Lines 77-79 and 107-110 would be the ones I would change. Using Modules is
cleaner, and more predictable typically.
Have you confirmed the user specific settings for the ansible user on the
remote host? The per user alternative may be different than the system.
--
You received this message becau
various points by changing the variable with set.
https://eengstrom.github.io/musings/ansible-sudo-var
On Thu, Feb 22, 2024 at 7:28 AM Dick Visser wrote:
> On Wed, 21 Feb 2024 at 20:53, Evan Hisey wrote:
>
>> Why not use the "-K" when launching ansible-playbook? That will t
That is a Rhel7 to RHEL 8 change. The default python in REHL7 is Python 2.7
while RHEL 8 is python3.6. I would also consider moving the subscription
tasks to community.general.redhat_subscription module. That is should
automatically change python version, but you may need to disconnect and
reconnec
Why not use the "-K" when launching ansible-playbook? That will trigger
prompting fo the sudo password securely.
On Wed, Feb 21, 2024 at 3:53 AM Dick Visser wrote:
> Hii,
> I would like to have a playbook trigger the asking of the become password,
> but I couldn't find how to do it.
> Is there
024 at 03:45, Evan Hisey wrote:
>
>> Why would you not want to be running the MS AD modules against a
>> dedicate Windows AD management server? Understandably to tno run on an
>> actual AD server, but most Windows domains have a dedicated
>> Management/Utilities ho
Ashok-
Just to state the obvious, because it can trip you up. Was the space you
cleared available to/under /home/ansible? I have seen this be a symlink to
other locations than what you expect, and also seen this error when you hit
quota limits on the user which can also trigger against privilege
Ricardo-
I would also recommend changing how you are sending the json to the
playbook. I have done this a lot in AWS and found it is much cleaner to
either A) use a variable group file, or B) pass it via a parameter file.
Both methods help avoid some of what Todd is referring to.
On Sat, Jan 13,
d another
> tool/set of modules that can run on Linux.
>
> On Wednesday, January 3, 2024 at 8:15:34 AM UTC+10 Evan Hisey wrote:
>
>> Why would you not want to be running the MS AD modules against a
>> dedicate Windows AD management server? Understandably to tno run on
Why would you not want to be running the MS AD modules against a dedicate
Windows AD management server? Understandably to tno run on an actual AD
server, but most Windows domains have a dedicated Management/Utilities host
for doing things like this. All the Microsoft AD community modules require
the Vagrant file? And ideally playbook.yml?
>
> I have this working precisely as expected, you just need to ensure that
> the if statement is nested at just the right point in the Vagrantfile.
>
> On Mon, 27 Nov 2023 at 17:44, Evan Hisey wrote:
>
>> Will-
>> Looks like ev
deally playbook.yml?
>
> I have this working precisely as expected, you just need to ensure that
> the if statement is nested at just the right point in the Vagrantfile.
>
> On Mon, 27 Nov 2023 at 17:44, Evan Hisey wrote:
>
>> Will-
>> Looks like even with the cluster limi
, it has given me an interesting ideas to try.
On Sun, Nov 26, 2023 at 3:06 PM Evan Hisey wrote:
> Will-
> That was exactly the issue. I will give the bottom solution a go. I think
> that will work, I will need to play with generating the group, but I think
> t I can make it work
luster membership role as a custom
>> fact
>> copy:
>> content: |
>> {'cluster_role':'{{ cluster_role }}'}
>> dest: /etc/ansible/facts.d/cluster.fact
>> mode: 0644
>> owner: root
>&g
For about 90% of the STIG settings, you can use the openscap workbench and
it will dump you and ansible option for the STIG setting. Your probably
don't want to use the full stig raw Ansible dump (it is scary, like real
scary). But it is great for finding individual settings.
On Tue, Nov 14, 2023
27;s an obvious error in
> your Vagrantfile it could be a simple fix rather than an edge case.
