done it?

Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b27240c8-42c5-44ec-8549-d0fd2d1f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Can't get the group_id value from register in ec2_group on creation

[Igor Cicimov]

Any idea how to dig out the sg id out of this? Maybe changing the module to 
not be so verbose and print only the needed info would be easier?

On Thursday, May 28, 2015 at 3:59:14 PM UTC+10, Igor Cicimov wrote:
>
> Thanks for replying Benno. I did exactly that with debugging and can see 
> where the problem is.
>
> First let me say I haven't been completely honest about the way I've been 
> invoking the ec2_module. I have simplified the call for readability but 
> from the debug output I can see I shouldn't have since it covers the 
> problem. In case I do:
>
>  - ec2_group:
>  name: group-{{ ec2_env }}
>  description: "firewall"
>  vpc_id: "vpc-"
>  region: "eu-west-1"
>  ...
>register: group_sg
>
> then all is fine. The debug message is simple:
>
> ok: [localhost] => {
> "msg": "group_id -- {'invocation': {'module_name': u'ec2_group', 
> 'module_args': ''}, 'changed': True, 'group_id': 'sg-'}"
> }
>
> However my case I'm invoking ec2_group via with_dict loop as given below:
>
> - hosts: localhost
>   connection: local
>   gather_facts: false
>   vars_files:
> - group_vars/app_servers
> - group_vars/vpcs
>   tasks:
>   - name: "Some group"
> ec2_group:
>  name: group-{{ ec2_env }}
>  description: "group firewall"
>  vpc_id: "{{ item.key }}"
>  region: "{{ item.value.region }}"
>  purge_rules: false
>  purge_rules_egress: false
>  rules:
>   - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: 0.0.0.0/0
>   - proto: tcp
> from_port: x
> to_port: x
> cidr_ip: "{{ item.value.cidr }}"
> .
> .
> .
>   - proto: all
> group_name: group-{{ ec2_env }}
>  rules_egress:
>   - proto: all
> type: all
> cidr_ip: 0.0.0.0/0
> with_dict: vpc
> when: item.value.name == ec2_env
> register: group_sg
>
>
> where the dictionary is a VPC mappings as follows:
>
> vpc:
>  vpc-:
>   name: nameX
>   region: ap-southeast-2
>   cidr: "/16"
>   subnets:
>- { zone: "ap-southeast-2a", subnet: "subnet-" }
>- { zone: "ap-southeast-2b", subnet: "subnet-" }
>   subnets_app:
>- { zone: "ap-southeast-2a", subnet: "subnet-" }
>- { zone: "ap-southeast-2b", subnet: "subnet-" }
>   subnets_db:
>- { zone: "ap-southeast-2a", subnet: "subnet-" }
>- { zone: "ap-southeast-2b", subnet: "subnet-" }
> .
> .
> .
>  vpc-:
>   name: nameY
>   region: eu-west-1
>   cidr: "/16"
>   subnets:
>- { zone: "eu-west-1a", subnet: "subnet-" }
>- { zone: "eu-west-1b", subnet: "subnet-" }
>- { zone: "eu-west-1c", subnet: "subnet-" }
>   subnets_app:
>- { zone: "eu-west-1a", subnet: "subnet-" }
>- { zone: "eu-west-1b", subnet: "subnet-" }
>- { zone: "eu-west-1c", subnet: "subnet-" }
>   subnets_db:
>- { zone: "eu-west-1a", subnet: "subnet-" }
>- { zone: "eu-west-1b", subnet: "subnet-" }
>- { zone: "eu-west-1c", subnet: "subnet-" }
>
>
> in which case I get the following complex structure as outout:
>
> TASK: [debug var=group_sg] 
> ***
> ok: [localhost] => {
> "var": {
> "group_sg": {
> "changed": true,
> "msg": "All items completed",
> "results": [
> {
> "changed": false,
> "skipped": true
> },
> {
> "changed": false,
> "skipped": true
> },
> {
> "changed": false,
> "skipped": true
> },
> {
> "changed": true,
> "group_id": "s

