On Thursday, May 6, 2021 at 12:44:52 PM UTC-7 David Reagan wrote:
> > Why do you think the module should be in community.general?
> Because that is where I found seport.
> https://github.com/ansible-collections/community.general/blob/main/plugins/modules/seport.py
>
> (Or, now t
> Why do you think the module should be in community.general?
Because that is where I found seport.
https://github.com/ansible-collections/community.general/blob/main/plugins/modules/seport.py
(Or, now that I look at that file, thought I had found seport.)
> Do you have Ansible installed, and n
The seboolean module has apparently disappeared from Ansible 2.10. It also
doesn't exist in community.general.
I couldn't find any documentation saying it was deprecated.
Is there a replacement?
Example playbook:
```
- hosts:
- centos
tasks:
- name: "seboolean"
seboolean:
name: httpd_c
Hey all,
I just thought of a very edge case use for Ansible that would work well if
I could run it via Docker. When I looked for an image, I found that
ansible/ansible hasn't been updated in 3 years.
Before I commit to just installing it inside an Ubuntu image, I thought I'd
confirm that ther
Thanks! That got me to where I wanted.
- David
On Wednesday, August 7, 2019 at 11:58:26 AM UTC-7, Kai Stian Olstad wrote:
>
> On 07.08.2019 20:07, David Reagan wrote:
> > How can I return a list from a dict based on a sub items value?
> >
> > If I hav
eally dislike tasks that always say they've changed when
running a play. I prefer it to stay idempotent as possible.
On Wednesday, August 7, 2019 at 11:07:33 AM UTC-7, David Reagan wrote:
>
> How can I return a list from a dict based on a sub items value?
>
> If I have
How can I return a list from a dict based on a sub items value?
If I have a dictionary like this:
ospackages:
> fail2ban:
> state: "present"
> Ubuntu:
> 1604: "fail2ban"
> 1804: "fail2ban"
> Debian:
> 9: "fail2ban"
> CentOS:
> 7: "fail2ban"
> OracleLi
I have encrypted some of my host_vars data using ansible-vault. The data is
encrypted properly. What is odd is that when I run the playbook that uses
the data, the data is output, in plaintext, to the console.
It does this when the task has changed, and when the task hasn't changed.
Is that ex
PLAY RECAP
>
> bionic : ok=3changed=1unreachable=0
> failed=0
>
>
>
> From you question it
Can anyone clarify how the validate option of the template module works? I
have deliberately configured apache with invalid configuration. On the
command line `apache2 -t -f /etc/apache2/apache2.conf` fails with a syntax
error. But the template module, configured with `validate: 'apache2 -t -f
Is there an easy way or tool to check what versions of Ansible a role is
compatible with?
I have several roles I'm considering adding to Ansible Galaxy. I'd like to
have as accurate of a version requirement as I can. But I also do not want
to take the time to install Ansible a whole bunch of ti
Using a lookup or not, the hash_behaviour stays unchanged. Also there
is a filter dict2items that you might want to use instead of the
lookup.
--
- David Reagan
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from
According to this blog post:
https://www.ansible.com/blog/loop-plays-past-present-future with_dict is
going away. All my roles rely heavily on `with_dict` and `hash_behaviour =
merge` merging to avoid configuring the same values over and over again. If
I need to add or override a value, I just
allows sign on with github, google, etc.
On Monday, February 19, 2018 at 8:46:43 AM UTC-8, Kai Stian Olstad wrote:
>
> On Sunday, 18 February 2018 21.34.38 CET David Reagan wrote:
> > I did a search, and I think the last time switching from mailing lists
> to a
> > forum was d
t.
