Re: [ansible-project] Trouble integrating custom module_utils module

2019-01-14 Thread Andrei Pashkin 
That makes it clear, thanks a lot!

On Tuesday, January 15, 2019 at 1:24:38 AM UTC+3, Matt Martz wrote:
>
> We do not currently support importing custom module_utils from anything 
> other than a module.  As such, no other custom plugin types can import from 
> a custom module_utils.
>
> See https://github.com/ansible/ansible/issues/28770
>
> On Mon, Jan 14, 2019 at 4:00 PM Andrei Pashkin  > wrote:
>
>> Hello!
>>
>> I tried to write a custom module_utils module, I set up everything 
>> according to the docs, but for some reason I get an error:
>>
>>> Skipping plugin (...) as it seems to be invalid: No module named ...
>>
>>
>> I've isolated the problem in a small project:
>> https://github.com/AndreiPashkin/ansible-test
>>
>> To reproduce the issue it's enough to have Ansible installed and then 
>> execute "run.sh"
>>
>> Can someone please look into it?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/eba65537-7514-477d-bb7e-98c48374f4d5%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9c46d0bc-3e72-4be2-b06b-e3e24a4e83a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Beginner, can't complete this step

2019-01-14 Thread boncalo mihai 
Work like a charm! Thank you!

On Tue, Jan 15, 2019 at 12:51 AM James Cassell
 wrote:
>
>
>
> On Mon, Jan 14, 2019, at 5:44 PM, boncalo mihai wrote:
> > Hi
> > Sorry , this must be to easy for you but I can't figure it out. I was
> > following some ansible video  tutorials and I can't go further because
> > of some errors
> >
> > ansible all -m user -a name=linda
> > ansible3 | FAILED! => {
> > "changed": false,
> > "msg": "useradd: Permission denied.\nuseradd: cannot lock
> > /etc/passwd; try again later.\n",
> > "name": "linda",
> > "rc": 1
> > }
> > ansible4 | FAILED! => {
> > "changed": false,
> > "msg": "useradd: Permission denied.\nuseradd: cannot lock
> > /etc/passwd; try again later.\n",
> > "name": "linda",
> > "rc": 1
> > }
> > ansible2 | FAILED! => {
> > "changed": false,
> > "cmd": "/sbin/useradd -m linda",
> > "msg": "[Errno 13] Permission denied",
> > "rc": 13
> > }
> > ansible1 | FAILED! => {
> > "changed": false,
> > "cmd": "/sbin/useradd -m linda",
> > "msg": "[Errno 13] Permission denied",
> > "rc": 13
> >
> >
> > I'm trying to add an user on 4 machines.
> > -created project directory
> > -created ansible.cfg file with this content:
> > [defaults]
> > remote_user = ansible
> > host_key_checking = false
> > inventory = inventory
> >
> > [priviledge_escalation]
>
> Try priviledge_escalation -> privilege_escalation
>
> V/r,
> James Cassell
>
> > become = True
> > become_method = sudo
> > become_user = root
> > become_ask_pass = False
> > -created inventory file:
> > [all]
> > ansible1
> > ansible2
> > ansible3
> > ansible4
> >
> > -user ansible was created on all machines and has sudo access
> > -ssh-copy-id was used for all machines
> > -all machines are in /etc hosts with the name from inventory file
> >
> > From what I see, ansible is trying to add the user without becoming root
> > Adding user or becoming root works without any issue
> >
> > Thank you,
> > Mihai.
> >
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/1547506254.3074073.1634602840.220124BD%40webmail.messagingengine.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOK917TqHith9oxaZAacaD3TcW481xNMyqrnZ5F655UYR_QCqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Beginner, can't complete this step