Re: [ansible-project] Re: Can't get the group_id value from register in ec2_group on creation

[Igor Cicimov]

uot;zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
],
"subnets_app": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
    "zone": "eu-west-1c"
    }
    ],
"subnets_db": [
{
"subnet": "subnet-",
"zone": "eu-west-1a"
},
{
"subnet": "subnet-",
"zone": "eu-west-1b"
},
{
"subnet": "subnet-",
"zone": "eu-west-1c"
}
]
}
    }
},
{
"changed": false,
"skipped": true
}
]
}
}
}


Yeah, I'm trying to make the play generic and apply to any VPC/subnets in 
any region.

Thanks again for your help.

Igor

On Thursday, May 28, 2015 at 3:35:04 PM UTC+10, benno joy wrote:
>
> Hi Igor,
>
> - debug: msg="group_id -- {{ group_sg.group_id }}" should work, can you 
> please try
>
> - debug: var=group_sg and see what are the keys that you are getting.
>
> Also for question 2. there were a few fixes added to filter groups in the 
> same vpc, can you please try the latest devel branch,
>
>
> - Benno
>
>
>
>
>
> On Thu, May 28, 2015 at 10:26 AM, Igor Cicimov <
> ig...@encompasscorporation.com > wrote:
>
>> Replying to my self about the second part of my question re:
>>
>>   - proto: all
>> group_name: group-name
>>
>> It came up that the group name has to unique in the region otherwise the 
>> call will fail. The AWS console on other hand allows creation of security 
>> groups with the same name in same region in case they belong to different 
>> VPC's.
>>
>>
>>
>> On Thursday, May 28, 2015 at 2:33:51 PM UTC+10, Igor Cicimov wrote:
>>>
>>> I have the following as part of a play:
>>>
>>>   - ec2_group:
>>>  name: group-name
>>>  description: "firewall"
>>>  vpc_id: "{{ vpc_id }}"
>>>  region: "{{ region }}"
>>>  purge_rules: false
>>>  purge_rules_egress: false
>>>  rules:
>>>   - proto: tcp
>>> from_port: 22
>>> to_port: 22
>>> cidr_ip: 0.0.0.0/0
>>>   ...
>>>   #- proto: all
>>>   #  group_name: group-name
>>> register: group_sg
>>>
>>>   - debug: msg="group_id -- {{ group_sg.group_id }}"
>>>
>>> which fails with the error:
>>>
>>> TASK: [debug msg="group_id -- {{ group_sg.group_id }}"] 
>>> ** 
>>> fatal: [localhost] => One or more undefined variables: 'dict object' has 
>>> no attribute 'group_id'
>>>
>>> Isn't this the right way of getting this attribute? Or this is not an 
>>> option for a SG created inside VPC? The SG is being created fine though for 
>>> the specified VPC and region.
>>>
>>> Another thing is that I'm anable to use:
>>>
>>>   - proto: all
>>> group_name: group-name
>>>
>>> as in the official Ansible page example in the rules since I'm getting 
>>> the following error:
>>>
>>> File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 
>>> 1226, in get_status
>>> raise self.ResponseError(response.status, response.reason, body)
>>> boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
>>> 
>>> InvalidGroup.NotFoundYou 
>>> have specified two resources that belong to different 
>>> networks.dee577be-...
>>>
>>> Any ideas?
>>>
>>> $ ansible --version
>>> ansible 1.9.1
>>>
>>>
>>> Thanks,
>>> Igor
>>>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/5135d1c1-5d10-40ad-8a4b-22828b94a382%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/5135d1c1-5d10-40ad-8a4b-22828b94a382%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a14cb730-f026-4f5b-8422-7d463cce6a44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Can't get the group_id value from register in ec2_group on creation

[Igor Cicimov]

Replying to my self about the second part of my question re:

  - proto: all
group_name: group-name

It came up that the group name has to unique in the region otherwise the 
call will fail. The AWS console on other hand allows creation of security 
groups with the same name in same region in case they belong to different 
VPC's.


