[ansible-project] Re: Rebooting a Cisco ASA device

2019-01-03 Thread Ganesh Nalawade 
Try adding "meta: reset_connection" after wait_for task and before check 
version task.
Also, which Ansible version are you using?

Regards,
Ganesh

On Friday, 4 January 2019 04:26:41 UTC+5:30, Sahar wrote:
>
> I'm trying to reboot a Cisco ASA Firewall, and run the "show version" 
> command after it. It seems that rebooting works, but when the playbook gets 
> to the show version command, it will get failed by showing the error down 
> below. Any idea about it? 
>
>
>
>
>
> - name: Rebooting the ASA
>   asa_command:
> commands:
> - "reload\n"
>
>
> - wait_for: timeout=180
>
>
> - name: check the version
>   asa_command:
> commands:
> -  show version
>   register: output
>
>
> - name: check the version
>   debug: var=output.stdout
>
>
>
>
>
> TASK [Rebooting the ASA] 
> ***
> skipping: [Fw4Script-02.tor.bellnhs.int]
> ok: [Fw4Script-01.tor.bellnhs.int]
>
> TASK [wait_for] 
> 
> skipping: [Fw4Script-02.tor.bellnhs.int]
> ok: [Fw4Script-01.tor.bellnhs.int]
>
>
> TASK [check the version] 
> 
> skipping: [Fw4Script-02.tor.bellnhs.int]
> An exception occurred during task execution. To see the full traceback, 
> use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 
> Socket is closed
> fatal: [Fw4Script-01.tor.bellnhs.int]: FAILED! => {"changed": false, 
> "module_stderr": "Traceback (most recent call last):\n  File 
> \"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
>  
> line 113, in \n_ansiballz_main()\n  File 
> \"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
>  
> line 105, in _ansiballz_main\ninvoke_module(zipped_mod, temp_path, 
> ANSIBALLZ_PARAMS)\n  File 
> \"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
>  
> line 48, in invoke_module\nimp.load_module('__main__', mod, module, 
> MOD_DESC)\n  File \"/tmp/ansible_asa_command_payload_4Z1mL_/__main__.py\", 
> line 195, in \n  File 
> \"/tmp/ansible_asa_command_payload_4Z1mL_/__main__.py\", line 165, in 
> main\n  File 
> \"/tmp/ansible_asa_command_payload_4Z1mL_/ansible_asa_command_payload.zip/ansible/module_utils/network/asa/asa.py\",
>  
> line 124, in run_commands\n  File 
> \"/tmp/ansible_asa_command_payload_4Z1mL_/ansible_asa_command_payload.zip/ansible/module_utils/connection.py\",
>  
> line 173, in __rpc__\nansible.module_utils.connection.ConnectionError: 
> Socket is closed\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee 
> stdout/stderr for the exact error", "rc": 1}
>
>
>
>
> These are the parameters in ansible.cfg file:
>
> [persistent_connection]
>
> connect_timeout = 300
> command_timeout = 300
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f31d-7e0c-4eec-a39e-96aee001f124%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Does Ansible support actions for NETCONF devices?

2019-01-03 Thread Ganesh Nalawade 

Since action is a netconf RPC defined in RFC 7950 it can be executed using 
Ansible netconf_rpc module.

- name: execute action rpc
  netconf_rpc:
rpc: action
xmlns: "urn:ietf:params:xml:ns:yang:1"
content: |
  
 apache-1
 
   2014-07-29T13:42:00Z
 
   



This task will send below XML RPC to remote Netconf server which is similar 
to that mentioned in RFC 7950





apache-1

2014-07-29T13:42:00Z





Hope this helps!

Regards,
Ganesh

On Thursday, 3 January 2019 00:53:47 UTC+5:30, steve...@gmail.com wrote:
>
> Hi
> Ansible supports netconf-rpc module allowing RPC operations to NETCONF 
> devices
> Does Ansible also support actions to NETCONF devices?
>
> From RFC 7950:
>
>The difference between an action and an rpc is that an action is tied
>to a node in the datastore, whereas an rpc is not.  When an action is
>invoked, the node in the datastore is specified along with the name
>of the action and the input parameters.
>
> Thank you
> Regards
> Steve
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3c7d71ae-1e6d-49a9-8481-0001750baff8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: rolling tasks for multiple clusters?

2019-01-03 Thread 'J Hawkesworth' via Ansible Project 
I wound up having multiple playbooks and using something else to run them 
simultaneously.
I've used gnu parallels in some cases and jenkins jobs in others.
parallels is nice because you can kick off a lot of jobs simultaneously 
with a single command line.
However its not great for viewing progress as the output from each playbook 
isn't returned until its completed (iirc)
Jenkins jobs give better visibility of what's going on, but become tedious 
to set up via the ui if you have more than a few of them.
Other tools to orchestrate multiple playbooks are available (tower/awx, 
semaphore, vespene, rundeck) but I haven't spent enough time trying any of 
them yet to see if they offer any advantage.

That said it might be possible to do what you want in a single playbook, 
but you might need to get creative with your inventory.

Be aware that you can target multiple host groups in a single play

hosts: webservers:middleware:batchmachines

If you can address all the machines you need to manipulate then you might 
be able to set serial: 1 and perform rolling changes that way.

Hope the above is useful to you.

Jon

On Thursday, January 3, 2019 at 7:06:30 PM UTC, Doug OLeary wrote:
>
> Hi;
>
> I've read the docs on rolling updates and that sounds very close to what 
> I'm looking for; however, I need to execute rolling reboots for multiple 
> clusters preferably simultaneously.
>
> More specifically, after patching oracle clusters, i need to:
>
> 1.  Execute a task to relocate oracle services on one node.
> 2.  Reboot that node.
> 3.  Execute a task to relocate oracle services back to that node.
>
> Those tasks should happen on only one node of a cluster at a time and the 
> rolling updates documented by ansible work well for one cluster.  I have 
> occasions where I'm patching 3 or 4 clusters though.  
>
> With my limited ansible knowledge, the only thing I'm coming up with is a 
> rolling update across all nodes or separate playbooks for each cluster both 
> of which are grossly inefficient.  3 clusters should be run as 3 
> simultaneous rolling updates.  the separate playbooks for each cluster just 
> sounds wrong.  
>
> Can someone point me in the right direction?  I'm happy to do the reading 
> but my google-foo must be weak as I'm not finding the concept that I'm so 
> obviously missing.
>
> Thanks
>
> Doug O'Leary
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/28520f06-37e0-4e2f-b97b-87b29aaf5f26%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible role/playbook cloudwatch alarm