2019-01-14 Thread James Cassell 



On Mon, Jan 14, 2019, at 5:44 PM, boncalo mihai wrote:
> Hi
> Sorry , this must be to easy for you but I can't figure it out. I was
> following some ansible video  tutorials and I can't go further because
> of some errors
> 
> ansible all -m user -a name=linda
> ansible3 | FAILED! => {
> "changed": false,
> "msg": "useradd: Permission denied.\nuseradd: cannot lock
> /etc/passwd; try again later.\n",
> "name": "linda",
> "rc": 1
> }
> ansible4 | FAILED! => {
> "changed": false,
> "msg": "useradd: Permission denied.\nuseradd: cannot lock
> /etc/passwd; try again later.\n",
> "name": "linda",
> "rc": 1
> }
> ansible2 | FAILED! => {
> "changed": false,
> "cmd": "/sbin/useradd -m linda",
> "msg": "[Errno 13] Permission denied",
> "rc": 13
> }
> ansible1 | FAILED! => {
> "changed": false,
> "cmd": "/sbin/useradd -m linda",
> "msg": "[Errno 13] Permission denied",
> "rc": 13
> 
> 
> I'm trying to add an user on 4 machines.
> -created project directory
> -created ansible.cfg file with this content:
> [defaults]
> remote_user = ansible
> host_key_checking = false
> inventory = inventory
> 
> [priviledge_escalation]

Try priviledge_escalation -> privilege_escalation

V/r,
James Cassell

> become = True
> become_method = sudo
> become_user = root
> become_ask_pass = False
> -created inventory file:
> [all]
> ansible1
> ansible2
> ansible3
> ansible4
> 
> -user ansible was created on all machines and has sudo access
> -ssh-copy-id was used for all machines
> -all machines are in /etc hosts with the name from inventory file
> 
> From what I see, ansible is trying to add the user without becoming root
> Adding user or becoming root works without any issue
> 
> Thank you,
> Mihai.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1547506254.3074073.1634602840.220124BD%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Beginner, can't complete this step

2019-01-14 Thread boncalo mihai 
Hi
Sorry , this must be to easy for you but I can't figure it out. I was
following some ansible video  tutorials and I can't go further because
of some errors

ansible all -m user -a name=linda
ansible3 | FAILED! => {
"changed": false,
"msg": "useradd: Permission denied.\nuseradd: cannot lock
/etc/passwd; try again later.\n",
"name": "linda",
"rc": 1
}
ansible4 | FAILED! => {
"changed": false,
"msg": "useradd: Permission denied.\nuseradd: cannot lock
/etc/passwd; try again later.\n",
"name": "linda",
"rc": 1
}
ansible2 | FAILED! => {
"changed": false,
"cmd": "/sbin/useradd -m linda",
"msg": "[Errno 13] Permission denied",
"rc": 13
}
ansible1 | FAILED! => {
"changed": false,
"cmd": "/sbin/useradd -m linda",
"msg": "[Errno 13] Permission denied",
"rc": 13


I'm trying to add an user on 4 machines.
-created project directory
-created ansible.cfg file with this content:
[defaults]
remote_user = ansible
host_key_checking = false
inventory = inventory

[priviledge_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
-created inventory file:
[all]
ansible1
ansible2
ansible3
ansible4

-user ansible was created on all machines and has sudo access
-ssh-copy-id was used for all machines
-all machines are in /etc hosts with the name from inventory file

>From what I see, ansible is trying to add the user without becoming root
Adding user or becoming root works without any issue

Thank you,
Mihai.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOK917TnOmXeLrebDA9ueW0RLQUnUNpAOMw56AZYx2U2eJWXow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Trouble integrating custom module_utils module

2019-01-14 Thread Matt Martz 
We do not currently support importing custom module_utils from anything
other than a module.  As such, no other custom plugin types can import from
a custom module_utils.

See https://github.com/ansible/ansible/issues/28770

On Mon, Jan 14, 2019 at 4:00 PM Andrei Pashkin 
wrote:

> Hello!
>
> I tried to write a custom module_utils module, I set up everything
> according to the docs, but for some reason I get an error:
>
>> Skipping plugin (...) as it seems to be invalid: No module named ...
>
>
> I've isolated the problem in a small project:
> https://github.com/AndreiPashkin/ansible-test
>
> To reproduce the issue it's enough to have Ansible installed and then
> execute "run.sh"
>
> Can someone please look into it?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/eba65537-7514-477d-bb7e-98c48374f4d5%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8wnQZPn7MAiiUgZJV_JeCY6SOhS5d0c%3D%3DHahF%3DSEiCZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Trouble integrating custom module_utils module

2019-01-14 Thread Andrei Pashkin 
Hello!

I tried to write a custom module_utils module, I set up everything 
according to the docs, but for some reason I get an error:

> Skipping plugin (...) as it seems to be invalid: No module named ...


