[ansible-project] Ansible + ACI very slow execution

2022-01-20 Thread JP 
 

Hi, 

I wrote playbook that should assign static port mappings  in 130 EPG for 25 
interfaces and it took about 1 hour to execute.

Playbook :
- name: Do static port mapping
include: do_static_binding.yaml
with_items: "{{ new_interfaces }}"
vars:
subnets: "{{ subnets_data }}"

*do_static_binding.yaml* - simple playbook  which is using module:
aci_static_binding_to_epg 

 

Where *new_interfaces* - list of interfaces that should be added to EPGs

*subnets_data* - list of dicts containing Tenant, AP, EPG

Is there is a way to speed up playbook execution ? As we want to use 
Ansible for all automation tasks, not Python scripts.

 

P.S

Simple python script that is doing API requests do same work for about 1-2 
minutes.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d27f218-c535-4ba4-8546-704765e533can%40googlegroups.com.

[ansible-project] cli_command executing on localhost

2019-09-07 Thread JP-OKC 
I have a playbook to harden the NXOS API on Nexus switches.It requires 
connecting to the Nexus, running the bash shell and executing some commands 
to configure iptables.Some of the commands execute correctly and others 
seem to try to run on the local host even though I don't have delegate_to: 
set for those tasks.   These tasks seem to run on the switch:

   - set the vrf for NXAPI
   - enter the shell
   - become root
   - apply the ip tables config


All the others seem to run on localhost (my ansible box).   Has anyone run 
into this before?


part of the playbook:

- name: set the vrf for NXAPI
  nxos_config:
lines: nxapi use-vrf management

- name: enter the shell
  cli_command:
command: run bash
sendonly: yes

- name: become root
  command: sudo su -

- name: setup the iptables_init.log
  command: sudo touch /etc/iptables_init.log; sudo chmod 777 
/etc/iptables_init.log

   - name: Create the init file
  command:  sudo echo "{{ initfile }}" > /etc/init.d/iptables_init


- name: set the default action to drop
  cli_command:
command: sudo ip netns exec management iptables -F INPUT
sendonly: yes

- name: apply the ip tables config
  cli_command:
command:  sudo ip netns exec management iptables -A INPUT -s {{ 
item.source }} -p tcp --dport 443 -j ACCEPT
sendonly: yes
  when:
- "'WEB' in item.remark"
- "'remark' not in item.action"
  with_items: "{{ current_acl.list }}"

- name: save the ipchains
  cli_command:
command: "sudo ip netns exec management iptables-save > 
/etc/sysconfig/iptables"
sendonly: yes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b86560ec-7d58-41d4-b892-b92b1e2a20fd%40googlegroups.com.

[ansible-project] Re: Search for string in stdout for failed_when

2019-08-27 Thread JP-OKC 
Thanks Kai,   That worked.

On Tuesday, August 27, 2019 at 2:10:20 PM UTC-5, JP-OKC wrote:
>
> how can I pull a string from the stdout and use it for failed_when?I 
> run a command on a switch and then I want to match a string w/in that 
> output to determine if it failed or not.
>
> Here's what the playbook looks like:
>
> ---
> - name: Check the ssh keypair on a Nexus 9k
>   hosts: all
>   gather_facts: false
>   connection: network_cli
>   tasks:
>   - block:
> - name: show keypair
>   nxos_command:
> commands: "show username someuser keypair"
>   ignore_unreachable: true
>   register: print_output
>   failed_when: ("could not retrieve rsa key information" in 
> print_output.stdout)
>   - debug: var=print_output
>
>
>
>
>
> Here's what the debug output looks like.I want to match on the 3rd 
> line of the stdout_lines.
>
> ok: [switchB] => {
> "print_output": {
> "ansible_facts": {
> "discovered_interpreter_python": "/usr/bin/python"
> },
> "changed": false,
> "failed": false,
> "failed_when_result": false,
> "stdout": [
> "**\n\ncould not retrieve 
> rsa key information\n**\n\ncould not 
> retrieve dsa key 
> information\n**\n\ncould not retrieve 
> ecdsa key information\n**"
> ],
> "stdout_lines": [
> [
> "**",
> "",
> "could not retrieve rsa key information",
> "**",
> "",
> "could not retrieve dsa key information",
> "**",
> "",
> "could not retrieve ecdsa key information",
> "**"
> ]
> ]
> }
> }
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fbabcdf4-bef2-4372-8bd4-2b389c5d4bcb%40googlegroups.com.

[ansible-project] Search for string in stdout for failed_when

2019-08-27 Thread JP-OKC 
how can I pull a string from the stdout and use it for failed_when?I 
run a command on a switch and then I want to match a string w/in that 
output to determine if it failed or not.