>
> cf:
> -
> https://manski.net/2016/09/vagrant-multi-machine-tutorial/#multi-machine.3A-the-clever-way
> -
> https://developer.hashicorp.com/vagrant/docs/provisioning/ansibl
, Nov 25, 2023 at 3:55 PM Evan Hisey wrote:
> Vagrant is behaving fine, so not a vagrant specific problem. It is a task
> problem. I need the vagrant hosts fully installed first because I have to
> collect data from all 3 at once before deploying the software, and during
> software deplo
t; niche Vagrant provider problem.
>
> Can you share a sample Vagrantfile that's not behaving as it should and
> details of the target OS of the Vagrant host, and the virtualisation
> provider you're using?
>
>
> On Sat, 25 Nov 2023 at 19:30, Evan Hisey wrote:
>
&
How is your playbook handling the login? and who is it login is as?
On Wed, Nov 22, 2023 at 2:26 AM Prady A wrote:
> Hi experts
>
> I am trying to execute my template from AAP 2.3. But getting an access
> denied error from my private automation hub. Any suggestions pls ?
>
> error: initializing
your Vagrant boxes
> then run your subsequent Vagrant Ansible provisioner automation?
>
>
>
> On Sat, 25 Nov 2023 at 18:20, Evan Hisey wrote:
>
>> I am working on a scenario where the first playbook executes commands on
>> a remote host to create a vagrant host and spins u
Zdenek-
Quick question on your pull request, possibly missing the obvious. I see
you use loop_control to set the outer loop variable on the roles. My
understanding is the the roles would be a different namespace for the
loops, so not interfere with the {{ item }} for the control loop, so was
thi
ng at the possibility of using ansible.builtin.shell
to trigger the new ansible-playbook command on the vagrant host to run the
vagrant VM application configuration. But while this works it is not
exactly ansible clean. Suggestions on approaches?
--
Evan Hisey
ehi...@gmail.com
--
You received th
Honestly sounds less like an ansible task and more like a git action or git
runner job. Ansible natively has no idea what is in the git repo.
On Thu, Nov 16, 2023 at 7:47 AM Ashok Reddy wrote:
> Hi,
>
> I have been trying to implement the following:
>
> If any file change in git lab repo, then o
What is the simple playbook? The issue is definitely in the ssh connection.
Does demouser actually exist on the target host and is the target host the
same?
On Mon, Aug 28, 2023 at 1:39 PM Amit Kumar wrote:
> Simple playbook with only debug works but this does not work
>
> On Tuesday, August 29,
re is no mandatory password. You can definitely use
> become sudo without a password normally and not have a password set.
>
> On Monday, August 21, 2023 at 12:19:26 AM UTC+10 Evan Hisey wrote:
>
>> Using ssh_extra_args does not solve the issue. There is already 2 other
>> met
est/collections/ansible/builtin/ssh_connection.html
>
> On Sunday, August 20, 2023 at 11:38:46 AM UTC+10 Evan Hisey wrote:
>
>> Pierre-
>> That was the missing bit. This is definitely an issue in Ansible that
>> probably needs to be addressed.
>>
>> On Sat, Aug 19, 2023 at 12:3
-authentication-with-ansible/>
> mentions that you'd need to set ansible_become_pass var somewhere with a
> potential dummy value. Give it a try !
>
> Le mercredi 16 août 2023 à 22:32:21 UTC+2, Evan Hisey a écrit :
>
>> So I have been doing some rsa-key based to factor authenti
***
10.0.0.18 : ok=0changed=0unreachable=0failed=1
skipped=0rescued=0ignored=0
I have tried several options, and assume it is going to end up being
something in the SSH connection options to get this working beyond using
"ForwardAgent=Yes&quo
udo yum update -y
> (W.X.Y.Z is the IP of the bastion and the bastion hostfile have the
> worker1 IP tied to worker1 hostname)
>
> In my inventory file, I also set the following under [all:vars]:
> ansible_ssh_common_args='-q -i node-identity -o ProxyCommand="ssh -q -i
>
tem_upgrade_reboot != 'never'
>> reboot:
>>
>> It doesn’t work (well, the system does get updated but the yum module
>> hangs and the role ends up in error).