I've isolated the problem in a small project:
https://github.com/AndreiPashkin/ansible-test

To reproduce the issue it's enough to have Ansible installed and then 
execute "run.sh"

Can someone please look into it?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eba65537-7514-477d-bb7e-98c48374f4d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to import/load env/ini file that is located in file on the Remote/Target server?

2019-01-14 Thread Hugo Gonzalez 

Hi Chaz,

On 1/14/19 11:02 AM, Chaz_E wrote:

I like the idea of this suggestion.
Is local-facts-facts-d 
 usable 
as Non-Root?


They come up as part of the dictionary returned by the setup module 
as*ansible_local,* so yes.


Can facts be loaded from the user's $HOME/.ansible/ , like 
$HOME/.ansible/facts.d or something like that?

I see for windows there is fact_path does that work for Linux?

Reading 
https://docs.ansible.com/ansible/2.4/intro_configuration.html#fact-path 
it has precisely that use case (a user's HOME). I don't see that it 
should not work for Linux. You should try it on a host and see.


Now, back to what you're trying to do. Your variable file is almost an 
INI file, it just needs a section.


I was curious, so I tried something like what you're trying to do:

[root@gladys facts.d]# pwd
*/etc/ansible/facts.d*

[root@gladys facts.d]# ls -l
total 4***-rwxr-xr-x. 1 root root 106 Jan 14 18:47 factfile.fact*

[root@gladys facts.d]# cat factfile.fact
*#!/bin/bash# An ini file must have a sectionecho '[general]'cat 
/home/management/thishasvariables.txt*

[root@gladys facts.d]# ls -l /home/management/thishasvariables.txt***-rw-r--r--. 1 management management 11 Jan 14 18:48 
/home/management/thishasvariables.txt*


[root@gladys facts.d]# cat /home/management/thishasvariables.txt
*spam=eggs*


my_user@mybox:~$ ansible -u management -i 'gladys, ' all -m setup  -a 
"filter=ansible_local"
*gladys | SUCCESS => {"ansible_facts": {"ansible_local": {"factfile": {"general": 
{"spam": "eggs"}}}}, "changed": false}*



This works. Whether it is secure or not, that's a different matter, it does 
take a user-supplied file and present it as facts for the host.
Cheers,

Hugo









--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b0d9fb18-f3a0-8460-b792-3610857222f1%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] foo.changed vs foo|changed

2019-01-14 Thread Jason Gilfoil 
Thanks for the full and complete answer!

On Monday, January 14, 2019 at 11:54:14 AM UTC-5, Matt Martz wrote:
>
> There is a difference, in fact the preferred syntax is actually `when: foo 
> is changed`
>
> There is no guarantee that the attribute will exist on a returned object.  
> In addition to handling a non existent key/attribute, the changed test also 
> has some more complex logic, where it will look into a sub-key called 
> `results` too.
>
> Historically we did not have jinja tests, which is what the `foo is 
> changed` represents, so we registered them as filters (`foo|changed`).  We 
> are deprecating using tests as filters, which is why the `is` syntax is 
> preferred there.
>
> On Mon, Jan 14, 2019 at 10:20 AM Jason Gilfoil  > wrote:
>
>> It's unfortunately exceedingly difficult to search for "|" in most search 
>> engines, so finding info about this was not fruitful.
>>
>> My question is, is there a difference between foo.changed and 
>> foo|changed, especially used in a "when:" parameter?
>>
>> If there's no difference, what's the preferred syntax?
>>
>> Thanks!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/20d7b6d0-99af-47b9-847c-92f4388224de%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/177deb15-7b9f-4678-8a19-5a0a0e46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible s3_sync to upload multiple files

2019-01-14 Thread Kishore Ponniah 
Hi All,

I am trying to upload multiple yaml cloudformation templates to a s3 bucket 
using s3_sync. I have created a task in the playbook, looks like the tasks 
completed successfully but the file is not uploaded. Can someone please 
advise whether s3_sync is the proper method? If yes, can someone please 
help me identify what I have missed. Please find my playbook below:

*Playbook*
- name: upload files rxgt-ps-cross-account-s3-sync
  s3_sync:
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
bucket: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-s3-sync'].params.bucket
 
}}"
file_root: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-s3-sync'].params.file_root
 
}}"
mode: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-s3-sync'].params.mode
 