On Thursday, May 28, 2015 at 2:33:51 PM UTC+10, Igor Cicimov wrote:
>
> I have the following as part of a play:
>
>   - ec2_group:
>  name: group-name
>  description: "firewall"
>  vpc_id: "{{ vpc_id }}"
>  region: "{{ region }}"
>  purge_rules: false
>  purge_rules_egress: false
>  rules:
>   - proto: tcp
> from_port: 22
> to_port: 22
> cidr_ip: 0.0.0.0/0
>   ...
>   #- proto: all
>   #  group_name: group-name
> register: group_sg
>
>   - debug: msg="group_id -- {{ group_sg.group_id }}"
>
> which fails with the error:
>
> TASK: [debug msg="group_id -- {{ group_sg.group_id }}"] 
> ** 
> fatal: [localhost] => One or more undefined variables: 'dict object' has 
> no attribute 'group_id'
>
> Isn't this the right way of getting this attribute? Or this is not an 
> option for a SG created inside VPC? The SG is being created fine though for 
> the specified VPC and region.
>
> Another thing is that I'm anable to use:
>
>   - proto: all
> group_name: group-name
>
> as in the official Ansible page example in the rules since I'm getting the 
> following error:
>
> File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 
> 1226, in get_status
> raise self.ResponseError(response.status, response.reason, body)
> boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
> 
> InvalidGroup.NotFoundYou 
> have specified two resources that belong to different 
> networks.dee577be-...
>
> Any ideas?
>
> $ ansible --version
> ansible 1.9.1
>
>
> Thanks,
> Igor
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5135d1c1-5d10-40ad-8a4b-22828b94a382%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Can't get the group_id value from register in ec2_group on creation

[Igor Cicimov]

I have the following as part of a play:

  - ec2_group:
 name: group-name
 description: "firewall"
 vpc_id: "{{ vpc_id }}"
 region: "{{ region }}"
 purge_rules: false
 purge_rules_egress: false
 rules:
  - proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
  ...
  #- proto: all
  #  group_name: group-name
register: group_sg

  - debug: msg="group_id -- {{ group_sg.group_id }}"

which fails with the error:

TASK: [debug msg="group_id -- {{ group_sg.group_id }}"] 
** 
fatal: [localhost] => One or more undefined variables: 'dict object' has no 
attribute 'group_id'

Isn't this the right way of getting this attribute? Or this is not an 
option for a SG created inside VPC? The SG is being created fine though for 
the specified VPC and region.

Another thing is that I'm anable to use:

  - proto: all
group_name: group-name

as in the official Ansible page example in the rules since I'm getting the 
following error:

File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 
1226, in get_status
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidGroup.NotFoundYou 
have specified two resources that belong to different 
networks.dee577be-...

Any ideas?

$ ansible --version
ansible 1.9.1


Thanks,
Igor

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73f37d6a-f9b5-4219-92cb-665d0f250e6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Execute task for specific host.

[Igor Homyakov]

Hi Alexey,

You do not need to quote a whole string here, could you try

when: servers.role == "upstream"

