Re: [ansible-devel] Ansilbe read all variable even they do not need for task (perfomance issue with lookup_plugins)

2016-08-23 Thread Artyom Aleksandrov 
Hello,


Thank you for answer. It's bad news because all variables which *can be* 
used by host  reads  on each task. 
Variables in *all* group of course provide most reads but problem also 
applies to other groups and host_vars. =(
 
> Can you give a different example of that being in a group the current 
host is not a member of and yet still being referenced?

No. There is no problem with this case.

Have you thought about changing this behavior or implementing runtime cache 
for variables?


On Wednesday, August 17, 2016 at 6:05:29 PM UTC+3, James Cammarata wrote:
>
> Sorry for the delayed response, but in the case of having it in the `all` 
> group, that var would be referenced on every task due to the fact that it's 
> being brought in for all hosts.
>
> Can you give a different example of that being in a group the current host 
> is not a member of and yet still being referenced?
>
> James Cammarata
>
> Ansible Lead/Sr. Principal Software Engineer
> Ansible by Red Hat
> twitter: @thejimic, github: jimi-c
>
> On Fri, Aug 5, 2016 at 4:07 PM, Artyom Aleksandrov  > wrote:
>
>> Hello,
>>
>> I'm using lookup_plugin which go to external service and get variables 
>> via HTTPS protocol.
>>
>> Several time ago I noticed that playbooks had took more time than before. 
>> During investigation I found that my lookup_plugin runs on every tasks even 
>> if currently running task do not use variables.
>>
>> For example if I specify *linux_password* variable in group *all* this 
>> PluginName will be call on every task on every hostname.
>>
>> [all]
>> linux_password: "{{ lookup('PluginName', 'linux_password')}}"
>>
>> I'm not sure but seems previously Ansible call lookup_plugin only in case 
>> that is really need this variable.
>>
>> Do you know what have changed and if it possible to turn it back?
>> In the ideal case in my opinoon it would be great if Ansible *can* cache 
>> variable in memory.   
>>
>>  Best regards
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Development" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-deve...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-devel] How to access inventory from custom action plugin v2

2016-08-23 Thread Brian Coca 
hostvars always has all hosts present in inventory, you can also look at
groups['all'] to get the full list.


-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-devel] Re: Windows question - is anyone managing Applocker with Ansible?

2016-08-23 Thread N. Bailey 
Oh, nice! Thanks for the link, that's a really cool concept.

After a bit of hunting around, I'd been thinking the same way as the
blogger you linked to - that writing (or templating) an XML file and
importing that is much neater than using their Powershell for making rules.
So I suspect that a lot of the work involved in making AppLocker hands-off
way is really in figuring out all the UUIDs and SIDs and so on you need for
a valid XML AppLocker ruleset.

Really, the main piece I'm missing is a way to import an applocker policy
from a local file - there's already Ansible solutions for 'grab this file
from remotely' or 'template this onto the target host with these
parameters', and for 'manage the state of this service' (for AppIDSvc).
I'll let the internet know how it goes.

Cheers,
Nikki




On 20 August 2016 at 19:08, Trond Hindenes  wrote:

> pretty sure that's not solved yet.
>
> Based on this: https://p0w3rsh3ll.wordpress.com/2015/04/02/
> configure-applocker-with-desired-state-configuration/ you could take that
> DSC thing and run it thru my DSC-To-Ansible resource converter (
> https://github.com/trondhindenes/AnsibleDscModuleGenerator) but it would
> of course only be compatible with nodes running Powershell V5.
>
>
> On Wednesday, August 17, 2016 at 11:34:55 AM UTC+2, N. Bailey wrote:
>>
>> Hi ansible-devel,
>>
>> Quick question for anyone running Ansible on Windows: has anyone used
>> Ansible to configure Applocker? It's a security/hardening/audit tool for
>> Windows, replacing Software Restriction Policies.
>>
>> The natural way to deploy/manage it would be with group policy, but I'm
>> running it on servers outside a domain, so I wanted an Ansible solution
>> instead. Can't see any playbooks or modules out there so far about it, but
>> there's a fairly neat set of powershell cmdlets to do it. I was planning on
>> writing a module to do it, but I thought I'd ask stick my head up and check
>> that this isn't a solved problem already :)
>>
>> Thanks,
>> Nikki
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Development" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/ansible-devel/kslynu8JLGk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-devel+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-devel] How to access inventory from custom action plugin v2

2016-08-23 Thread James Kinley 
Hi,

How does one get access to the inventory from a custom action plugin?

I'm able to do something like this to access host vars: 
task_vars["hostvars"]["my_host"]["ansible_host"] but I need to be able to 
iterate all hosts in the inventory.

Thanks,
James.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-devel] Ruby DSL Project Feedback

2016-08-23 Thread Brady Wied 
Hi all,

I started this as an experiment but it might end up being useful.

https://github.com/wied03/ansible-ruby

The idea is (for those that like Ruby) to have a Ruby DSL that ultimately 
generates YML files for Ansible. This is partially based on the comment I 
read somewhere (I think) that the Ansible team considers YML a good 
serialization format (but is not necessarily 'against' other 
formats/languages outside the core product). I should add that this doesn't 
try and change the way modules work or put Ruby on the managed hosts.

I'm not sure if anyone has experimented with this before in the Ansible 
world but if you have any feedback, do let me know.

-Brady

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.