}}"
file_change_strategy: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-s3-sync'].params.file_change_strategy
 
}}"
permission: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-s3-sync'].params.permission
 
}}"
  loop: "{{ 
assumed_roles_with_account_config.results|subelements('account_config.regions', 
skip_missing=True) }}"
  loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{ 
account_config.1 }}"
  tags:
rxgt-ps-identity-stack-deploy

*Account_config file*

  stacks:
rxgt-ps-cross-account-s3-sync:
  params:
bucket: xxx-xx-xxx-eu-west-1-xx
file_root: /xxx--xplatform/ansible/files/
mode: push
file_change_strategy: date_size
permission: public-read

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8bb0c0d4-6dea-421d-bb34-9c19d6d42b05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to import/load env/ini file that is located in file on the Remote/Target server?

2019-01-14 Thread Chaz_E 
I like the idea of this suggestion.
Is local-facts-facts-d 

 usable 
as Non-Root?
Can facts be loaded from the user's $HOME/.ansible/ , like 
$HOME/.ansible/facts.d or something like that?
I see for windows there is fact_path does that work for Linux?

Regards,
-Chaz

On Thursday, January 10, 2019 at 4:26:28 PM UTC-5, goforawalktwice wrote:
>
> you could use fetch module first to get from remote to local, then use 
> with_ini
>
> But on the face of it it does look like a file that should be source 
> controlled/with the ansible playbooks/roles etc
>
>
> On Friday, January 11, 2019 at 9:56:35 AM UTC+13, Hugo Gonzalez wrote:
>>
>> Hello Chaz,
>> On 1/10/19 11:00 AM, Chaz_E wrote:
>>
>> QUESTION: How can we load or import an env/ini file that is located in 
>> a file on the Remote/Target server?
>>
>> GOAL:
>> We have an env/ini file on the remote/target server.
>> We want to read in that file and use the values as variables for the 
>> tasks on that machine. 
>> ( FYI: Our process does not allow for saving these variables in the 
>> Inventory - even though that would be nice. )
>>
>> Here is an example of what our ini/env file looks like:
>> Path: /devops/properties/Admin.properties
>> username = FooAdmin
>> password = bar123XYZ
>> activate = no
>> (Basically property format or ini format without any sections)
>>
>> Can't you link/transform your file to be a local facts file? Take a look 
>> at 
>>
>>
>> https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#local-facts-facts-d
>>
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a8d77220-c62c-4045-a591-950c37ed6779%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] S3 error: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4

2019-01-14 Thread Kishore Ponniah 
Thanks, Karl. I have moved forward by creating an un-encrypted bucket and 
mark this case as resolved. 

