For everyone who's about to reply, "docs.ansible.com", please don't... I'm
asking about docs actually installed and available on the local system,
with no Internet connectivity.
ansible-doc has lots of great info for modules. I'm aware of and use it.
But what about documentation for core
I have a master playlist, global.yml, in which I specified hosts, become,
and includes for different OSes That worked fine until I went to add
handlers. In my included playbooks, I did something like:
- handlers
- name: handler 1
etc etc
- tasks:
- name: Task 1
etc etc
At that
Darn it, I forgot all about handlers!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group,
then compare that timestamp with the current timestamp as your last
> operation.
> In the general case, I think you need to use a register with a boolean for
> each operation that can trigger your final action.
>
> On Monday, 12 December 2016 19:06:18 UTC, John Oliver wr
My little playbook:
- hosts: all
become: true
become_user: root
become_method: sudo
tasks:
- name: Update McAfee virus definitions
shell: /opt/McAfee/LinuxShield/bin/nails task --run 1
register: result
- name: Update McAfee virus definitions 2
shell:
Let's say I have a playbook that looks for and changes lines in sshd_config
if necessary. Then I want the sshd service to be restarted only if at
least one of those actions has taken place. Is there a way to evaluate for
that without registering a variable for the completion of each and every
I'd like get ansible installed on Macs that are not connected to the
Internet. I've downloaded the tarball and am trying to install it on one
that is connected to the Internet to find everything I need, but am getting
a raft of errors. I need to be able to find and install all dependencies
joliver@flamingo ~ $ ansible-playbook -u joliver.sa -K deploy_checklist.yml
SUDO password:
PLAY [aria]
***
GATHERING FACTS
***
ok: [aria]
TASK: [command mkdir {{
Yup! Believe me, before I posted, I was following that thread. For a
little while I hadn't enquoted the variable, and that caused a problem.
STIG Results is definitely a real directory that's actually in my home
directory, and not a symlink or anything like that. But I can reproduce
this
I'm using a variable to specify a relative path to where I want my output
written. It looks like ansible can figure out what I'm telling it, but
then cheerily ignores me and writes to /tmp :-)
vars:
local_dest: ~/STIG\ Results/
- name: Retrieve result
fetch: src=/tmp/{{ dest_file
ansible 1.9.0.1
- name: Get java version
script: /tmp/javaver.sh
register: java_ver
- name: Touch test file
copy: dest=/tmp/{{ java_ver.stdout }}
content=test
TASK: [Show output from installer]
ok: [flamingo] = {
msg:
Nice! However, your regex is also killing the underscore, and I need that.
I'm starting to monkey around with this, but I just don't know jinja, and
I bet you'll have the right magic sauce before I can puzzle it out :-)
Thanks!
On Friday, May 8, 2015 at 2:45:21 PM UTC-7, Matt Martz wrote:
I want to register a variable with my java version. I can get that with:
java -version 21 | head -1 | awk 'BEGIN { FS = \ } ; { print $2 }'
That gives me the result I want: 1.8.0_45
But I cannot make this happen in ansible :-( I'm going crazy with quotes
and escapes. I've tried:
- name:
I guess.
I would suspect an incorrect / incomplete / broken tar archive.
How about re-creating the archive and trying again with that?
On Wednesday, May 6, 2015 at 9:59:37 PM UTC+3, John Oliver wrote:
ansible 1.9.0.1
- name: Untar DoD certificate installer
unarchive: src
the
ability to set permissions on those files.
On Thu, May 7, 2015 at 1:24 PM, John Oliver jno...@gmail.com
javascript: wrote:
That's the problem... there is no such file in the tarball. I can
extract it manually just fine. So why does ansible believe that this file
exists? It has to be getting
This is odd. I can ssh into the host in question, no problem. In the
logs, I get:
May 7 13:08:39 nightfury sshd[565]: Accepted publickey for joliver.sa from
2001:480:10:92::60 port 60164 ssh2
May 7 13:08:39 nightfury sshd: joliver.sa [priv][565]: USER_PROCESS: 567
ttys001
May 7 13:08:39
I ran into an issue where, at the end of GATHERING FACTS, ansible-playbook
just sits there. I'd added -v's until I had - and that didn't tell me
anything, until i got distracted and left it running for several minutes.