2019-01-03 Thread Frank Dias 
I am looking for a role or play book that one could run against AWS EC2 
instances and set a cloud watch alarm for "cpucreditbalance".

frank

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c447c177-38ff-4afa-9c44-d4e4c5cbbb55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
I removed it with the same issue

{% for host in groups['all'] %}
   {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}
{% endfor %}

> On Jan 3, 2019, at 4:38 PM, Karl Auer  wrote:
> 
> Your version has double quotes around the second line. The known working 
> version does not. Could that be an issue?
> 
> Regards, K.
> 
> On Fri, Jan 4, 2019 at 10:20 AM Freddie Eisa  > wrote:
> I just ran the same thing you ddi with the same issue I had. 
> 
>> On Jan 3, 2019, at 4:06 PM, Hugo Gonzalez > > wrote:
>> 
>> Got to be something else. Are these linux hosts?
>> 
>> I tried this and it works:
>> 
>> playbook:
>> 
>> ---
>> - hosts: all
>> 
>>   tasks:
>> - template:
>> src: template.j2
>> dest: /tmp/knownhosts
>> 
>> 
>> 
>> template:
>> 
>> {% for host in groups['all'] %} 
>> {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}  
>> {% endfor %}
>> 
>> --
>> 
>> I suggest you run the setup module on your managed hosts and see the 
>> structure of the facts on your hosts then, and see if the host keys are 
>> there with that name.
>> 
>> 
>> 
>> Hugo G. 
>> 
>> 
>> 
>> On 1/3/19 4:33 PM, Freddie Eisa wrote:
>>> This is what I’m running 
>>> 
>>> My role
>>> - name: Template Knownhosts
>>>   template: src=./ssh_key.j2 dest=/tmp/temp.conf
>>> 
>>> My template 
>>> {% for host in groups['all'] %}
>>>"{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
>>> {% endfor %}
>>> 
>>> My playbook
>>> 
>>> ---
>>> - name: Centos 7 Servers
>>>   hosts: servers_all
>>>   gather_facts: True
>>>   ignore_errors: yes
>>>   roles:
>>>- linux-role
 
 -- 
 HUGO F. GONZALEZ
 SENIOR CONSULTANT
 Red Hat LATAM 
  
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to ansible-project+unsubscr...@googlegroups.com 
 .
 To post to this group, send email to ansible-project@googlegroups.com 
 .
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
  
 .
 For more options, visit https://groups.google.com/d/optout 
 .
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to ansible-project+unsubscr...@googlegroups.com 
>>> .
>>> To post to this group, send email to ansible-project@googlegroups.com 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com
>>>  
>>> .
>>> For more options, visit https://groups.google.com/d/optout 
>>> .
>> -- 
>> HUGO F. GONZALEZ
>> SENIOR CONSULTANT
>> Red Hat LATAM 
>>  
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-project+unsubscr...@googlegroups.com 
>> .
>> To post to this group, send email to ansible-project@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
>

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Karl Auer 
Your version has double quotes around the second line. The known working
version does not. Could that be an issue?

Regards, K.

On Fri, Jan 4, 2019 at 10:20 AM Freddie Eisa  wrote:

> I just ran the same thing you ddi with the same issue I had.
>
> On Jan 3, 2019, at 4:06 PM, Hugo Gonzalez  wrote:
>
> Got to be something else. Are these linux hosts?
>
> I tried this and it works:
>
> playbook:
>
> ---
> - hosts: all
>
>   tasks:
> - template:
> src: template.j2
> dest: /tmp/knownhosts
>
> 
>
> template:
>
> {% for host in groups['all'] %}
> {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}
> {% endfor %}
>
> --
>
> I suggest you run the setup module on your managed hosts and see the
> structure of the facts on your hosts then, and see if the host keys are
> there with that name.
>
>
> Hugo G.
>
>
> On 1/3/19 4:33 PM, Freddie Eisa wrote:
>
> This is what I’m running
>
> My role
> - name: Template Knownhosts
>   template: src=./ssh_key.j2 dest=/tmp/temp.conf
>
> My template
> {% for host in groups['all'] %}
>"{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
> {% endfor %}
>
> My playbook
>
> ---
> - name: Centos 7 Servers
>   hosts: servers_all
>   gather_facts: True
>   ignore_errors: yes
>   roles:
>- linux-role
>
>
> --
> HUGO F. GONZALEZ
>
> SENIOR CONSULTANT
> Red Hat LATAM 
> 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
> --
> HUGO F. GONZALEZ
>
> SENIOR CONSULTANT
> Red Hat LATAM 
> 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/A7231E7C-CA93-44B8-BCCD-A0862C691B18%40gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Karl Auer

Email  : ka...@2pisoftware.com
Website: http://2pisoftware.com

GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08RcnnB79%2BTjdZXZxh%2BTHYTbxy9WmdLBHuK5tsmq7dT0sQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
What version are you running? The linux host is centos7.6

Verified in my facts

"ansible_ssh_host_key_ecdsa_public": 
"E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAABBBGpMZqjhIzo6gGjz4eczxnatrAgmPxdWVYf0zY29MDngkKuOzjB0bMrR5sQm1X6leGgYowv3wNloWOZVbhwPU2A=",
 

