Re: [ansible-project] Re: Trouble with quoting a shellshock test

Have a look a the script https://github.com/hannob/bashcheck/blob/master/bashcheck it seems to me it covers all know shelshock CVE On Mon, Sep 29, 2014 at 4:13 AM, Mark Casey wrote: > Thanks to both for the suggestions. > > Mark > > On Sunday, September 28, 2014 3:40:37 AM UTC-5, Igor Khomyakov w

Re: [ansible-project] apt safe-upgrade module

https://help.ubuntu.com/community/PinningHowto#Apt Like that. Ben On Saturday, 27 September 2014 14:37:55 UTC+1, Michael DeHaan wrote: > > Curious how the holds got placed? > > > > On Fri, Sep 26, 2014 at 10:04 AM, Benjamin Copeland > wrote: > >> Hello Michael, >> >> I am using dpkg, so dpkg --g

Re: [ansible-project] apt safe-upgrade module

All holds are in /var/lib/dpkg/status file as well as other statuses of available packages. On Sat, Sep 27, 2014 at 5:37 PM, Michael DeHaan wrote: > Curious how the holds got placed? > > > > On Fri, Sep 26, 2014 at 10:04 AM, Benjamin Copeland > wrote: >> >> Hello Michael, >> >> I am using dpkg,

[ansible-project] Re: win_ping issue

Try not setting the ansible_ssh_host in your inventory - I think this might be forcing it to attempt ssh transport, which of course isn't going to work for windows hosts. In other words, change [ads800s] ADS-6999 ansible_ssh_host=123.123.123.123 to ads800s] ADS-6999 and ensure ADS-6999 can e

Re: [ansible-project] Re: win_ping issue

ansible_ssh_host does not imply the transport. Let's ask the starter question, "what's the output of ansible --version" ? On Mon, Sep 29, 2014 at 6:36 AM, J Hawkesworth < j.r.hawkeswo...@googlemail.com> wrote: > Try not setting the ansible_ssh_host in your inventory - I think this > might be f

[ansible-project] Conditionals with facts

Hi, We use Puppet when I work and we've done a bit of orchestration with both Mcollective and Fabric. I'm very interested in using Ansible instead of Fabric since I've learned it can use Facter facts. We have a mix of Solaris and Linux nodes, and for the Solaris nodes it looks like I need to s

[ansible-project] Limit number of instances with specific role

Hi, I want to install specific role on part of the hosts in a host group. Not a rolling update, but as an absolute limit of some process installation in entire host group. So, according to that number process will be installed or removed from instance to adjust. How can i implement this? Re

Re: [ansible-project] Re: win_ping issue

ansible 1.7.1 (this and other details are in the original posting) On Mon, Sep 29, 2014 at 7:03 AM, Michael DeHaan wrote: > ansible_ssh_host does not imply the transport. > > Let's ask the starter question, "what's the output of ansible --version" ? > > > > On Mon, Sep 29, 2014 at 6:36 AM, J H

Re: [ansible-project] Conditionals with facts

On Sun, Sep 28, 2014 at 6:48 PM, Rich Burroughs wrote: > Hi, > > We use Puppet when I work and we've done a bit of orchestration with both > Mcollective and Fabric. I'm very interested in using Ansible instead of > Fabric since I've learned it can use Facter facts. > I'm sorry to hear about the

Re: [ansible-project] Re: win_ping issue

Sorry for the confusion, I was replying to the incorrect assertion above and missed the scrollback. Please make sure you file a ticket for this one as tracebacks in Ansible are definitely bugs, though it sounds like you need to either use --ask-pass or set ansible_ssh_pass -- though the variable n

Re: [ansible-project] Ansible's docker module volumes option is a mystery (to me)

Ah, so = does an implicit 'toString' on the variable I presume? On Saturday, September 27, 2014 9:39:24 AM UTC-4, Michael DeHaan wrote: > > The user does not have to change how they specify a list based on it being > local or remote - that is not a thing in Ansible. > > You do need to use the ":

Re: [ansible-project] Ansible's docker module volumes option is a mystery (to me)