Suddenly it sprang back to life. Scrolling back, it was hung on:
I'm using 'unarchive' to extract a tarball to /tmp/ Inside, I have a shell
script with includes references to relative paths. This made my script
fail as it was looking for the files relative to whatever directory it's
running from. Looking at 'shell' and 'command' I see a chdir argument,
ansible 1.9.0.1
- name: Untar DoD certificate installer
unarchive: src=dod_java_certs.tgz dest=/tmp/ copy=yes
Results in:
TASK: [Untar DoD certificate installer]
***
failed: [quad] = {failed: true, parsed: false}
Can you just 'ssh rack1_pdu'? Or do you have to 'ssh user@rack1_pdu' and
supply a password?
You can add '-u username' to your ansible command line. Does your PDU
support SSH public keys? I've always used keypairs with ansible, so aren't
sure how you'd pass a password along.
--
You
If I:
- name: Copy SSL cert
copy: src={{ ansible_hostname if ansible_hostname in valid_hosts else
('test') }}.crt
dest=/etc/pki/tls/certs/
mode=0644
How can I capture the name of the certificate that was actually copied for
action in another task?
--
You received this
I've run into a minor problem where one of my hosts has an record for
an address assigned via DHCP6, but it isn't acquiring that address. I can
connect via the IPv4 address just fine. I'm looking for a switch to tell
ansible / ansible-playbook to force a connection over one protocol so I
Hi Igor. I didn't mean to retrieve packages, but to install them. If I
have an RPM file, I can 'yum: name=/path/to/file.rpm state=present' I'd
like to do the same thing with an Apple .pkg file... 'pkg:
name=/path/to/file.pkg state=present' and have that file actually
installed. I see
- name: Check if postgres is already allowed via IPv4
shell: grep '^-A\ INPUT\ -s\ {{roundcube_host}}\ -p\ tcp\ -m\ state\
--state\ NEW\ -m\ tcp\ --dport\ 5432\ -j\ ACCEPT' /etc/sysconfig/iptables
/dev/null 21
ignore_errors: true
register: result
- name: Allow incoming IPv4 PostGreSQL
I have several lineinfile statements to insert iptables rules into
/etc/sysconfig/iptables I'm using positional like insertbefore to get them
in the order I want, and it works just fine on the first run. But
subsequent runs are not idempotent... if I insert B before Y, and then C
before Y,
Problem with that is uncertainty over what the file might initially
contain. And because different roles might be assigned to different hosts,
therefore the files might be similar, but not the same, on all... rules
inserted in the 'common' role would be there for all, but only the http
server
My playbook:
- name: Get Java version
shell: /Library/Internet\
Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -version 21 |
grep '^java' | cut -d'' -f2
register: jre_ver
- debug: msg={{ jre_ver.stdout }}
- name: Install JRE 8 if necessary
include: jre8.yml
when:
Is there a way to use the 'copy' module, or an equivalent, to copy files
from one spot to another on the target host?
Right now, I'm trying to use 'command' or 'shell', but I'm running into
issues with unusable choking on an asterisk, and I have to use several
lines to copy, set ownership, set
No, no_log just suppresses logging. Already found and tried it :-)
--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
- name: Set iptables to log rejected packets 5
lineinfile: dest=/etc/rsyslog.conf
insertafter=^#kern\.\*\ \ *\/dev\/console
line={{item}}
with_items:
- ~
- :msg,contains,\iptables \ /var/log/iptables.log
- # iptables logs
-
The
Why is that? I can think of a huge array of use cases where I'd want to
set different permissions on files vs. directories that already exist or
are being created from an 'unarchive' action.
On Wednesday, October 1, 2014 5:33:41 PM UTC-7, James Cammarata wrote:
Also, as far as the
The 'file' module could use the directory_mode directive.