>
> -Toshio
>
> On Feb 18, 2018 12:34 PM, "David Reagan" >
> wrote:
>
> I did a search, and I think the last time switching from mailing lists to
> a forum was discussed was in 2014 here:
> https://groups.google.com/d/topic/ansible-project/3NkSXNxULFw/di
I did a search, and I think the last time switching from mailing lists to a
forum was discussed was in 2014 here:
https://groups.google.com/d/topic/ansible-project/3NkSXNxULFw/discussion
Can Ansible consider switching from Google Groups to a Discourse instance?
Elastic.co did so. It seemed like
Thursday, 11 January 2018 21.49.33 CET David Reagan wrote:
> > It's obviously got to be something on my remote server causing this. But
> > I'm at a loss as to what more I can check...
> >
> >
> >
> > On Thursday, January 11, 20
e vagrant vm to not work either.
It's obviously got to be something on my remote server causing this. But
I'm at a loss as to what more I can check...
On Thursday, January 11, 2018 at 11:11:32 AM UTC-8, David Reagan wrote:
>
> Oh fun, I get to be weird...
>
> # dpkg --fi
Of course, a 14.04 vagrant vm doesn't display this behavior.
Could the package version get cached somewhere and Ansible is just reading
the wrong version?
Any other ideas?
On Tuesday, January 9, 2018 at 11:09:51 AM UTC-8, Kai Stian Olstad wrote:
>
> On Tuesday, 9 January 2018 19.33.29
Changing to force: no and update_cache: no did not make a difference.
force: yes and update_cache: no also did not make a difference.
It seems to me that, maybe, the apt module isn't able to see the version of
the .deb file is the same as the installed version. How does the apt module
check the
Every single time I run a task that installs a .deb file, the apt module
reinstalls the file. Even when the file has not changed since the last run.
Specifically, on the remote machine, I have uploaded a file to
/mounts/share/package_staging/duplicati.deb. I copy the file from my local
machine
Ah, that makes sense. Thanks!
--David Reagan
On Tue, Jul 7, 2015 at 1:19 PM, Brian Coca wrote:
> status will be OK in both cases, you need to look at changed : true/false
>
> On Tue, Jul 7, 2015 at 2:26 PM, David Reagan wrote:
> > With some work I have almost exactly w
here a way to change that?
--David Reagan
On Mon, Jul 6, 2015 at 5:37 PM, David Reagan wrote:
> The default log_plays doesn't actually output all the information I need.
>
> I have lots of stuff going to syslog and then into ELK already, but in
> this case, I figured I'd jus
ns, a similar error pops up for me. Or at least it used to. Been
a while...
--David Reagan
On Tue, Jul 7, 2015 at 1:57 AM, Anthony Green <
anthony.charles.gr...@gmail.com> wrote:
>
>> GATHERING FACTS
>> *
to filter it at all.
Currently, I figured out how to get valid json out per line. But I'm stuck
figuring out how to get the task name, the role name, and the command line
command information.
Are there global vars I can reference from the plugin? Where could I find a
list of them?
--David R
I'm starting to run playbooks automatically via a push server. Basically
emulating what you can get with Puppet. As part of that, I'd like to send
the output of my cronjob playbooks into my ELK stack. Which is hard to do
when the default output is so unreadable.
Here's effectively what I want t
Can we get that order documented?
--David Reagan
On Fri, Jun 26, 2015 at 6:22 AM, Brian Coca wrote:
> Within the groups there is also a order (which is not documented in
> that paragraph above), 'all' is the least precedence, and then groups
> in the order read/load
Ansible docs say:
* extra vars (-e in the command line) always win
* then comes connection variables defined in inventory (ansible_ssh_user, etc)
* then comes "most everything else" (command line switches, vars in play,
included vars, role vars, etc)
* then comes the rest of the variables defined
, and runs them.
What am I missing?
--David Reagan
On Sun, Jun 7, 2015 at 1:16 AM, Anand Buddhdev wrote:
> On Thursday, 4 June 2015 22:34:33 UTC+2, David Reagan wrote:
>
> Hi David,
>
> We had the same issue, where we didn't like our entire git repository
> exposed on all
Would a sparse checkout or using git-archive prevent an attacker from
simply initiating a pull of the repo without those options, so that they
can get everything.