>>
>> For sake of completeness, this started as an issue with a new role added
>> to Kube
> For sake of completeness, this started as an issue with a new role added
> to Kubespray <https://github.com/kubernetes-sigs/kubespray/pull/10184>.
> There are other details in the latest pull request comments that could help
> to get the full picture. But in the end, even with a
Check the host and see what happens on a full manual update. I have had
issues with ansible when the yum command was hanging on a host do to a
local issue with updating. Single packages were fine, but a full host
update failed. I had to resolve the full update issue on the host.
On Wed, Aug 9, 202
Nguyen Duc
wrote:
> Technically csv doesn’t support multiple tabs so it is not able to achieve.
>
> Thanks and Best Regards,
>
> Thanh.
>
> On 9 Aug 2023, at 19:39, Aharonu wrote:
>
>
> Hi Evan Hisey,
>
> Thanks for your response.
>
> It is end user req
Try starting with reviewing the problem the solution is trying to solve.
Why does it have too be two tabs? Is it a technical requirement or just a
preference? What will be consuming the data? Can it be used as two cvs?
On Wednesday, August 9, 2023 at 6:56:50 AM UTC-5 Aharonu wrote:
> Thank you.
Can you share how you are doing it? Realmd should be a straight forward
join as shell command.
On Thu, Aug 3, 2023, 1:20 PM Thiru2 explore wrote:
> Hi Team,
> In our Linux environment we use AD (openldap) user authentication, in that
> how can we add host for auth.. However we tried with become-
Something that was done at current job was use the last 5 digits of the mac
address was a prefix for the host names. The mac pretty much guarentees a
unique name with added bonus of assisting network finding on the network
when there is a connectivity issue
On Wed, Aug 2, 2023, 8:56 PM Prady A w
The error is in the user space of the controller. Be sure that
/home/osboxes/drop/id_rsa.pub and has the correct permission set, which
should be -rw-r--r--
On Tue, Aug 1, 2023 at 10:32 AM Valentin1919
wrote:
> i have a playbook with a task that should fetch me the content of a file
> on host 1 l
t;
On Fri, Jul 28, 2023 at 10:21 AM Prady A wrote:
> Thank you both of you and code .
> I ll try to simplify it. since the module is already we are using in
> different program, i reused it.
>
>
> Regards
> Prady
>
> On Sat, Jul 29, 2023 at 0:18, Evan Hisey wrote:
>
&g
This seems massively complicated for a simple shell command to send an
email. ON top of that you are attempting to break the
anisble.builtin.script module by forcing it to run on the localhost
(controller) rather than the target. Better option would be to just use
the either the command module and
Right, this why I liked Puppet for drift control critical things. And
something I also transferred to Ansible. To avoid hard drift correction, I
find you need atleast daily config reset. On developer facing systems, I
have found going as often as an hour to as little as 30 min, is important
to catc
For drift control I don't find ansible the best tool when compared to
something like Puppet in this role. However if drift control is important,
that is were Tower/AWX or Satellite (ir pure RHEL based) start to shine.
You can setup a scheduled application of playbooks to always ensure the
configura
On Mon, Jun 26, 2023 at 8:06 AM Himanshu Kaushik <
himanshukaushik...@gmail.com> wrote:
> Hi,
>
> Evan coming to your reply regarding the header section (hosts, connection,
> gather_facts, etc) and tasks section. this all I've included in another
> playbook and calling this bigger playbook from th
t; done on the server :-(
>
> Regards
> Ciao
>
> Il giorno giovedì 22 giugno 2023 alle 17:42:23 UTC+2 Evan Hisey ha scritto:
>
> AWX/Ansible Tower is designed to work with a Git repo or other Source
> Control holding each "project" via URI. In general this is also the
>
AWX/Ansible Tower is designed to work with a Git repo or other Source
Control holding each "project" via URI. In general this is also the
simplest way to handle things. There is an option to use "manual" loaded
projects but requires hand loading the playbooks into the tower container.
To do this
Looks like you are missing the entire start of a playbook. Is this a role
or an include? If not need to set up the header section (hosts, connection,
gather_facts, etc) and tasks section.