Yeah basically - it's Jinja2 templated down to a string, losing any type info. On Mon, Sep 29, 2014 at 9:25 AM, Matt Hughes wrote: > Ah, so = does an implicit 'toString' on the variable I presume? > > > On Saturday, September 27, 2014 9:39:24 AM UTC-4, Michael DeHaan wrote: >> >> The user doe

Re: [ansible-project] apt safe-upgrade module

Yep, familiar with apt pinning. I think I'd be open to a parameter to ignore the pinning, but it probably should not happen by default. On Mon, Sep 29, 2014 at 6:07 AM, Igor Homyakov wrote: > All holds are in /var/lib/dpkg/status file as well as other statuses > of available packages. > > On

Re: [ansible-project] Limit number of instances with specific role

Do you need to do this randomly and then remember which ones were randomly chosen? Or could you just, say, work with the first X in a group? If the latter, you might be able to do something like this (untested) to do the first 3 servers in a specific_group: hosts: specific_group[0]:specific_group[

Re: [ansible-project] parallel execution

Any chance I can get a copy of your known_hosts file? Off list would be preferred. I'm not sure that's it, but I suspect it could be. On Mon, Sep 29, 2014 at 10:35 AM, Vincent Janelle wrote: > Just an update at Michael's request - seeing the exact same situations, > with ec2. > > Setting thi

Re: [ansible-project] parallel execution

Not sure how I'd send you a copy of /dev/null, unless ansible is attempting to parse the contents of ~/.ssh/known_hosts outside of ssh. On Monday, 29 September 2014 07:39:20 UTC-7, Michael DeHaan wrote: > > Any chance I can get a copy of your known_hosts file? > > Off list would be preferred. > >

Re: [ansible-project] parallel execution

Just an update at Michael's request - seeing the exact same situations, with ec2. Setting this environment variable fixes this. On Thursday, 12 September 2013 15:34:33 UTC-7, Michael Blakeley wrote: > > On Thursday, September 12, 2013 3:21:23 PM UTC-7, James Cammarata wrote: >> >> I believe the

Re: [ansible-project] parallel execution

Hi Vincent, could you share a sample of the playbook you're running as well as the results of running it with -f1, -f2 and -f4? That should determine if the playbook is indeed being serialized at some point. Do note, however, if you're doing something like this: - local_action: ec2 ... with_ite

Re: [ansible-project] apt safe-upgrade module

Currently, its holding me back from updating a number of our servers. As, soon as the held package gets updated, the server breaks. Is there anything I can do? On Monday, 29 September 2014 14:43:20 UTC+1, Michael DeHaan wrote: > > Yep, familiar with apt pinning. > > I think I'd be open to a pa

[ansible-project] Variable scope issue: value from a different role being used

Hi all I'm running from HEAD (recently ran 'git pull --rebase && git submodule update --init --recursive' following recent restructuring). Unfortunately I can't tell which commit I was previously running from, but I currently have an issue with the value of a variable being used from a different

Re: [ansible-project] Re: win_ping issue

My windows.yml file is in the group_vars directory and contains --- ansible_ssh_user: ansmgr ansible_ssh_pass: ansiblepw ansible_ssh_port: 5986 ansible_connection: winrm Here is my output [ansmgr@LinuxControlMachine etc]$ *ansible ADS-6999 -m win_ping -* <123.123.123.123> ESTABLISH CONNECTION

[ansible-project] Re: Variable scope issue: value from a different role being used

Oh, the role name mismatch between what is in deploy.yml and the following filenames (deploy-projectA vs projectA) really is just a typo (doh). Tom On 29 September 2014 17:13, Tom Bamford wrote: > Hi all > > I'm running from HEAD (recently ran 'git pull --rebase && git submodule > update --ini

Re: [ansible-project] Re: Ansible fact gathering is slow with host_key_checking = True

Hi Barry, One thing I did notice when testing your configuration was that, with my default ulimit settings, large -f settings were causing similar tracebacks and failures. In my case setting `ulimit -u 4096` (may also have to do `ulimit -f 4096`) resolved that issue. I noticed this when using the

[ansible-project] Re: Variable scope issue: value from a different role being used