> On Jan 3, 2019, at 4:06 PM, Hugo Gonzalez  wrote:
> 
> Got to be something else. Are these linux hosts?
> 
> I tried this and it works:
> 
> playbook:
> 
> ---
> - hosts: all
> 
>   tasks:
> - template:
> src: template.j2
> dest: /tmp/knownhosts
> 
> 
> 
> template:
> 
> {% for host in groups['all'] %} 
> {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}  
> {% endfor %}
> 
> --
> 
> I suggest you run the setup module on your managed hosts and see the 
> structure of the facts on your hosts then, and see if the host keys are there 
> with that name.
> 
> 
> 
> Hugo G. 
> 
> 
> 
> On 1/3/19 4:33 PM, Freddie Eisa wrote:
>> This is what I’m running 
>> 
>> My role
>> - name: Template Knownhosts
>>   template: src=./ssh_key.j2 dest=/tmp/temp.conf
>> 
>> My template 
>> {% for host in groups['all'] %}
>>"{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
>> {% endfor %}
>> 
>> My playbook
>> 
>> ---
>> - name: Centos 7 Servers
>>   hosts: servers_all
>>   gather_facts: True
>>   ignore_errors: yes
>>   roles:
>>- linux-role
>>> 
>>> -- 
>>> HUGO F. GONZALEZ
>>> SENIOR CONSULTANT
>>> Red Hat LATAM 
>>>  
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to ansible-project+unsubscr...@googlegroups.com 
>>> .
>>> To post to this group, send email to ansible-project@googlegroups.com 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
>>>  
>>> .
>>> For more options, visit https://groups.google.com/d/optout 
>>> .
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-project+unsubscr...@googlegroups.com 
>> .
>> To post to this group, send email to ansible-project@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> -- 
> HUGO F. GONZALEZ
> SENIOR CONSULTANT
> Red Hat LATAM 
>  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/E1081AAA-47FF-4265-A5F9-93FE4835A79B%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
I just ran the same thing you ddi with the same issue I had. 

> On Jan 3, 2019, at 4:06 PM, Hugo Gonzalez  wrote:
> 
> Got to be something else. Are these linux hosts?
> 
> I tried this and it works:
> 
> playbook:
> 
> ---
> - hosts: all
> 
>   tasks:
> - template:
> src: template.j2
> dest: /tmp/knownhosts
> 
> 
> 
> template:
> 
> {% for host in groups['all'] %} 
> {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}  
> {% endfor %}
> 
> --
> 
> I suggest you run the setup module on your managed hosts and see the 
> structure of the facts on your hosts then, and see if the host keys are there 
> with that name.
> 
> 
> 
> Hugo G. 
> 
> 
> 
> On 1/3/19 4:33 PM, Freddie Eisa wrote:
>> This is what I’m running 
>> 
>> My role
>> - name: Template Knownhosts
>>   template: src=./ssh_key.j2 dest=/tmp/temp.conf
>> 
>> My template 
>> {% for host in groups['all'] %}
>>"{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
>> {% endfor %}
>> 
>> My playbook
>> 
>> ---
>> - name: Centos 7 Servers
>>   hosts: servers_all
>>   gather_facts: True
>>   ignore_errors: yes
>>   roles:
>>- linux-role
>>> 
>>> -- 
>>> HUGO F. GONZALEZ
>>> SENIOR CONSULTANT
>>> Red Hat LATAM 
>>>  
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to ansible-project+unsubscr...@googlegroups.com 
>>> .
>>> To post to this group, send email to ansible-project@googlegroups.com 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
>>>  
>>> .
>>> For more options, visit https://groups.google.com/d/optout 
>>> .
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-project+unsubscr...@googlegroups.com 
>> .
>> To post to this group, send email to ansible-project@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> -- 
> HUGO F. GONZALEZ
> SENIOR CONSULTANT
> Red Hat LATAM 
>  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/A7231E7C-CA93-44B8-BCCD-A0862C691B18%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
They keys are there in facts

> On Jan 3, 2019, at 4:06 PM, Hugo Gonzalez  wrote:
> 
> Got to be something else. Are these linux hosts?
> 
> I tried this and it works:
> 
> playbook:
> 
> ---
> - hosts: all
> 
>   tasks:
> - template:
> src: template.j2
> dest: /tmp/knownhosts
> 
> 
> 
> template:
> 
> {% for host in groups['all'] %} 
> {{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}  
> {% endfor %}
> 
> --
> 
> I suggest you run the setup module on your managed hosts and see the 
> structure of the facts on your hosts then, and see if the host keys are there 
> with that name.
> 
> 
> 
> Hugo G. 
> 
> 
> 
> On 1/3/19 4:33 PM, Freddie Eisa wrote:
>> This is what I’m running 
>> 
>> My role
>> - name: Template Knownhosts
>>   template: src=./ssh_key.j2 dest=/tmp/temp.conf
>> 
>> My template 
>> {% for host in groups['all'] %}
>>"{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
>> {% endfor %}
>> 
>> My playbook
>> 
>> ---
>> - name: Centos 7 Servers
>>   hosts: servers_all
>>   gather_facts: True
>>   ignore_errors: yes
>>   roles:
>>- linux-role
>>> 
>>> -- 
>>> HUGO F. GONZALEZ
>>> SENIOR CONSULTANT
>>> Red Hat LATAM 
>>>  
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to ansible-project+unsubscr...@googlegroups.com 
>>> .
>>> To post to this group, send email to ansible-project@googlegroups.com 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
>>>  
>>> .
>>> For more options, visit https://groups.google.com/d/optout 
>>> .
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-project+unsubscr...@googlegroups.com 
>> .
>> To post to this group, send email to ansible-project@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> -- 
> HUGO F. GONZALEZ
> SENIOR CONSULTANT
> Red Hat LATAM 
>  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/C53CF09D-DF49-41A3-8585-4911AC3A1264%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Hugo Gonzalez 

Got to be something else. Are these linux hosts?

I tried this and it works:

playbook:

---
- hosts: all

  tasks:
    - template:
    src: template.j2
    dest: /tmp/knownhosts



template:

{% for host in groups['all'] %}
{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}
{% endfor %}

--

I suggest you run the setup module on your managed hosts and see the 
structure of the facts on your hosts then, and see if the host keys are 
there with that name.



Hugo G.


On 1/3/19 4:33 PM, Freddie Eisa wrote:

This is what I’m running

My role
- name: Template Knownhosts
template: src=./ssh_key.j2 dest=/tmp/temp.conf

My template
{% for host in groups['all'] %}
   "{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
{% endfor %}

My playbook

---
- name:Centos 7Servers
hosts:servers_all
gather_facts:True
ignore_errors:yes
roles:
   - linux-role


--
HUGO F.GONZALEZ

SENIOR CONSULTANT

Red HatLATAM 



--
You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email toansible-project+unsubscr...@googlegroups.com 
.
To post to this group, send email toansible-proj...@googlegroups.com 
.
To view this discussion on the web 
visithttps://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com 
.