-- Best, Igor

On Fri, Feb 6, 2015 at 2:27 PM, Alexey Lesovsky  wrote:
> Hello all!
> I have playbook with following parts:
>
> vars:
>   servers:
> - { address: "192.168.122.12", role: "upstream" }
> - { address: "192.168.122.13", role: "downstream" }
> - { address: "192.168.122.14", role: "downstream" }
> task:
>   - name: Task
>  command: "/usr/sbin/somecommand"
>
> How I can execute task only on upstream or downstream servers? Any help
> appreciated.
>
> P.S. I try following part, but it doesn't work:
> task:
>   - name: Task
> command: "/usr/sbin/somecommand"
> when: "servers.role == upstream"
>
> And got error:
> fatal: [vm12-centos7] => error while evaluating conditional: servers.role ==
> upstream
> fatal: [vm13-centos7] => error while evaluating conditional: servers.role ==
> upstream
> fatal: [vm14-centos7] => error while evaluating conditional: servers.role ==
> upstream
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/49234d35-06db-4a7a-8929-9d23ea542f69%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuanso5xjSaXNKTGsfXmfpOqMKRxnf7xX3UikEpQ7v%3Dedi72w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: create network interface (ENI) on EC2 instance? possible to use "raw" boto commands?

[Igor Cicimov]

+1 for this request. Have you seen this module though: 
https://github.com/cybosol/ansible/blob/master/library/cloud/ec2_eni
haven't tried it my self but maybe it can help.

On Saturday, January 3, 2015 11:29:13 AM UTC+11, Jeff wrote:
>
> Someone asked for this  a 
> while back before the modules were reorganized, but I've seen no mention 
> since, so I'm guess it's still not possible to create (or manipulate) an 
> Elastic 
> Network Interface (eni) 
>  on an 
> EC2 instance yet.   That being the case, since this is supported by boto (
> create_network_interface 
> ),
>  
> is it possible for me to make my own calls via boto somehow?  I'm not very 
> deep into Ansible so perhaps this is a nonsensical question.
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/674b7bf4-7358-4f9e-976b-a368dd630493%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Creating multiple ec2 instances in different AZ's

[Igor Cicimov]

Try

- name: Add new instances to group
  add_host: hostname={{ item.private_ip }} groupname=ceph_launched
  with_items: ec2.instances

On Tuesday, December 30, 2014 9:00:36 PM UTC+11, Mark Maas wrote:
>
> Hi List,
>
> I’m trying to create 1 (or more) instances inside different subnet’s where 
> each subnet is a different AZ in Amazon. That way of using AZ’s makes for 
> some better fail-safes.
>
> So:
>
> ---
> - hosts: localhost
>   connection: local
>   gather_facts: no
>   vars:
> #your region
> region: eu-west-1
> AWS_ACCESS_KEY_ID: snipped
> AWS_SECRET_ACCESS_KEY: snipped
> ceph_nodes:
>   1a:
> subnet: subnet-snippeda
> count: 1
>   1b:
> subnet: subnet-snippedb
> count: 1
>   1c:
> subnet: subnet-snippedc
> count: 1
>   tasks:
> - name: Maak 1 Ceph host in elke gekozen AZ
>   local_action:
> module: ec2
> aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
> aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
> region: "{{ region }}"
> vpc_subnet_id: "{{ item.value.subnet }}"
> key_name: snipped
> instance_type: t2.micro
> image: ami-30ff5c47
> wait: yes
> group: 'backend ceph'
> volumes:
>   - device_name: /dev/sdb
> device_type: standard
> volume_size: 128
> delete_on_termination: false
> instance_tags:
>   Name: ci.ceph.{{ item.key }}
>   group: ceph{{ item.key }}
>   environment: development
> exact_count: "{{ item.value.count }}"
> count_tag:
>   group: ceph{{ item.key }}
>   register: ec2
>   with_dict: ceph_nodes
>
> - debug: var=ec2
>
> when that runs, the variable “ec2” contains:
>
> ok: [localhost] => {
> "ec2": {
> "changed": true, 
> "msg": "All items completed", 
> "results": [
> {
> "changed": true, 
> "instance_ids": [
> "i-snipped"
> ], 
> "instances": [
> {
> "ami_launch_index": "0", 
> "architecture": "x86_64", 
> "dns_name": "", 
> "ebs_optimized": false, 
> "hypervisor": "xen", 
> "id": "i-snipped", 
> "image_id": "ami-30ff5c47", 
> "instance_type": "t2.micro", 
> "kernel": null, 
> "key_name": "snipped", 
> "launch_time": "2014-12-30T09:45:55.000Z", 
> "placement": "eu-west-1a", 
> "private_dns_name": 
> "ip-10-220-225-9.eu-west-1.compute.internal", 
> "private_ip": "10.220.225.9", 
> "public_dns_name": "", 
> "public_ip": null, 
> "ramdisk": null, 
> "region": "eu-west-1", 
> "root_device_name": "/dev/sda1", 
> "root_device_type": "ebs", 
> "state": "running", 
> "state_code": 16, 
> "virtualization_type": "hvm"
> }
> ], 
> "invocation": {
> "module_args": "", 
> "module_name": "ec2"
> }, 
> "item": {
> "key": "1a", 
> "value": {
> "count": 1, 
> "subnet": "subnet-snipped"
> }
> }, 
> "tagged_instances": [
> {
> "ami_launch_index": "0", 
> "architecture": "x86_64", 
> "dns_name": "", 
> "ebs_optimized": false, 
> "hypervisor": "xen", 
> "id": "i-snipped", 
> "image_id": "ami-30ff5c47", 
> "instance_type": "t2.micro", 
> "kernel": null, 
> "key_name": "snipped", 
> "launch_time": "2014-12-30T09:45:55.000Z", 
> "placement": "eu-west-1a", 
> "private_dns_name": 
> "ip-10-220-225-9.eu-west-1.compute.internal", 
> "private_ip": "10.220.225.9", 
> "public_dns_name": "", 
> "public_ip": null, 
> "ramdisk": null, 
> "region": "eu-west-1", 
> "root_device_name": "/dev/sda1", 
> "root_device_type": "ebs", 
> "state": "running", 
> "state_cod