--David Reagan
On Fri, Jun 5, 2015 at 8:48 AM, Brian Coca wrote:
> So there are several aproaches to this:
>
> - making a
So, two repos? One with passwords in it, another without?
--David Reagan
On Thu, Jun 4, 2015 at 11:47 PM, Mirko Friedenhagen wrote:
> Hello David,
>
> I am using push right now exclusively and thought about ansible-pull as
> well.
>
> My idea was to tag all tasks which nee
ansible-pull checks out your entire project repository, then runs whichever
playbook you tell it to. That repo is basically a map to your entire
infrastructure.
So, how do you ensure a compromised server doesn't reveal all that
information to an attacker? (With the assumption that the attacker
I have a shell task that registers data that looks similar to:
"stdout_lines": [
"username\tuserem...@domain.tld",
"username\tuserem...@domain.tld",
"username\tuserem...@domain.tld",
"username\tuserem...@domain.tld",
...,
]
What I'd really like to end up with is a variable tha
See http://pastebin.com/QWSu641w for the testing playbook I've been using.
Basically, I have several vars that I need to place inside a json string.
The output should look something like:
{"indices": "testlogstash-2014.04.14","ignore_unavailable":
"true","include_global_state": false,"partial"
e have a better suggestion?
Or at least have the same issue and found this useful?
On Wednesday, March 25, 2015 at 2:53:52 PM UTC-7, David Reagan wrote:
>
> So, I'm running into an issue with variable precedence. I'd appreciate any
> feedback. Apologies for how long this is, I
So, I'm running into an issue with variable precedence. I'd appreciate any
feedback. Apologies for how long this is, I'm trying to make sure
everything is clear.
First, I set ```hash_behavior=merge``` in my ansible.cfg file. This lets me
avoid having to repeat configuration across hosts, roles,
920775e8877b1fb9e2ae750a23bcc7e9534
>
> Which dates the change back to v0.9
>
> My recommendation is to not put ansible_ssh_pass in your inventory.
> Instead just specify it as an argument (-k) on the command line the first
> time you bootstrap a machine. That is what we do, and
now. Go figure...
--David Reagan
On Sat, Jan 17, 2015 at 8:48 PM, Tom Bamford wrote:
> Hi David
>
> I’m also using zsh although usually only source env-setup when I need it.
> If I do source it from ~/.zshrc, it doesn’t change my working directory.
>
> Does adding set -x to th
I really need to set?
--David Reagan
On Fri, Jan 16, 2015 at 3:13 AM, Greg Andrews wrote:
>
> On Thu, Jan 15, 2015 at 4:57 PM, David Reagan wrote:
>
>> A while back, after updating to the latest code, my terminals started
>> cd'ing into ~/vendor/ansible whenever I crea
So, I'm not sure this is an Ansible issue, but it might be, and I bet some
of you could help me fix it anyway.
I'm running Ansible from source. As described here
http://docs.ansible.com/intro_installation.html#running-from-source I have
the repo in ~/vendor/ansible
A while back, after updatin
e tip.
--David Reagan
On Thu, Dec 11, 2014 at 7:41 PM, Brian Coca wrote:
>
> if you need a GUI, firewall builder http://www.fwbuilder.org/ is a
> desktop app that can generate iptables rules (among others), you can
> use it to get the commands for your templates.
>
> Though iptables
recommend?
Since the obvious route to solve my problem is to suck it up and learn
iptables...
Thanks!
--David Reagan
On Tue, Oct 8, 2013 at 8:09 AM, Michael DeHaan
wrote:
> Generally speaking, I like to do the following with iptables
>
> {% if 'webservers' in group_names %}
x27;t available.