On Tue, Jun 20, 2023, 8:44 AM Himanshu Kaushik
wrote:
> Hi,
>
> Greetings!
>
> Can anyone please help me if
You need to be careful with using /tmp as teh remote tmp directory on
selinux systems. You can end up doing weird stuff to to your permissions
there when ansible things that is the home directory. Have you made sure
the permissions are good.
On Fri, Nov 11, 2022 at 10:04 AM dulhaver via Ansible Pr
Can you confirm the decrypted key is valid by direct ssh? Hard to tell for
sure but that looks like the target host is rejecting the key format. Not
all key formats are accepted by all targets. I have run in to this with
Github and Tenable Scanners.
On Sun, Oct 2, 2022 at 6:15 AM jer...@gmail.com
In a follow up to you line of thought, this really looks a variable (in the
example) better handle by usin ansible vault than a variable file. It was
designed for things like passwords.
On Fri, Sep 16, 2022, 7:59 PM Todd Lewis wrote:
>
>
> On 9/16/22 10:23 AM, Brian Coca wrote:
>
> vars_files:
>
Sure. That is the purpose of groups. You can but the entire network in a
single inventory, solit it up by groups and groups of groups, then run play
books only against the groups you want. You can also build them on the
fly.
You can also mix that with logic loops in the playbooks to skip certain
If hosts are not in the inventory then they dont exist for Ansible. Group
variables are different than host variables, by the way.
On Fri, Sep 16, 2022, 1:41 PM Dick Visser wrote:
> Ok thanks for clearing this up.
> Just to be sure: it is not possible to access variables for hosts that are
> not
Honestly this sounds more like a need to revisit how you are handling
variables. You are creating a scoping issue with the current approach. The
all group is were things should live that might need to be accessed by
multiple groups. Specific subgroups are for scope specific variables, so
really sho
Leandro-
The best solution is let Ansible do the hard work instead oi trying to
parse the out put for failures, setup an error trap for failures that
captures them in a report. Then email this repot to someone or drop the
report in an bucket or Jenkins process to be acted on. Add bonus of doing
t
Sounds like good use of Tower callback function. That way Tower does not
have to know anything about the new host. Just be sure the windows image is
configure for ansible, and then use either a cloud_init or or a first run
script to execute the callback.
On Fri, Jul 29, 2022, 12:18 PM Wei-Yen Tan
Funny this came up, as I just finished a playbook that bounces keys several
times. There are 2 variables you can use in the playbook itself and can be
changed using set_fact:ansible_private_key_file, and
ansible_ssh_private_key_file. Used with the ansible_user or
ansible_ssh_user variables it can b
Can you give a little more detail on the setup? Since you a re referring to
powershell, I am assume the Jumpbox is windows, so you are going to have
to start an ssh connection to a linux host that is running ansible-core to
start a run.
On Thursday, January 20, 2022 at 8:48:20 AM UTC-6 vina..
If I am reading this correctly the text file is just "root". This will
never match the telnet.setting, as is it will be either "disable no" or
"disable yes". Is this the intended comparision?
On Friday, January 21, 2022 at 3:01:36 AM UTC-6 marian@gmail.com wrote:
> As per my role [root@ansi
IS the address really 2.2.2.2? and can you show a the playbook?
On Friday, January 21, 2022 at 3:11:41 PM UTC-6 inorang...@gmail.com wrote:
> Do you tried add/increase timeout or gather timeout value in your
> ansible.cfg?
>
>
> https://docs.ansible.com/ansible/latest/reference_appendices/confi
I would say you are 95% done. You are just missing a loop and list of
lists. Looking at the snippet, I think you may be making life a touch more
difficult than needed. Are you writing a role or a playbook? What is your
programing/ansible experience level? I see a similar mistakes in other
email
Are you connecting to a Cisco network device? If so this commend will fail,
as the you need to you a different method of connecting an execution since
Cisco switches don't support python.
On Thursday, January 20, 2022 at 12:54:17 PM UTC-6 dick@geant.org wrote:
> The quoting was to make it c
58 matches
Mail list logo