Re: [ansible-project] Configuring Ansible to run play books through a bastion host on aws/ec2

[Igor Cicimov]

Matt, doesn't this prevent you from using ec2 dynamic inventory? For me 
being unable to dynamically discover instances as they come and go in the 
VPC is huge limitation.

On Thursday, February 6, 2014 7:31:20 AM UTC+11, Matt Martz wrote:
>
> I use bastions for nearly all of my communication with servers.  It is all 
> done via my ~/.ssh/config file.  Something like:
>
> Host bastion
> User   myuser
> HostName   bastion.example.org
> ProxyCommand   none
> IdentityFile   ~/.ssh/id_rsa
> BatchMode  yes
> PasswordAuthentication no
>
> Host *
> ServerAliveInterval60
> TCPKeepAlive   yes
> ProxyCommand   ssh -qaY bastion 'nc -w 14400 %h %p'
> ControlMaster  auto
> ControlPath~/.ssh/mux-%r@%h:%p
> ControlPersist 8h
>
> In ~/.ansible.cfg I then have
>
> [ssh_connection]
> ssh_args = -o ControlPersist=15m -F ~/.ssh/config
> scp_if_ssh = True
> control_path = ~/.ssh/mux-%%r@%%h:%%p
>
> Nothing else required.  I execute ansible and all my connections go 
> through the bastion.  Your "Host *" might benefit from being more targeted. 
>  In any case, I also have to use these same configs for normal SSH access, 
> so for me it makes sense to just have them in my ssh config.
>
> I really don't see a need to modify anything within Ansible to do this.
> -- 
> Matt Martz
> ma...@sivel.net 
>
> On February 5, 2014 at 2:09:24 PM, Adam Heath (ad...@brainfood.com 
> ) wrote:
>
> I just looked over ssh.py and ssh_old.py; if I were to actually want to 
> sit down and do this, I would factor those 2 classes, into a common base 
> class, then introduce a third version that supported ProxyCommand. 
>
> ps: I notice something odd in the two files above: 
>
> == 
> - def exec_command(self, cmd, tmp_path, sudo_user=None, 
> sudoable=False, executable='/bin/sh', in_data=None, su=False, 
> su_user=None): 
> + def exec_command(self, cmd, tmp_path, sudo_user=None, 
> sudoable=False, executable='/bin/sh', in_data=None, su_user=None, 
> su=False): 
> == 
>
> Why is the order of the last 2 args reversed for those two files? Seems 
> like it might cause some confusion. 
>
> On 02/05/2014 01:51 PM, Adam Heath wrote: 
> > I've had musings on that too. Currently, I think you'd have to manually 
> > configure $HOME/.ssh/config, with ProxyCommand. 
> > 
> > However, I just had a thought. What if there was an 
> > ansible_ssh_proxy=$other_inventory_host feature? When set, ansible 
> > would auto-add the -o ProxyCommand="$something". 
> > 
> > This is just some random brainstorm ramblings. 
> > 
> > On 02/05/2014 12:59 PM, Jeff Lord wrote: 
> >> Hello, 
> >> 
> >> I am building out an env in AWS using ansible and would like to 
> >> configure all of my hosts by running through a single bastion host 
> which 
> >> has port 22 open. 
> >> Laptop -> AWS Bastion -> AWS private network instances 
> >> 
> >> Is there a good example of how to configure the proxy around? 
> >> 
> >> Thank You in advance, 
> > 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com . 
> To post to this group, send email to ansible...@googlegroups.com 
> . 
> For more options, visit https://groups.google.com/groups/opt_out. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/41fc268e-ebc7-4b69-a75b-c694ab6dc46a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Creating subgroup of ec2 dynamic inventory