For more options, visithttps://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to ansible-project+unsubscr...@googlegroups.com 
.
To post to this group, send email to ansible-project@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com 
.

For more options, visit https://groups.google.com/d/optout.

--

Hugo F. gonzalez

Senior Consultant

Red Hat LATAM 



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8feca239-8c6b-4ef8-8331-4d26489f125c%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Rebooting a Cisco ASA device

2019-01-03 Thread Sahar 
I'm trying to reboot a Cisco ASA Firewall, and run the "show version" 
command after it. It seems that rebooting works, but when the playbook gets 
to the show version command, it will get failed by showing the error down 
below. Any idea about it? 





- name: Rebooting the ASA
  asa_command:
commands:
- "reload\n"


- wait_for: timeout=180


- name: check the version
  asa_command:
commands:
-  show version
  register: output


- name: check the version
  debug: var=output.stdout





TASK [Rebooting the ASA] 
***
skipping: [Fw4Script-02.tor.bellnhs.int]
ok: [Fw4Script-01.tor.bellnhs.int]

TASK [wait_for] 

skipping: [Fw4Script-02.tor.bellnhs.int]
ok: [Fw4Script-01.tor.bellnhs.int]


TASK [check the version] 

skipping: [Fw4Script-02.tor.bellnhs.int]
An exception occurred during task execution. To see the full traceback, use 
-vvv. The error was: ansible.module_utils.connection.ConnectionError: 
Socket is closed
fatal: [Fw4Script-01.tor.bellnhs.int]: FAILED! => {"changed": false, 
"module_stderr": "Traceback (most recent call last):\n  File 
\"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
 
line 113, in \n_ansiballz_main()\n  File 
\"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
 
line 105, in _ansiballz_main\ninvoke_module(zipped_mod, temp_path, 
ANSIBALLZ_PARAMS)\n  File 
\"/home/shdianat/.ansible/tmp/ansible-local-12216t0E3Bw/ansible-tmp-1546555792.58-98199446309935/AnsiballZ_asa_command.py\",
 
line 48, in invoke_module\nimp.load_module('__main__', mod, module, 
MOD_DESC)\n  File \"/tmp/ansible_asa_command_payload_4Z1mL_/__main__.py\", 
line 195, in \n  File 
\"/tmp/ansible_asa_command_payload_4Z1mL_/__main__.py\", line 165, in 
main\n  File 
\"/tmp/ansible_asa_command_payload_4Z1mL_/ansible_asa_command_payload.zip/ansible/module_utils/network/asa/asa.py\",
 
line 124, in run_commands\n  File 
\"/tmp/ansible_asa_command_payload_4Z1mL_/ansible_asa_command_payload.zip/ansible/module_utils/connection.py\",
 
line 173, in __rpc__\nansible.module_utils.connection.ConnectionError: 
Socket is closed\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee 
stdout/stderr for the exact error", "rc": 1}




These are the parameters in ansible.cfg file:

[persistent_connection]

connect_timeout = 300
command_timeout = 300

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73bb7395-1a78-4578-a49c-a97f435ec9f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
This is what I’m running 

My role
- name: Template Knownhosts
  template: src=./ssh_key.j2 dest=/tmp/temp.conf

My template 
{% for host in groups['all'] %}
   "{{ hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }}"
{% endfor %}

My playbook

---
- name: Centos 7 Servers
  hosts: servers_all
  gather_facts: True
  ignore_errors: yes
  roles:
   - linux-role

> On Jan 3, 2019, at 3:31 PM, Hugo Gonzalez  wrote:
> 
> 
> On 1/3/19 4:26 PM, Freddie Eisa wrote:
>> I had tried but still receive 
>> 
>> fatal: [server]: FAILED! => {"changed": false, "msg": 
>> "AnsibleUndefinedVariable: 'dict object' has no attribute 
>> 'ssh_host_key_ecdsa_public'"}
>> 
> Please post the play you're using, or at least the relevant task and template.
> 
>>> This works for me and prints the key.---
>>> - hosts: all
>>> 
>>>   tasks:
>>> - debug:
>>> msg: "{% for host in groups['all'] %} {{ 
>>> hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }} {% endfor 
>>> %}"
>>> 
>>> 
> -- 
> HUGO F. GONZALEZ
> SENIOR CONSULTANT
> Red Hat LATAM 
>  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4B57DC00-7EAD-4209-97FA-C75F30038649%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Hugo Gonzalez 


On 1/3/19 4:26 PM, Freddie Eisa wrote:

I had tried but still receive

fatal: [server]: FAILED! => {"changed": false, "msg": 
"AnsibleUndefinedVariable: 'dict object' has no attribute 
'ssh_host_key_ecdsa_public'"}


Please post the play you're using, or at least the relevant task and 
template.



This works for me and prints the key.---
- hosts: all

  tasks:
    - debug:
    msg: "{% for host in groups['all'] %} {{ 
hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }} {% 
endfor %}"




--

Hugo F. gonzalez

Senior Consultant

Red Hat LATAM 



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/51fe343a-0562-0849-9161-4a0d04366503%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
I had tried but still receive 

fatal: [server]: FAILED! => {"changed": false, "msg": 
"AnsibleUndefinedVariable: 'dict object' has no attribute 
'ssh_host_key_ecdsa_public'"}

> On Jan 3, 2019, at 3:23 PM, Hugo Gonzalez  wrote:
> 
> 
> 
> On 1/3/19 3:34 PM, Freddie Eisa wrote:
>> So it depends on the host and how they are named and was really a test case. 
>> The one I’m really concerned about is this one now 
>> 
>> 
>> {% for host in groups['servers_production'] %}
>>{{ hostvars[host]['ssh_host_key_ecdsa_public'] }}
>> {% endfor %}
> 
> I think you mean:  
> hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public']
> 
> This works for me and prints the key.---
> - hosts: all
> 
>   tasks:
> - debug:
> msg: "{% for host in groups['all'] %} {{ 
> hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }} {% endfor %}"
> 
> 
> Hugo G.
> 
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/d10c2a5d-48dd-dd67-d85e-4cd3a29d819d%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5AF458C6-F964-4EE2-A61F-33F76510D6CE%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Hugo Gonzalez 


On 1/3/19 3:34 PM, Freddie Eisa wrote:
So it depends on the host and how they are named and was really a test 
case. The one I’m really concerned about is this one now



{% for host in groups['servers_production'] %}
{{ hostvars[host]['ssh_host_key_ecdsa_public'] }}
{% endfor %}


I think you mean: 
hostvars[host]*['ansible_facts']*['ssh_host_key_ecdsa_public']


This works for me and prints the key.---
- hosts: all

  tasks:
    - debug:
    msg: "{% for host in groups['all'] %} {{ 
hostvars[host]['ansible_facts']['ssh_host_key_ecdsa_public'] }} {% 
endfor %}"



Hugo G.