Here's what the playbook looks like:

---
- name: Check the ssh keypair on a Nexus 9k
  hosts: all
  gather_facts: false
  connection: network_cli
  tasks:
  - block:
- name: show keypair
  nxos_command:
commands: "show username someuser keypair"
  ignore_unreachable: true
  register: print_output
  failed_when: ("could not retrieve rsa key information" in 
print_output.stdout)
  - debug: var=print_output





Here's what the debug output looks like.I want to match on the 3rd line 
of the stdout_lines.

ok: [switchB] => {
"print_output": {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"failed": false,
"failed_when_result": false,
"stdout": [
"**\n\ncould not retrieve 
rsa key information\n**\n\ncould not 
retrieve dsa key 
information\n**\n\ncould not retrieve 
ecdsa key information\n**"
],
"stdout_lines": [
[
"**",
"",
"could not retrieve rsa key information",
"**",
"",
"could not retrieve dsa key information",
"**",
"",
"could not retrieve ecdsa key information",
"**"
]
]
}
}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/407fe665-42a8-4264-9c77-e40099cdb525%40googlegroups.com.

[ansible-project] How to assing ipv6 address(es) using ec2_instance module?

2019-01-22 Thread jp 
I am trying to define new ipv6 address for ENI using ec2_instance module in 
ansible 2.7.6- I just don't get it how to define the task? output is just 
"changed: false" and nothing happens. Would anyone be able to point out how 
to add new and remove extra ipv6 addresses from running ec2 instance?

I have tried many versions nothing seems to work so currently I just use 
local action for aws which is nothing else than work around.

- name: eni fact gather
  ec2_eni_facts:
filters:
  private-ip-address: 
"{{instance_launch.tagged_instances[0].private_ip}}"
  register: eni_facts

- name: Create lists
  set_fact:
ipv6_address_list: "[]"

- name: Append list ipv6_address_list
  set_fact:
ipv6_address_list: "{{ipv6_address_list}} + ['{{item.ipv6_address}}']"
  with_items:
- "{{eni_facts.network_interfaces[0].ipv6_addresses}}"

- name: Add new ipv6 addresses using awscli local action
  local_action: command aws ec2 assign-ipv6-addresses 
--network-interface-id {{eni_facts.network_interfaces[0].id}} 
--ipv6-addresses {{item}}
  when: item not in ipv6_address_list
  with_items:
- "2a05:d018:c25:1701::11"

# Not working. why?
#- name: Assign ipv6 to EC2 network interface
#  ec2_instance:
#state: present
#region: "{{amazon_region}}"
#vpc_subnet_id: "{{vpcdata_subnets.results[1].subnet.id}}"
#instance_ids: 
#  - "{{instance_launch.tagged_instances[0].id}}"
#network:
#  interfaces:
#- "{{eni_facts.network_interfaces[0].id}}"
#  ipv6_addresses:
#- 2a05:d018:c25:1701::11

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3d32bc52-646c-4e46-9511-f33ab2331e16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Server date in Ansible/J2?

2016-07-11 Thread jp 
On Sunday, July 10, 2016 at 3:41:55 PM UTC-4, Kai Stian Olstad wrote:
>
> On 09. juli 2016 04:03, j...@jpsdomain.org  wrote: 
> > > I have what seems to be a simple question that I can't find on the 
> web.  How do I get the current date from the Ansible server into a J2 
> variable?  I know how to do it with {{ ansible_date_time.date }} but that's 
> from the remote node at the time Ansible collected facts (which could be 
> cached), NOT "now" on the server I'm running on...right? 
> >
> > Check out lookups 
> > https://docs.ansible.com/ansible/playbooks_lookups.html 
>  
> >
> > {{ lookup('pipe','date') }} 
>
> Thanks.  I should have mentioned I considered that, but it seems crazy and 
> inefficient to have to shell out and run the `date` command when Python, 
> Ansible and J2 already know what date and time it is...I just need a way to 
> make one of them tell me in a playbook.  Is there really no way to do 
> something like {{ now.strftime('%Y-%m-%d') }}?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/be7f2ec0-8265-4ef2-acd2-bfaba230d8de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Server date in Ansible/J2?

2016-07-10 Thread jp 


I have what seems to be a simple question that I can't find on the web.  How do 
I get the current date from the Ansible server into a J2 variable?  I know how 
to do it with {{ ansible_date_time.date }} but that's from the remote node at 
the time Ansible collected facts (which could be cached), NOT "now" on the 
server I'm running on...right?

Use case (this works, but it's remote node "setup" (get facts) time, not local 
server "now" time):
 - name: Update image_release file
   lineinfile:
 dest=/image_release
 state=present
 insertbefore=BOF
 line='{{ ansible_date_time.date }} {{ image_release }}'
How do I get "now" on the server I'm running on?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73b10bf5-a9f9-4525-9f75-8dd37bb7a04e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.