[Igor Cicimov]

Just in case someone else had similar problem, the solution was to add 
"serial: 1" to the playbook otherwise the execution is parallel thus only 
the last host preprocessed ends up in the group.

Simple example /etc/ansible/hosts-group inventory:
[group-tomcat]
10.22.0.43server_name=app11 ec2_private_dns_name=ip-10-22-0-43
10.22.10.35server_name=app21 ec2_private_dns_name=ip-10-22-10-35

Simple test33.yml playbook:
---
- hosts: '{{ tomcats }}'
  connection: local
  serial: 1
  gather_facts: no
  tasks:
  - add_host: hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }}

The idea is to create a new in-memory group out of a group passed on in the 
input.

Without "serial: 1":

$ ansible-playbook -i /etc/ansible/hosts-group test33.yml --extra-vars '{ 
"tomcats" : "group-tomcat" }' --verbose

PLAY [group-tomcat] ***

TASK: [add_host hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }}] ***
ok: [10.22.0.43] => {"new_groups": ["backends"], "new_host": 
"ip-10-22-0-43"}

PLAY RECAP 

add_host hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }} --- 0.01s
10.22.0.43: ok=1changed=0unreachable=0failed=0  
10.22.10.35   : ok=1changed=0unreachable=0failed=0


With "serial: 1":

$ ansible-playbook -i /etc/ansible/hosts-group test33.yml --extra-vars '{ 
"tomcats" : "group-tomcat" }' --verbose

PLAY [group-tomcat] *** 

TASK: [add_host hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }}] *** 
ok: [10.22.0.43] => {"new_groups": ["backends"], "new_host": 
"ip-10-22-0-43"}

TASK: [add_host hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }}] *** 
ok: [10.22.10.35] => {"new_groups": ["backends"], "new_host": 
"ip-10-22-10-35"}

PLAY RECAP 
 
add_host hostname={{ ec2_private_dns_name }} groupname=backends 
server_name={{ server_name }} --- 0.00s
10.22.0.43: ok=1changed=0unreachable=0
failed=0   
10.22.10.35   : ok=1changed=0unreachable=0failed=0

The difference in the execution is obvious.