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d10c2a5d-48dd-dd67-d85e-4cd3a29d819d%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Inventory scripts: How to add debug info when run via Ansible?

2019-01-03 Thread Hugo Gonzalez 

Hi Jimmy,

On 12/27/18 5:57 AM, Jimmy Htor wrote:

Hey,

The way I see it you either output to STDOUT, which would make debug 
output part of the inventory data, thus corrupt it. Or you output to 
STDERR and Ansible will treat is as actual errors (and show it using 
red color).


Is there another way to cleanly provide debug info during an Ansible 
run besides writing to a file?



JSON doesn't support comments, but you can create a dummy variable 
called _comment and put your debugging messages there, right in the 
JSON. An unused variable won't mess up your inventory data.



Another option is to use the  syslog facility for whatever language 
you're writing the inventory script in.


In bash, it would be :

$ logger "spam and eggs happened"


Cheers,


Hugo



--

Hugo F. gonzalez

Senior Consultant

Red Hat LATAM 





--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ed62e50d-7450-efbc-bd9a-6c0598547d75%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
So it depends on the host and how they are named and was really a test case. 
The one I’m really concerned about is this one now 


{% for host in groups['servers_production'] %}
   {{ hostvars[host]['ssh_host_key_ecdsa_public'] }}
{% endfor %}

> On Jan 3, 2019, at 2:31 PM, Hugo Gonzalez  wrote:
> 
> Hello Freddie,
> 
> 
> On 1/3/19 12:04 PM, Freddie Eisa wrote:
>> {"changed": false, "msg": "AnsibleUndefinedVariable: 'dict object' has no 
>> attribute 'eth0'"}
>> 
>> 
> How do you know what to look for in ansible_facts? Run the setup module 
> against your managed hosts and see what the facts look like.
> 
> I have this on a node of mine:
> 
>   "ansible_facts": {
> ...,
> 
>  "ansible_default_ipv4": {
> "address": "", 
> "alias": "eth0", 
> "broadcast": "", 
> "gateway": "", 
> "interface": "eth0", 
> "macaddress": "X", 
> "mtu": 1500, 
> "netmask": "255.255.248.0", 
> "network": "XXX", 
> "type": "ether"
> }, 
> }
> 
> 
> I don't see any hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] 
> 
> Try  $ ansible  -m  setup and examine the output to see how you 
> should look for eth0's IP address.
> 
> 
> 
> Cheers,
> 
> 
> 
> Hugo
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> HUGO F. GONZALEZ
> SENIOR CONSULTANT
> Red Hat LATAM 
>  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to ansible-project@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/4473f03c-a4f0-f89c-5d92-77b2cf85ba01%40redhat.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9A28E9E8-3649-4294-AA53-C3795A1A1A7B%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Hugo Gonzalez 

Hello Freddie,


On 1/3/19 12:04 PM, Freddie Eisa wrote:


{"changed": false, "msg": "AnsibleUndefinedVariable: 'dict object' has 
no attribute 'eth0'"}



How do you know what to look for in ansible_facts? Run the setup module 
against your managed hosts and see what the facts look like.


I have this on a node of mine:

  "ansible_facts": {
...,

 "ansible_default_ipv4": {
    "address": "",
    "alias": "eth0",
    "broadcast": "",
    "gateway": "",
    "interface": "eth0",
    "macaddress": "X",
    "mtu": 1500,
    "netmask": "255.255.248.0",
    "network": "XXX",
    "type": "ether"
    },
}


I don't see any hostvars[host]['ansible_facts']['eth0']['ipv4']['address']

Try  $ ansible  -m  setup and examine the output to see how 
you should look for eth0's IP address.



Cheers,


Hugo





--

Hugo F. gonzalez

Senior Consultant

Red Hat LATAM 



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4473f03c-a4f0-f89c-5d92-77b2cf85ba01%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] win_pagefile is not returning configured pagefiles

2019-01-03 Thread Dave Olker 
My Windows 2016 server has the following pagefile configuration:

C:\Windows\system32>wmic pagefile list /format:list

AllocatedBaseSize=9728
CurrentUsage=0
Description=D:\pagefile.sys
InstallDate=20190103102344.598855-480
Name=D:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE


The below win_pagefile play is supposed to display the current pagefile 
configuration, but it is returning an empty list:

- name: List any configured pagefiles
  win_pagefile:


ok: [dfo-worker04] => {
"automatic_managed_pagefiles": true,
"changed": false,
*"pagefiles": []*
}


I'm running Ansible 2.7.5 on RedHat 7.6:

# ansible --version
ansible 2.7.5
  config file = /root/Docker-SimpliVity/ansible.cfg
  configured module search path = [u'/root/oneview-ansible/library']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-36)]


Anyone else getting win_pagefile to return the current pagefile 
configuration?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/11d0009f-8916-4c9c-adc7-03f0da4ea461%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] rolling tasks for multiple clusters?

2019-01-03 Thread Doug OLeary 
Hi;

I've read the docs on rolling updates and that sounds very close to what 
I'm looking for; however, I need to execute rolling reboots for multiple 
clusters preferably simultaneously.

More specifically, after patching oracle clusters, i need to:

1.  Execute a task to relocate oracle services on one node.
2.  Reboot that node.
3.  Execute a task to relocate oracle services back to that node.

Those tasks should happen on only one node of a cluster at a time and the 
rolling updates documented by ansible work well for one cluster.  I have 
occasions where I'm patching 3 or 4 clusters though.  