--David Reagan
On Wed, Nov 5, 2014 at 1:08 PM, Matt Martz wrote:
> If you have ansible_ssh_pass set, ansible explicitly sets "-o
> PubkeyAuthentication=no" which disables the use of SSH public key auth.
>
> On Wed, Nov 5, 2014 at 2:35 PM, David Reagan wrote:
>
&
When I'm first setting up a vm, I need to set which user to use and the ssh
and sudo passwords.
So, my host file looks something like:
[apache]
> 192.168.77.2 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant
> ansible_sudo_pass=vagrant
> [mysql]
> 192.168.77.3 ansible_ssh_user=vagrant ansible
In that case, I'll just leave it set to use scp.
Thanks for the help! :)
--David Reagan
On Fri, Sep 12, 2014 at 1:47 PM, Michael DeHaan wrote:
> Basically none.
>
> Sometimes sftp is disabled.
>
> I offhand can't remember why we didn't just scp every time - bu
scp_if_ssh=True made it work. Weird, very weird.
Is there any major difference between using sftp vs scp?
--David Reagan
On Fri, Sep 12, 2014 at 1:35 PM, Michael DeHaan wrote:
> If using the SSH connection (which you are by default) you could consider
> toggling SFTP/SCP in ansible.c
t;
> You may need to set ANSIBLE_KEEP_REMOTE_FILES=1 in your environment to
> keep it around.
>
>
>
> On Fri, Sep 12, 2014 at 3:58 PM, David Reagan > wrote:
>
>> /tmp on host1
>> > drwxrwxrwt 45 root root 4096 Sep 12 11:26 tmp
>>
>> /tmp on host2
>> &g
/tmp on host1
> drwxrwxrwt 45 root root 4096 Sep 12 11:26 tmp
/tmp on host2
> drwxrwxrwt 47 root root12288 Sep 12 12:55 tmp
root is blocked from ssh.
--David Reagan
On Fri, Sep 12, 2014 at 12:21 PM, Michael DeHaan
wrote:
> Can you show /tmp permissions?
>
> Also ma
When running a playbook, I get "Couldn't read packet: Connection reset by
peer" error.
For playbook, command, and - output see: http://pastebin.com/VgAuvrct
Ansible works fine on host1, but I get the error on host2.
If I just use ssh on the command line, both hosts work fine.
I've triple
In ansible.cfg I have set hash_behaviour=merge
In group_vars/all.yml
aspects_monit_local_probes:
> localresources: |
> check system {{ ansible_hostname }}
> if loadavg (1min) > 4 then alert
> if loadavg (5min) > 2 then alert
> if memory usage > 75% then alert
> if sw
Thanks. When I was initially working on my ansible role, I wasn't stopping
snmpd before editing the conf file. So, once I copied how you are doing
things, it started working. :)
--David Reagan
On Tue, Aug 19, 2014 at 8:03 AM, wrote:
> I know this is an old thread, but it came up i
to the elasticsearch group and Google to see how
others have avoided clobbering their clusters when updating config. :)
Thanks for all the responses so far.
--David Reagan
On Thu, Jul 24, 2014 at 11:05 AM, Michael Peters
wrote:
> On Thu, Jul 24, 2014 at 11:54 AM, David Reagan wrote:
>
>
}}
> - service: name=foo state=restarted
I did think of something like that, but then my playbook would end up
waiting that long to be finished, and I'm not sure how to get the rolling
restarts I want.
Hmm... Maybe waiting to end the playbook is actually a good thing. I'll
have to
Specifically, an elasticsearch cluster, but doing this the right way would
also apply to other kinds of clusters, like RabbitMQ or Redis.
I'm using https://github.com/LaneCommunityCollege/aspects_elasticsearch to
manage my elasticsearch cluster. Currently, if I modify the configuration
settings
As far as I can tell, I need to add the EPEL repositories in order to
install facter on CentOS.
Am I right?
So far, the only way to install the EPEL repo I have found is to download
the rpm for it, and then use rpm to install it. Not something I really want
to do every time I run my playbooks
not one of my strong points.