On Monday, May 12, 2014 1:08:48 PM UTC+10, Igor Cicimov wrote:
>
> Thanks Michael your suggestions noted. I did some more testing and looks 
> like only one single instance, assuming the last instance, from the 
> inventory is being added to the group, and this is without any conditions. 
> Very simple playbook example:
>
> ---
> - hosts: ec2 
>   gather_facts: False
>   connection: local
>   vars:
> ec2ip: "{{ hostvars[inventory_hostname]['ec2_publicIp'] }}"
> ec2dns: "{{ hostvars[inventory_hostname]['ec2_public_dns_name'] }}"
>   tasks:
>  - add_host: "hostname={{ ec2ip }} groupname=ec2hosts server_name={{ 
> ec2dns }}"
>
> and I get only one single host in the ec2hosts group:
>
> PLAY [ec2] 
>  
>
> TASK: [add_host hostname={{hostvars[inventory_hostname]['ec2_publicIp']}} 
> groupname=ec2hosts 
> server_name={{hostvars[inventory_hostname]['ec2_public_dns_name']}}] *** 
> ok: [instance_public_ip_obscured] => {"new_groups": ["ec2hosts"], 
> "new_host": "instance_public_ip_obscured"}
>
> Looks like this is not working the way I assume. From what I can see I 
> have 52 instances in the current ec2 inventory cache:
>
> $ cat ~/.ansible/tmp/ansible-ec2.cache | grep region | sort | uniq -c
>  47 "ec2_region": "ap-southeast-2", 
>   5 "ec2_region": "eu-west-1",
>
> Thanks,
> Igor
>
> On Saturday, May 10, 2014 9:56:37 AM UTC+10, Michael DeHaan wrote:
>>
>> A few things to cleanup first:
>>
>> " - add_host: hostname={{ hostvars[inventory_hostname]['ec2_publicIp'] 
>> }} groupname=ec2hosts server_name={{ 
>> hostvars[inventory_hostname]['ec2_public_dns_name'] 
>> }}"
>>
>> When you get ginormous variables like this, slow down, and define useful 
>> shortcuts in your "vars" section, like this:
>>
>> vars:
>> ec2ip: "{{ hostvars[inventory_hostname]['ec2_publicIp'] }}"
>>
>> This allows c

Re: [ansible-project] Feature idea: Adding a vault/ subdir to group_vars and host_vars

[Igor Homyakov]

Hi,

I'm using a following naming scheme in my projects
[inventory_group]/secret/self-documented-name.yml

for example :
group_vars
├── all
│   └── secret
│   ├── deployment_keys.yml
│   ├── api_keys.yml
│   └── hipchat_token.yml
├── redis
│   └── secret
│   └── aws.yml
└── webapp
   └── secret
  └── ssl.yml

I hope it would be useful.