With my limited ansible knowledge, the only thing I'm coming up with is a 
rolling update across all nodes or separate playbooks for each cluster both 
of which are grossly inefficient.  3 clusters should be run as 3 
simultaneous rolling updates.  the separate playbooks for each cluster just 
sounds wrong.  

Can someone point me in the right direction?  I'm happy to do the reading 
but my google-foo must be weak as I'm not finding the concept that I'm so 
obviously missing.

Thanks

Doug O'Leary

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6be82d20-b9d8-466c-85f7-713284926c13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible and Huawei

2019-01-03 Thread Anurag Bhatia 
Hello there


Was wondering if anyone has experience of using ansible with Huawei
successfully?
We are using Huawei at our IX and I am able to use ad-hoc commands with
Huawei but playbooks based on documentation fail with a ncclient related
error. We do have nc client as well as netconf installed on the machine.



Our sample playbook (IP and access details are removed)


---
  - hosts: ###hidden###
connection: local
gather_facts: no
vars:
  cli:
host: ###hidden###
port: ###hidden###
username: ###hidden###
password: ###hidden###
transport: cli

tasks:
- name: Test port
  ce_switchport:
interface: XGigabitEthernet0/0/44
mode: access
access_vlan: 100
provider: '{{ cli }}'
state: present




and this throws the following error during execution:


The full traceback is:
Traceback (most recent call last):
  File "/usr/local/bin/ansible-connection", line 106, in start
self.connection._connect()
  File
"/Library/Python/2.7/site-packages/ansible/plugins/connection/netconf.py",
line 288, in _connect
ssh_config=ssh_config
  File "/Library/Python/2.7/site-packages/ncclient/manager.py", line 163,
in connect
return connect_ssh(*args, **kwds)
  File "/Library/Python/2.7/site-packages/ncclient/manager.py", line 128,
in connect_ssh
session.connect(*args, **kwds)
  File "/Library/Python/2.7/site-packages/ncclient/transport/ssh.py", line
485, in connect
raise SSHError("Could not open connection, possibly due to unacceptable"
SSHError: Could not open connection, possibly due to unacceptable SSH
subsystem name.

fatal: [$Host]: FAILED! => {
"msg": "Could not open connection, possibly due to unacceptable SSH
subsystem name."
}



Anyone with ideas on what could be wrong?


Thanks!


-- 


Anurag Bhatia
anuragbhatia.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ0%2BaXamgJZsedo8JcytLzLHh4dSu6BCnjLSLa68St-QwqA1XA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] AnsibleUndefinedVariable: 'dict object' has no attribute

2019-01-03 Thread Freddie Eisa 
SUMMARY

jinja2 template issues with hostvars
ISSUE TYPE
   
   - Bug Report

COMPONENT NAME

jinja2 template
ANSIBLE VERSION

ansible 2.7.2
config file = /home/feisa/ansible-linux/ansible.cfg
configured module search path = [u'/home/feisa/ansible-linux/library']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 
(Red Hat 4.8.5-36)]
CONFIGURATION

jinja2 template

{% for host in groups['servers_production'] %}
   {{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}
{% endfor %}

- name: Template Knownhosts
  template: src=./ssh.j2 dest=/tmp/temp.conf

OS / ENVIRONMENT

Centos 7.6
STEPS TO REPRODUCE

run normal ansible playblook
EXPECTED RESULTS

playbook runs succesfully
ACTUAL RESULTS

{"changed": false, "msg": "AnsibleUndefinedVariable: 'dict object' has no 
attribute 'eth0'"}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9c75ec4f-e9a8-4140-9817-059fa0b0723c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Inventory scripts: How to add debug info when run via Ansible?

2019-01-03 Thread Francis Santos 
Is this what you are looking for?

tasks:
  - name: enabling consul
service: name=consul enabled=yes state=started
when:
 - service: name=consul state=stopped
*register: results   ### stores output on a variable*
ignore_errors: yes

  - name: show results of disabling consul
*debug: msg={{ results }} ### shows that output when ansible is played*

  - name: logging the results
*shell: echo {{ results }} >> /var/log/fixing  ### saves that output in 
a log*

On Thursday, December 27, 2018 at 9:57:41 AM UTC-2, Jimmy Htor wrote:
>
> Hey,
>
> The way I see it you either output to STDOUT, which would make debug 
> output part of the inventory data, thus corrupt it. Or you output to STDERR 
> and Ansible will treat is as actual errors (and show it using red color).
>
> Is there another way to cleanly provide debug info during an Ansible run 
> besides writing to a file?
>
> Thx
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8f2e3dbf-77b1-4063-b511-1b7a982e0c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to Random Roles

2019-01-03 Thread Francis Santos 
I figured out.

I came with this:

*- hosts: "{{ (groups['foo'] | shuffle)[0:1] }}" * #THIS SCRIPT RANDOMS THE 
HOST
  become: true
  vars:
   - ansible_sudo_pass: ***
  roles:
   *- role: "{{ ['reboot','shutdown'] | random }}"*   #THIS SCRIPT RANDOMS 
THE ROLE

So I guess we can consider this issue solved.

Thanks anyways, guys

On Thursday, January 3, 2019 at 11:09:40 AM UTC-2, Francis Santos wrote:
>
> I gotta random both the hosts and the roles.
> I successfully randomed the hosts, but I not getting the roles to random.
> Here is what I got
>
> ---
> - hosts: "{{ (groups['foo'] | shuffle)[0:1] }}"
>   become: yes
>   vars:
>- ansible_sudo_pass: **
>  
> * roles:  *
> *   - reboot || shutdown*  
>
> Need a way to random a single role among all roles. In this example I have 
> a reboot and shutdown
>
> Any suggestions?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3b6e81cf-37ed-4562-ae6e-f53681aeb933%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to random roles

2019-01-03 Thread Francis Santos 
I figured out.

I came with this:

*- hosts: "{{ (groups['foo'] | shuffle)[0:1] }}" * #THIS SCRIPT RANDOMS THE 
HOST
  become: true
  vars:
   - ansible_sudo_pass: ***
  roles:
   *- role: "{{ ['reboot','shutdown'] | random }}"*   #THIS SCRIPT RANDOMS 
THE ROLE

So I guess we can consider this issue solved.