And 'unarchive' could use owner, group, mode, serole, setype,
etc. As well as directory_mode
Unless I'm completely missing something, but it seems I should be able to
unzip a local archive to the target, set ownership and permissions,
I'd like to have SSL certificates uploaded and configured according to
hostname, ie. host1 gets the cert and key for host1, etc.
It seems like the easiest way is to set a variable to equal
ansible_hostname, but I'd need a way to handle exceptions, so if
ansible_hostname isn't one of an
ansible 1.6.10
This stanza:
- name: Forward LDAP ports
lineinfile: dest=/etc/sysconfig/iptables
insertbefore=BOF
line={{item}}
with_items:
- COMMIT
- -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 389 -j REDIRECT
--to-ports 10389
- -A OUTPUT -d
ansible 1.6.10
- name: Get vmail home directory
shell: /bin/grep vmail /etc/passwd | cut -d':' -f6
register: vmail_dir
- name: Modify postfix config
lineinfile: dest=/etc/postfix/main.cf
line={{item}}
insertafter='^mydestination\ =\ \$myhostname,\
...@gmail.com
javascript: wrote:
I've seen that output when trying to run a blank module- are you doing
fun things with modules or even action plugins?
On Aug 15, 2014 2:08 PM, John Oliver jno...@gmail.com javascript:
wrote:
ansible 1.6.10 running against centOS 6.5
- name: Update all packages
This stanza:
- name: Upload 'macsecurity' plugin
copy: src={{git_src}}/plugins/macsecurity
dest=/var/www/html/roundcube/plugins/
mode=0755
directory_mode=yes
group=roundcube
Fails with:
TASK: [roundcube-web | Upload 'macsecurity' plugin]
ansible 1.6.10
- name: Configure Roundcube to use macsecurity plugin
lineinfile: dest=/var/www/html/roundcube/config/config.inc.php
regexp='^\$config[\'plugins\']\ =\ .*'
line=$config['plugins'] = array('macsecurity');
Results in:
TASK: [Configure Roundcube
Hmm, MacPorts has 1.7 but not 1.7.1 yet. I'll see if I can get the
maintainer to push it.
On Wednesday, August 27, 2014 2:50:26 PM UTC-7, Michael DeHaan wrote:
Can you please retest this with 1.7.1 and see if you get the same
traceback?
On Wed, Aug 27, 2014 at 5:47 PM, John Oliver jno
Thanks.
Maybe the docs could be a little clearer on this point? When the default
was given as no, that made me assume the opposite would be yes :-)
From When doing a recursive copy set the mode for the directories. , I
inferred that the mode of the parent would be inherited and recursively
ansible 1.6.10 running against centOS 6.5
- name: Update all packages
yum: name=* state=latest
got me:
TASK: [common | Update all packages]
**
failed: [jedis-test] = {failed: true, parsed: false}
invalid output was:
Can I execute an action when variable1=x OR variable2=y?
--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post
ansible 1.6.10
This task:
- name: Copy admin pwd chg ldif to target
template: src=admin-pwd-chg.ldif.j2 dest=/tmp/
is leaving /tmp/admin-pwd-chg.ldif.j2 instead of admin-pwd-chg.ldif The
variables in it are being expanded.
- output:
TASK: [apacheds | Copy admin pwd chg ldif to target]
The 'yum' module is pretty slow for me. That might be an artifact from
running my play books against a VM, but running 'yum install a b c d e f'
is a lot faster than:
- name: Install PHP packages
yum: name={{item}} state=latest
with_items:
- php
- php-common
- php-xml
-
Thanks, I don't have PackageKit installed, but I do have fastestmirror...
I'll try without. Does yum just do some kind of round-robin without it?
On Wednesday, August 6, 2014 3:05:40 PM UTC-7, Michael DeHaan wrote:
Also, be sure you have yum fastestmirror uninstalled, it usually lies :)
And
. There's even some cool magic for things like IBM internal
mirrors if you work for IBM.
Not sure about how CentOS works, but EPEL should be using this too.