-- Best, Igor

On Tue, Dec 9, 2014 at 5:40 PM, Michael DeHaan  wrote:
> You can have subdirectories under group_vars/groupname/*.yml if you want,
> and some of those can be vault encrypted.
>
>
>
> On Tue, Dec 9, 2014 at 9:28 AM, Hagai Kariti  wrote:
>>
>> The pull request for the docs has been merged already. The relevant doc
>> page is here: http://docs.ansible.com/intro_inventory.html
>>
>> Just search for 'vault' in that page. It doesn't have info this thread
>> doesn't though...
>>
>> On Tue, Dec 9, 2014 at 3:14 PM, Chris Adams 
>> wrote:
>>>
>>> Hi all,
>>>
>>> I just came across this after puzzling over how best to use ansible-vault
>>> to manage sensitive credentials in group vars, without encrypting
>>> everything, and I couldn't find the pull request for this when looking
>>> through the github issues for
>>>
>>> Would someone share a link to it?
>>>
>>> Thanks
>>>
>>> Chris
>>>
>>> On Friday, 23 May 2014 15:36:18 UTC+2, Hagai Kariti wrote:
>>>>
>>>> Yeah that's me :-)
>>>>
>>>> On May 23, 2014 3:19 PM, "Michael DeHaan"  wrote:
>>>>>
>>>>> Docs are open source and there's already an open pull request for that
>>>>> in the docs.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, May 22, 2014 at 4:57 AM, Hagai Kariti  wrote:
>>>>>>
>>>>>>
>>>>>> On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan 
>>>>>> wrote:
>>>>>>>
>>>>>>> "Using Vault in group_vars has the downside of losing version control
>>>>>>> on the vaulted file"
>>>>>>>
>>>>>>> This is not neccessarily the case.
>>>>>>>
>>>>>>> group_vars/ folders are also loaded if they live alongside the
>>>>>>> playbook, so that can be a good option.
>>>>>>>
>>>>>>> You could also keep the variables in a role vars/ directory and pull
>>>>>>> them in to hosts that need them.
>>>>>>>
>>>>>>> In fact, a role can contain nothing but vars, and that works too!
>>>>>>>
>>>>>>
>>>>>> Yeah I know, but that's not helping my specific use case, as I need
>>>>>> different sensitive variables based on inventory, not role or playbook.
>>>>>> Serge's suggestion was what solved it for me - too bad this feature
>>>>>> isn't documented!
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti 
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Whoa, dude. Didn't know that trick. Yeah that actually solves my
>>>>>>>> case pretty nicely. Thanks a bunch.
>>>>>>>>
>>>>>>>> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21 May 2014 16:53, Hagai Kariti  wrote:
>>>>>>>>>>
>>>>>>>>>> It's really the same idea as group_vars. For each group a host is
>>>>>>>>>> a member of, two files are included:
>>>>>>>>>> - The file under group_vars/, as usual
>>>>>>>>>> - The vaulted file under the vaulted group_vars dir
>>>>>>>>>>
>>>>>>>>>> This allows you to separate the sensitive and normal parts of your
>>>>>>>>>> group_vars, so that you won't lose version control on the normal 
>>>>>>>>>> parts.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> OK, actually, you already can do something similar, what I do:
>>>>>

Re: [ansible-project] OS X 'pkg' module?

[Igor Homyakov]

Hi John,

Apparently you are talking about a tool like `rpm` or `dpkg`, I think
a Mac equivalent  would be [installer](
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/installer.8.html).
and I haven't saw such modules so far.

-- Best, Igor

On Tue, Nov 25, 2014 at 7:40 PM, John Oliver  wrote:
> Hi Igor.  I didn't mean to retrieve packages, but to install them.  If I
> have an RPM file, I can 'yum: name=/path/to/file.rpm state=present'  I'd
> like to do the same thing with an Apple .pkg file... 'pkg:
> name=/path/to/file.pkg state=present' and have that file actually installed.
> I see there's a 'pkgin' for "SmartOS", whatever that is; and a 'pkgng' for
> FreeBSD and 'pkgutil' for Solaris, but nothing for Apple OS X.
>
> On Tuesday, November 25, 2014 1:38:08 AM UTC-8, Igor Khomyakov wrote:
>>
>> Hi John,
>>
>> There are homebrew and macport modules in extra.
>>
>> As far as I know [Nix](https://nixos.org/nix/) package manager runs on
>> Mac OS X as well but there is no module for Nix in ansible yet.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/eb990dd9-deb9-4275-8b01-300d5d21eda8%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansrjq8zU043Y87kK3eW7eQ_9CzkkvNeV_%2BQHOEssuF88fA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible 1.7.2, sudo_user don't work properly

[Igor Homyakov]

Hi Evgeny,

You've missed `sudo: yes` in a  first task

`sudo: yes` is mandatory `sudo_user` doesn't enable 'sudoing'



-- Best, Igor

On Tue, Nov 25, 2014 at 1:13 PM, Volkov Evgeny  wrote:
> Server: Linux Mint 17
> Remote host: Ubuntu Server 14.04 LTS
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6b717d6a-636c-4695-b7ac-5d991dc5ff16%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAGuansqkv9uGYNa%2BKQrgo6Vpcnh3vw4JR2bpzgt4p4R6GWSwiQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.