Thanks anyways, guys

On Wednesday, January 2, 2019 at 11:53:44 AM UTC-2, Francis Santos wrote:
>
> I gotta random both the hosts and the roles.
> I successfully randomed the hosts, but I not getting the roles to random.
> Here is what I got
>
> ---
> - hosts: "{{ (groups['foo'] | shuffle)[0:1] }}"
>   become: yes
>   vars:
>- ansible_sudo_pass: **
>   roles:  
>- reboot  #one of the roles are reboot, but there are a few more and 
> must be randomized
>
> Any suggestions?
> -- 
>
> Atenciosamente/ Regards/ Mit freundlichen Grüßen
>
>
> *_ **Frank Santos*
>
> Phone:
> skaven...@gmail.com 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/36faec7d-1b95-4640-8571-f3c8557dec92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to Random Roles

2019-01-03 Thread Francis Santos 
No, the picture is that the role is not on the hosts.
First I random a host (that script does that). 
Once a host is selected then the role is randomized.



On Thursday, January 3, 2019 at 11:09:40 AM UTC-2, Francis Santos wrote:
>
> I gotta random both the hosts and the roles.
> I successfully randomed the hosts, but I not getting the roles to random.
> Here is what I got
>
> ---
> - hosts: "{{ (groups['foo'] | shuffle)[0:1] }}"
>   become: yes
>   vars:
>- ansible_sudo_pass: **
>  
> * roles:  *
> *   - reboot || shutdown*  
>
> Need a way to random a single role among all roles. In this example I have 
> a reboot and shutdown
>
> Any suggestions?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7898d96d-fbb7-4b92-94f1-509faafef0aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to Random Roles

2019-01-03 Thread Karl Auer 
Are you trying to randomly select a role, randomly select a host, then run
the selected role on the selected host?

On Fri, Jan 4, 2019 at 12:09 AM Francis Santos  wrote:

> I gotta random both the hosts and the roles.
> I successfully randomed the hosts, but I not getting the roles to random.
> Here is what I got
>
> ---
> - hosts: "{{ (groups['foo'] | shuffle)[0:1] }}"
>   become: yes
>   vars:
>- ansible_sudo_pass: **
>
> * roles:  *
> *   - reboot || shutdown*
>
> Need a way to random a single role among all roles. In this example I have
> a reboot and shutdown
>
> Any suggestions?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6f35d604-d0bc-4b51-9e60-7d002064256a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Karl Auer

Email  : ka...@2pisoftware.com
Website: http://2pisoftware.com

GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08Sx2UA3xvJrmcnZLJN0-tX1-dLbNzLTALGHVwPoL4%3DB3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: win_chocolatey does not update programs/features list on the windows target os

2019-01-03 Thread Serge Zajac 
Hello,

 no problem is not really solved.
But as you mentionned, sometimes, list is updated, i have to check this
with my system admins team.
The package is a custom package and params in the chocolateyinstall.ps1 are
silentArgs= "/qn /norestart /l*v
`"$env:TEMP\chocolatey\$($packageName)\$($packageName).MsiInstall.log`""

Le mar. 1 janv. 2019 à 05:32, goforawalktwice  a
écrit :

> Hi, Did your problem get solved?  Another possibility is that if the
> account being used to install software is different to the one looking at
> "Programs and Features" / "Uninstall Programs" and that "ALLUSERS=1" (or
> some sort of equivalent) was not specified (either as an arg to win_package
> or baked into the .msi package itself as a default) then it won't show up.
> I've been caught out by this before.  Just a thought.
>
> On Saturday, December 15, 2018 at 2:02:58 AM UTC+13, Serge Zajac wrote:
>>
>> Hi cheers,
>>
>> When using win_chocolatey module to deploy a package, it install the
>> package but do not update programs/features list on the OS.
>> Installing directly with choco do not have this behaviour
>>
>> Is anyone can confirm this behaviour.
>>
>> Can it be a bug to report ?
>>
>> regards
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a80f3ca9-4d4a-44ab-9a0b-8c613105b2ca%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BEoK1qjuLef_SpEexuFv0p6jaunOLOpXJ5Bi6PWMfg4drktNg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to Random Roles

2019-01-03 Thread Francis Santos 
I gotta random both the hosts and the roles.
I successfully randomed the hosts, but I not getting the roles to random.
Here is what I got

---
- hosts: "{{ (groups['foo'] | shuffle)[0:1] }}"
  become: yes
  vars:
   - ansible_sudo_pass: **
 
* roles:  *
*   - reboot || shutdown*  

Need a way to random a single role among all roles. In this example I have 
a reboot and shutdown

Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6f35d604-d0bc-4b51-9e60-7d002064256a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to manage AWS resources by Ansible Without Access Keys and Secret Access Keys

2019-01-03 Thread S Saravanan 
Thank you Karl and Dick.



On Thursday, January 3, 2019 at 5:32:29 PM UTC+5:30, Karl Auer wrote:
>
> I have used the ec2 module a LOT on a build host with an instance policy 
> and have never had to include those two items. I simply omit them. The 
> module still works fine.
>
> So I think you CAN "just skip them"... as long as you have an appropriate 
> instance policy. And (obviously) as long as Ansible is executing the module 
> on the system with the instance policy!
>
> Regards, K.
>
>
> On Thu, Jan 3, 2019 at 3:35 PM Dick Visser  > wrote:
>
>>
>>
>> On Wed, 2 Jan 2019 at 17:56, S Saravanan > > wrote:
>>
>>> Thanks for your reply.
>>>
>>> I will create role with limited policy and check it.
>>>
>>> Even If we assign roles, how to write playbooks without access and 
>>> secret access keys , keys in variable file or export ACCESS_KEYS..etc.
>>>
>>> For below example, without keys variable, how ansible will communicate 
>>> AWS API ? 
>>>
>>> - name: create ec2 instance
>>>ec2:
>>> aws_access_key: ""   <-  without 
>>> this line
>>> aws_secret_key: "" <- without 
>>> this line
>>> image: ami-abcdefghi
>>> wait: yes
>>> instance_type: t2.micro
>>> group_id: security_group.group_id
>>> region: us-east-2
>>> count_tag:
>>>  Name: webserver
>>> exact_count: 1
>>>register: ec2
>>>
>>
>> Those two options are mandatory for the module to work, you cannot just 
>> skip them.
>> AWS provides you with temporary credentials based that give access to the 
>> iam policy the machine is assigned. 
>> You should be able to retrieve those from the instance’s metadata:
>>
>>
>> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
>>
>> When you have set up some (initially restricted, as Karl said) policy, I 
>> suggest using the ec2_metadata_facts module to find the temporary 
>> credentials:
>>
>> https://docs.ansible.com/ansible/2.4/ec2_metadata_facts_module.html
>>
>> Then simply refer to the appropriate keys in your ec2 task.
>>
>> Dick
>>
>>
>>
>> Regards,
>>> Saravanan S
>>>
>>> On Wednesday, January 2, 2019 at 5:10:21 PM UTC+5:30, Karl Auer wrote:

 It sounds as if you need to run ansible on an AWS instance, and create 
 an instance policy for the instance. Read up on instance policies in the 
 AWS doco.

 The simplest instance policy is just a role that gives the instance 
 AdministratorAccess, but depending on what you are planning to use Ansible 
 to do, that may be overkill. You should avoid giving an instance too much 
 power, just as you should avoid giving a user too much power.

 The big advantage of using an instance policy is that software on the 
 instance - like Ansible - can do anything the instance is allowed to do, 
 without having to worry about IAM users, access keys or secrets of any 
 kind 
 (although you will need to be able to log into the instance to do stuff).

 The other thing you can do is attach a limited instance policy first, 
 and change it later - any change to the role will be effective almost 
 immediately.

 Regards, K.

 On Wed, Jan 2, 2019 at 10:13 PM S Saravanan  
 wrote:

> Hi All,
>
> How can we manage AWS resources by Ansible without Access Keys and 
> Secret Access Keys ?  
> There is a requirement to use Ansible server to manage AWS, but should 
> not use access and secret keys for security policy in the project.
> We have to use only IAM role based access for this.  
> Which IAM role can be used ? what are the policies need to attached 
> with the role ?
>
> Please give some suggestions.
>
> Thank you in advance.
>
> Regards,
> Saravanan S
>
> -- 
> You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/0791a097-c8bf-457a-8ab7-ed307df1fc70%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


 -- 
 Karl Auer

 Email  : ka...@2pisoftware.com
 Website: http://2pisoftware.com

 GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
 Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA

>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To

Re: [ansible-project] How to manage AWS resources by Ansible Without Access Keys and Secret Access Keys

2019-01-03 Thread Karl Auer 
I have used the ec2 module a LOT on a build host with an instance policy
and have never had to include those two items. I simply omit them. The
module still works fine.

So I think you CAN "just skip them"... as long as you have an appropriate
instance policy. And (obviously) as long as Ansible is executing the module
on the system with the instance policy!

Regards, K.


On Thu, Jan 3, 2019 at 3:35 PM Dick Visser  wrote:

>
>
> On Wed, 2 Jan 2019 at 17:56, S Saravanan 
> wrote:
>
>> Thanks for your reply.
>>
>> I will create role with limited policy and check it.
>>
>> Even If we assign roles, how to write playbooks without access and secret
>> access keys , keys in variable file or export ACCESS_KEYS..etc.
>>
>> For below example, without keys variable, how ansible will communicate
>> AWS API ?
>>
>> - name: create ec2 instance
>>ec2:
>> aws_access_key: ""   <-  without this
>> line
>> aws_secret_key: "" <- without
>> this line
>> image: ami-abcdefghi
>> wait: yes
>> instance_type: t2.micro
>> group_id: security_group.group_id
>> region: us-east-2
>> count_tag:
>>  Name: webserver
>> exact_count: 1
>>register: ec2
>>
>
> Those two options are mandatory for the module to work, you cannot just
> skip them.
> AWS provides you with temporary credentials based that give access to the
> iam policy the machine is assigned.
> You should be able to retrieve those from the instance’s metadata:
>
>
> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
>
> When you have set up some (initially restricted, as Karl said) policy, I
> suggest using the ec2_metadata_facts module to find the temporary
> credentials:
>
> https://docs.ansible.com/ansible/2.4/ec2_metadata_facts_module.html
>
> Then simply refer to the appropriate keys in your ec2 task.
>
> Dick
>
>
>
> Regards,
>> Saravanan S
>>
>> On Wednesday, January 2, 2019 at 5:10:21 PM UTC+5:30, Karl Auer wrote:
>>>
>>> It sounds as if you need to run ansible on an AWS instance, and create
>>> an instance policy for the instance. Read up on instance policies in the
>>> AWS doco.
>>>
>>> The simplest instance policy is just a role that gives the instance
>>> AdministratorAccess, but depending on what you are planning to use Ansible
>>> to do, that may be overkill. You should avoid giving an instance too much
>>> power, just as you should avoid giving a user too much power.
>>>
>>> The big advantage of using an instance policy is that software on the
>>> instance - like Ansible - can do anything the instance is allowed to do,
>>> without having to worry about IAM users, access keys or secrets of any kind
>>> (although you will need to be able to log into the instance to do stuff).
>>>
>>> The other thing you can do is attach a limited instance policy first,
>>> and change it later - any change to the role will be effective almost
>>> immediately.
>>>
>>> Regards, K.
>>>
>>> On Wed, Jan 2, 2019 at 10:13 PM S Saravanan 
>>> wrote:
>>>
 Hi All,

 How can we manage AWS resources by Ansible without Access Keys and
 Secret Access Keys ?
 There is a requirement to use Ansible server to manage AWS, but should
 not use access and secret keys for security policy in the project.
 We have to use only IAM role based access for this.
 Which IAM role can be used ? what are the policies need to attached
 with the role ?

 Please give some suggestions.

 Thank you in advance.

 Regards,
 Saravanan S

 --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-proje...@googlegroups.com.
 To post to this group, send email to ansible...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/0791a097-c8bf-457a-8ab7-ed307df1fc70%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>> --
>>> Karl Auer
>>>
>>> Email  : ka...@2pisoftware.com
>>> Website: http://2pisoftware.com
>>>
>>> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
>>> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>>