Sorry, also the output of `ansible --version`: ansible 1.8 (devel 459722899d) last updated 2014/09/29 14:22:39 (GMT +000) lib/ansible/modules/core: (detached HEAD db5668b84c) last updated 2014/09/29 14:22:47 (GMT +000) lib/ansible/modules/extras: (detached HEAD 110250d344) last updated 2014/09

Re: [ansible-project] Re: Ansible fact gathering is slow with host_key_checking = True

I also meant to ask if you could do a simple `ansible -m ping all` test (before and after changing the ulimit settings), to see if you still see slowness with that simple test or if it is directly related to fact-gathering. Thanks! On Mon, Sep 29, 2014 at 10:28 AM, James Cammarata wrote: > Hi B

Re: [ansible-project] parallel execution

Exactly like what was described at the start of this thread. :( Setting the environment variable produces the desired parallel execution. On Monday, 29 September 2014 08:05:59 UTC-7, James Cammarata wrote: > > Hi Vincent, could you share a sample of the playbook you're running as > well as the

Re: [ansible-project] parallel execution

Ansible does read ~/.ssh/known_hosts because it needs to know whether to lock itself down to 1 process to ask you the question about adding a new hosts to known_hosts. This only happens when it detects a host isn't already there, because it must detect this before SSH asks. And this only happens

Re: [ansible-project] parallel execution

Vincent, I now use a slightly different workaround. Instead of routing known_hosts to /dev/null I route it to a temp file. This keeps the EC2 noise out of my default known_hosts file, and seems to play well with ansible. >From my ~/.ssh/config file: Host *.amazonaws.com PasswordAuthenti

Re: [ansible-project] parallel execution

Hi James, Each loop DOES happen within the host loop. If you have 50 hosts and they are "with_items"'ing, that still happens 50 hosts at a time. On Mon, Sep 29, 2014 at 11:05 AM, James Cammarata wrote: > Hi Vincent, could you share a sample of the playbook you're running as > well as the r

Re: [ansible-project] parallel execution

So I'm confused - are you saying you are using known_hosts that are empty? This seems to be a completely unrelated question. The mention of /dev/null above seemed to be based on confusion that we didn't read it, not that it was actually symlinked to /dev/null. Can each of you clarify? On Mon, S

Re: [ansible-project] parallel execution

I took it that Vincent was referring to my message of 2013-09-12 . In that post I mentioned using /dev/null for the ssh UserKnownHostsFile configuration key, scoped to Host *.amazonaws.com This configuration triggers sing

Re: [ansible-project] parallel execution

Ansible does not find your known hosts location from ~/.ssh/config on a per host basis and does read your ~/.ssh/known_hosts. It does this because it needs to know, in advance of SSH asking, whether it needs to lock. Assume it's running at 50/200 forks and needs to ask a question interactively, t

Re: [ansible-project] parallel execution

I'm wondering if we can detect configuration of alternative known_hosts locations in the ~/.ssh/config and issue a warning, which should be able to key people in to turn off the checking feature. This should close this out, I'd think. On Mon, Sep 29, 2014 at 12:54 PM, Michael DeHaan wrote: >

[ansible-project] Monit/CollectD - Best Approach?

We use Ansible to install/configure Postgres, Memcached, Redis, Nginx and a bunch of other services. Now we want to use Ansible to setup monitoring (Monit) and metrics collection (CollectD). Monit and CollectD each use 'service plugins'. Plugin configuration can all reside in a single config

Re: [ansible-project] docker module is not upgrading my container

> > >> Assuming that: > 1) The kill old container task isn't supposed to be present in the second > example > 2) The snazzy/cyweb container is running a long running process > 3) Manually running docker's tools does something similar > > I think this behaviour is intended. > > This seems like we'

[ansible-project] new to ansible, looking for the way to go with oracle-ansible

Hi, Michael already made a great set of roles to install and configure Oracle databases. See https://github.com/oravirt/ansible-oracle. It works but I wonder if this is the way to go or not. Considering the fact that there will be many Oracle installations and upgrades, I can imagine that the

[ansible-project] Totally Stuck...

This is a real blocker.SSH works but Ansible does not. In the debug output I see ''PasswordAuthentication=no' and that looks wrong. Any ideas? Thanks - $: ssh -t venus "mkdir /tmp/core; cd /tcp; sudo mv /tmp/core ." 2>/dev/null Password: No problem.