The issue is fastestmirror tends to take a while to figure out which is
fastest :)
On Wed, Aug 6, 2014 at 6:48 PM, John Oliver jno
This task:
- name: Lock accounts after 3 unsuccessful logon attempts
lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac
regexp='^auth.*pam_faillock\.so\ auth.*\ deny=3\
unlock_time=604800\ fail_interval=900'
insertafter='^auth.*pam_unix\.so.*'
1.6.6
On Monday, August 4, 2014 10:22:44 AM UTC-7, Michael DeHaan wrote:
For starters,
ansible --version ?
--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
Thanks. I've asked the maintainer of that port at MacPorts to update, or
if I can help maintain it.
On Monday, August 4, 2014 1:17:15 PM UTC-7, Michael DeHaan wrote:
Ok, so the various security fixes in the 1.6.X series were largely patched
out by 1.6.10, and are even better on the
I have a list of lines I want to add to a file on the target system if they
don't exist. I don't want to wholesale overwrite the file, and I don't
want to write dozens of lineinfile: statements.
Is it possible to do the equivalent of:
while read line; do
if grep $line /target/file /dev/null
Dozens of lines to the audit log configuration.
I probably will just push a script and run it. But you're right... it's
un-ansible-like :-)
But so long as our scripts can be run idempotently, it isn't a total hack
:-)
On Friday, August 1, 2014 11:35:00 AM UTC-7, Mike Ray wrote:
Out of
If you just call lineinfile, where will it write them? At the end? What
if your target file has some kind of terminator, can you do a blanket
insertbefore or insertafter? I'm not really grokking the concept of
'backrefs'.
On Friday, August 1, 2014 11:33:36 AM UTC-7, Amr Ali wrote:
You
So, I want to add two lines to each of two files. Looking to see if
lineinfile could add multiple lines, I found a post that seemed to indicate
it could not.
1) Is it possible to make lineinfile add multiple lines?
2) If not, is there a way to do something like:
- name: Lock accounts after
Example:
passwordsufficientpam_unix.so shadow nullok try_first_pass
use_authtok
And I want to wind up with:
passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass
use_authtok
And let's assume I don't know what might come after pam_unix.so, and want
to preserve
case, with_nested should hook you up and let us know if you need
more info!
On Tue, Jul 29, 2014 at 1:33 PM, John Oliver jno...@gmail.com
javascript: wrote:
So, I want to add two lines to each of two files. Looking to see if
lineinfile could add multiple lines, I found a post
I tried to:
command: /usr/sbin/setsebool -P httpd_can_network_connect_db 1
when: {{rc_db_host}} = localhost
Ansible exploded in rage. I've never sent his much red text, even from
python errors :-) I tried with quotes, without, '=', '=='... It looks
like there's duplication in the
:32 PM, John Oliver jno...@gmail.com
javascript: wrote:
I tried to:
command: /usr/sbin/setsebool -P httpd_can_network_connect_db 1
when: {{rc_db_host}} = localhost
Ansible exploded in rage. I've never sent his much red text, even from
python errors :-) I tried
ansible 1.6.6
This stanza in my playbook:
- name: Create database user
postgresql_user: name={{rc_db_user}}
password={{rc_db_pass}}
role_attr_flags=NOSUPERUSER,NOCREATEROLE,NOCREATEUSER,NOCREATEDB
login_user={{pg_user}}
OK, I'm going to answer my own question :-) I got the conflicting or
redundant options when I used a command: It turns out that NOSUPERUSER is
sufficient, and psycopg just throws a fit instead of accepting the
redundant permissions.
--
You received this message because you are subscribed to
I would like to be able to test Macs for the major version of OS X, ie.
Lion, Mountain Lion, Mavericks. I see a fact called
ansible_distribution_version which is equal to the whole software rev,
like 10.9.4 Can I have ansible perform some operation like cut or awk so
I can wind up with 10.9
It's nice that I can use 'apt', 'yum', 'macports', etc. But is there a
module that I can point to an OS X '*.pkg' file to install? If not, is
there a better way than using a 'file' module to upload, then a 'script',
then another 'file' to delete the installer? I suppose I could create a
.sh
61 matches
Mail list logo