Ignore the rest of the project, I still have a ways to go before I think
others should use it. Especially since galaxy.ansible.com now exists.
--David Reagan
On Sat, May 10, 2014 at 2:41 AM, 'Petros Moisiadis' via Ansible Project <
ansible-project@goog
See pastebin http://pastebin.com/MT3Y7WCJ for tasks and output. It's long.
The section that concerns me is:
>
> Chain ufw-user-input (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:http
> ACCEP
I've been trying to use replace to replace config lines in a config file
that I have good reasons not to template.
Specifically, it's php associative array. Thus, I need to be able to match
lines that contain quotes.
So far, I can't get it to work.
I eventually pulled the essentials out of m
retty sure I should, but I'm not sure
what to...
--David Reagan
On Tue, May 6, 2014 at 12:27 PM, David Reagan wrote:
> tl;dr: is there a way to make with_subelements work with dicts? Or
> something to that effect?
>
>
> I've been trying to figure out how to run a task ov
tl;dr: is there a way to make with_subelements work with dicts? Or
something to that effect?
I've been trying to figure out how to run a task over a dict, that also
loops over a nested dict in order to run the actual commands.
So far, I haven't figured out how to use with_items, with_dict, or
I was just looking to do the same thing. Michael's post clued me into what
I was missing.
Specifically, I hadn't realized you can list your hosts more than once in
the hosts file. That makes a site.yml file similar to:
- hosts: roleA
roles:
- roleA
- hosts: roleB
roles:
- roleB
W
Yeah, I've tried that. Didn't work. Maybe I did it wrong... Hmm...
In the default snmpd.conf file that Ubuntu installs, it says NOT to put
those lines in that file. So...
--David Reagan
On Wed, Jan 29, 2014 at 10:32 AM, Adam Morris wrote:
> Not yet, but that might be something
Hey all,
I've been looking into managing snmp via ansible. Setting the
/etc/snmp/snmpd.conf file is simple enough. Just a template call.
It's setting up a snmp v3 user that has me stumped. To do so, I run
"net-snmp-config --create-snmpv3-user", then follow the prompts.
I haven't tried it yet,
Thanks! That worked.
Also had to add:
name="{{ item[1].name }}"
to the cron task.
--David Reagan
On Tue, Jan 7, 2014 at 2:16 PM, Michael DeHaan wrote:
> Looks like you should quote the job parameter
>
> job={{ foo }}
>
> becomes
>
> job="{{ foo }}"
I'm trying to make a task that takes a dict of cronjobs, passes the dict
through dictsort so that it is a list, the goes through that list via
"with_items" to add each cronjob. For some reason, the job= variable gets
screwed up. It comes through as a full string in the debug message, but
gets s
Would force=yes overwrite the symlink that already exists?
--David Reagan
On Tue, Dec 31, 2013 at 4:22 AM, Michael DeHaan wrote:
> force=yes is available for such things.
>
> There have been some recent refinements depending on what version you are
> using, but you didn't spec
With some help from IRC, I ended up checking for the paths with the stat
module. Sadly, the only way that worked was to make 2 tasks per path. Glad
I only had a few to check...
On Monday, December 30, 2013 3:47:08 PM UTC-8, David Reagan wrote:
>
> I have a task that creates a directory.
I have a task that creates a directory. On one server, that directory
already exists, but is a symlink. So ansible says the task failed when it
runs. The message: "msg: refusing to convert between link and directory for
None". Is there a way to tell ansible that a symlink is ok for that task?
O
ly tested it on a vagrant vm, so
I don't really have anything to share. But at least you all know it's
possible. :)
--David Reagan
On Fri, Nov 22, 2013 at 12:04 PM, Gonzalo Sainz Trápaga
wrote:
> It seems there is an iptables frontend called "ferm" that does the trick
69 matches
Mail list logo