Re: [ansible-project] Totally Stuck...

> > -- > > $: ansible venus - -i hosts -m shell -a "mkdir /tmp/core; cd /tcp; > sudo mv /tmp/core ." --sudo -K > > sudo password: > > Looks like you are asking to be prompted for a sudo password ('-K') but not an SSH password ('-k') -- so it's not going to

Re: [ansible-project] Totally Stuck...

Thank you for your reply. I did not explain myself too well. Sorry. I don't need SSH authentication, only sudo. So we have two authentications. SSH proceeds without password using keys, but sudo needa a password, which I give at the prompt. What other password is it waiting for, a

Re: [ansible-project] Totally Stuck...

You can't call sudo from the shell module. The play would normal be like this: tasks: - name: foo sudo: true sudo_user: root file: state=directory dest=/tcp/core On 09/29/2014 02:56 PM, Tiglath wrote: Thank you for your reply. I did not explain myself too well. Sorry

Re: [ansible-project] Re: IMPORTANT HEADS UP: If running from devel branch, now using submodules

I've just made nodes and retired a reasonably large set of tickets. You should have GitHub notifications if this affects you. Help moving things to new repos is greatly appreciated so let us know if there are questions! Thanks! On Sun, Sep 28, 2014 at 12:32 PM, Michael DeHaan wrote: > And

[ansible-project] msg: Failed to lock apt for exclusive operation - apt: update_cache=yes

Hello, Last week we updated one of our servers from unbent 12.0+ to 14.0+ it deployed with out issue, after the weekend deployment to one of servers is no longer possible :-( Here is the command that is failing: - name: Update the apt cache if older than 2 hrs apt: update_cache=yes cache_vali

Re: [ansible-project] Re: IMPORTANT HEADS UP: If running from devel branch, now using submodules

Bother. I saw those emails(one request, 2 emails). However, I was rather surprised that my 6026 pull request hadn't yet been merged. I thought it would have been rather simple. It's been over 6 months, with no updates at all, and suddenly this is closed. How do I know if I go and do even *

Re: [ansible-project] ansible 1.7.2 with multiline variables using the copy mod's 'content' directive

Thanks for the clarification! I'll go ahead and use a template instead if that's what you're recommending. It makes the most sense to deprecate/undocument content if it's difficult to rectify strange differences with corner cases like that. Thanks! On Sunday, September 28, 2014 12:29:29 PM UTC

Re: [ansible-project] docker module is not upgrading my container

On Mon, Sep 29, 2014 at 1:53 PM, Jazzed wrote: >>> >> Assuming that: >> 1) The kill old container task isn't supposed to be present in the second >> example >> 2) The snazzy/cyweb container is running a long running process >> 3) Manually running docker's tools does something similar >> >> I think

Re: [ansible-project] docker module is not upgrading my container

Thanks for that explanation, Toshio. That helps things a lot. And thanks for tracing through the code too! If this is just a bug, then a fix would be nice. What I was hoping for is for the docker module to detect a new version is available. Then I could do a dry-run and check if any of my d

Re: [ansible-project] Monit/CollectD - Best Approach?

We're rolling this out now - way I've done it is to make a collectd role that does universal checks (CPU, memory etc) and enables the include directory. That roles defaults/main.yml also defines things like the path to the include directory, handlers/main.yml defines a 'bounce collectd' handler and

Re: [ansible-project] Re: IMPORTANT HEADS UP: If running from devel branch, now using submodules

Hi Adam, I'm sorry you feel that way, naturally we've tried to communicate this as much as possible along the path, as well as the comments on all the tickets (and yes, my fingers are sore from doing it -- as I didn't want to lose time with the github script) are a big part of that. I think we've

Re: [ansible-project] Conditionals with facts

Thanks, that was very helpful :) Rich On Monday, September 29, 2014 6:18:32 AM UTC-7, Michael DeHaan wrote: > > > > On Sun, Sep 28, 2014 at 6:48 PM, Rich Burroughs > wrote: > >> Hi, >> >> We use Puppet when I work and we've done a bit of orchestration with both >> Mcollective and Fabric. I'm