Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Actually seemed to be not related to the use of ip. In fact changing it to use domain didnt execute the callback as the new calling machine wasnt in the inventory (we set tower to use to use private ips of AWS instances for inventory) It was proot settings in the ansible tower settings file we had to change to be false Here is Ansibles response to my email. This is a local action on the Tower host, yes? Tower is constricted with proot from executing outside a narrow range of directories. /tmp wouldn't be available. Tower also executes as the awx user locally and out of the box does not have sudo access at all. So two things are preventing this playbook from running on your Tower host: 1) sudo to root on a local run and proot prevents execution outside the playbook directory locally. I don't advise giving the awx user the ability to become root locally on Tower: that could lead to users running playbooks against localhost that could essentially do anything. Since you don't need root access to modify things in temp directories, I'd remove the "sudo: true line from your playbook. As for the inability to execute outside your playbook directories (ie: manipulate files in /tmp) Tower is designed to control other hosts, but sometimes needs to access directories outside that playbook, so you can loosen these security restraints by changing the PROOT setting in /etc/tower/settings.py to "False" and restarting the Tower service: vi /etc/tower/settings.py change: AWX_PROOT_ENABLED = True to: AWX_PROOT_ENABLED = False then issue this command to restart the service (as root): ansible-tower-service restart Let us know if you have any questions. On Monday, 30 November 2015 14:15:40 UTC, Adrian Black wrote: > > Thanks Brian > I have sent them an email however i think the issue was i was using the > private aws ip of the box rather than domain name. I changed that and now > its not erroring but also doesnt seem to be executing the callback script > as that job no longer shows up, however it does seem to be calling the > inventory script. So that's a new issue. > > > On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: >> >> for tower related issues please go to http://support.ansible.com or >> email sup...@ansible.com. >> -- >> Brian Coca >> > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3bc4c901-df4e-4423-8f20-9bc2374ec5f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Thanks Brian I have sent them an email however i think the issue was i was using the private aws ip of the box rather than domain name. I changed that and now its not erroring but also doesnt seem to be executing the callback script as that job no longer shows up, however it does seem to be calling the inventory script. So that's a new issue. On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: > > for tower related issues please go to http://support.ansible.com or email > sup...@ansible.com . > -- > Brian Coca > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9570bcee-5aa0-4955-9c0d-e1717729b5a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
for tower related issues please go to http://support.ansible.com or email supp...@ansible.com. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DYj77kTv7jqe1zVwE_hOZj29KCEFXX4YdiG%2BL9Yt4QVA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Help with callback to tower from AWS auto scaling script
Trying to put the bits together to get an auto scaling group in aws to come
on line and create a vm that does a callback to tower for provisionment.
The bit im getting stuck with is the callback part
According
to http://docs.ansible.com/ansible-tower/2.2.0/html/userguide/job_templates.html
you use the /usr/share/awx/request_tower_configuration.sh script as a basis
this script looks like it takes arguments so should be called somethig like
./scripts/request_tower_configuration.sh ansible.myco.com
84e2d9d26c5977c1b12eb353f1a97aa1 94
I have seen the launch config script snippet like
- name: create launch config
ec2_lc:
name: "{{ site_prefix }}-lc"
...
user_data: "{{ lookup('file',
'./scripts/request_tower_configuration.sh')}}"
that takes the contents of that file as pastes it as a blob in the
user_data field on a created vm but without the arguments you need its
useless.
i did try this too but that doesnt work
user_data: "{{ lookup('file', './scripts/site_callback.sh')
ansible.idg.co.uk 84e2d9d26c5977c1b12eb353f1a97aa1 94 }}"
anyone got a working example of how this works?
thanks
--
This message is private and confidential and for the exclusive use of the
intended recipient(s). If you receive this email in error, please notify
the sender immediately and delete all copies from your system. If you are
not the intended recipient disclosure, distribution, copying or use of this
communication is strictly prohibited. Any views or opinions presented in
this email are solely those of the author and do not necessarily represent
those of IDG UK. Clients and suppliers can view our full terms and
conditions at www.idg.co.uk/terms-and-conditions/
IDG Communications Ltd. Company Reg No: 1197840. Registered in England and
Wales.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b683524f-0ffe-4ad3-b52a-c2d66126c40a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