On Saturday, January 12, 2019 at 10:17:53 PM UTC, Karl Auer wrote:
>
> I haven't done this myself, so everything I say may be wrong. The 
> following is just from reading some doco and general experience.
>
> Make sure you are running the latest and greatest versions of everything. 
> In particular, the boto3 library. I don't know how to check that, but 
> someone else here will. v4 keys have been around for a couple of years, so 
> if you installed Ansible recently you should probably have the required 
> versions.
>
> Make sure you explicitly specify v4 keys when creating objects.
>
> I would be looking at (probably) the values you are passing in to 
> template_parameters.
>
> It might also we worth seeing if you can create the desired change set 
> manually, either via the console or via the AWS CLI, just to check you 
> really do have the parameters right.
>
> Regards, K.
>
>
> On Sun, Jan 13, 2019 at 12:40 AM Kishore Ponniah  > wrote:
>
>> Hi Karl,
>>
>> Please find the playbook below:
>>
>> - name: create 
>> rxgt-ps-cross-account-iam-atlas-developer-roles changeset
>>   cloudformation:
>> stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
>> state: present
>> region: "{{ account_config.1 }}"
>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>> security_token: "{{ account_config.0.sts_creds.session_token }}"
>> create_changeset: true
>> changeset_name: "{{ cf_changeset_name }}"
>> template_url: "
>> https://s3-eu-west-1.amazonaws.com//cloudformation/xx-developer-roles.yaml
>> "
>> template_parameters: "{{ 
>> account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
>>  
>> }}"
>> termination_protection: no
>> tags: "{{ global_tags | 
>> combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
>>  
>> recursive=True) }}"
>>   loop: "{{ 
>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>  
>> skip_missing=True) }}"
>>   loop_control:
>> loop_var: account_config
>> label: "{{ account_config.0.account_config.account_alias }}:{{ 
>> account_config.1 }}"
>>   tags:
>> rxgt-ps-identity-stack-deploy
>>
>> - name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
>>   cloudformation:
>> stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
>> state: present
>> region: "{{ account_config.1 }}"
>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>> security_token: "{{ account_config.0.sts_creds.session_token }}"
>> create_changeset: false
>> changeset_name: "{{ cf_changeset_name }}"
>> template_url: "
>> https://s3-eu-west-1.amazonaws.com//cloudformation/xx-developer-roles.yaml
>> "
>> template_parameters: "{{ 
>> account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
>>  
>> }}"
>> termination_protection: no
>> tags: "{{ global_tags | 
>> combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
>>  
>> recursive=True) }}"
>>   loop: "{{ 
>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>  
>> skip_missing=True) }}"
>>   loop_control:
>> loop_var: account_config
>> label: "{{ account_config.0.account_config.account_alias }}:{{ 
>> account_config.1 }}"
>>   when: with_stack_deploy
>>   tags:
>> rxgt-ps-identity-stack-deploy
>>
>> ===
>> Error:
>>
>> TASK [create rxgt-ps-cross-account-iam-atlas-developer-roles changeset] 
>> 
>> An exception occurred during task execution. To see the full traceback, 
>> use -vvv. The error was: For more information check 
>> http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
>> "Failed to create change set: : An error occurred 
>> (ValidationError) when calling the CreateChangeSet operation: S3 error: 
>> Requests specifying Server Side Encryption with AWS KMS managed keys 
>> require AWS Signature Version 4.\nFor more information check 
>> http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html"}
>>
>> Thanks
>> Kishore
>>
>>
>> On Friday, January 11, 2019 at 9:45:17 PM UTC, Karl Auer wrote:
>>>
>>> You need to provide the actual playbook and the actual error. Use a 
>>> fixed-width font when posting the playbook.
>>>
>>> On Sat,

Re: [ansible-project] foo.changed vs foo|changed

2019-01-14 Thread Matt Martz 
There is a difference, in fact the preferred syntax is actually `when: foo
is changed`

There is no guarantee that the attribute will exist on a returned object.
In addition to handling a non existent key/attribute, the changed test also
has some more complex logic, where it will look into a sub-key called
`results` too.

Historically we did not have jinja tests, which is what the `foo is
changed` represents, so we registered them as filters (`foo|changed`).  We
are deprecating using tests as filters, which is why the `is` syntax is
preferred there.

On Mon, Jan 14, 2019 at 10:20 AM Jason Gilfoil  wrote:

> It's unfortunately exceedingly difficult to search for "|" in most search
> engines, so finding info about this was not fruitful.
>
> My question is, is there a difference between foo.changed and foo|changed,
> especially used in a "when:" parameter?
>
> If there's no difference, what's the preferred syntax?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/20d7b6d0-99af-47b9-847c-92f4388224de%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8Z7CP%2BGDHPqeGDSXy3H6aFsxxktuyS%3DW2j7RS1wkD69A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] foo.changed vs foo|changed

2019-01-14 Thread Jason Gilfoil 
It's unfortunately exceedingly difficult to search for "|" in most search 
engines, so finding info about this was not fruitful.

My question is, is there a difference between foo.changed and foo|changed, 
especially used in a "when:" parameter?

If there's no difference, what's the preferred syntax?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20d7b6d0-99af-47b9-847c-92f4388224de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Capture the stdout result in a variable, using regex and pass it to the next task

2019-01-14 Thread Saranya Nagaraj 
Thankyou Kai Stian , that worked !

On Jan 10, 2019 11:31 PM, "Kai Stian Olstad" <
ansible-project+l...@olstad.com> wrote:

On Thursday, 10 January 2019 18:48:19 CET Saranya N wrote:
> One task in my playbook produces output sample of different types like
below
>
>
> stdout_lines
>
> ex: 1
>
> [
> "_ _ _"
> "farm/dt-tk-1/env: agent_tcp"
> ]
>
> ex: 2
>
>
> [
> "_ _ _"
> "test/xc-yh-1/qa: agent_tcp"
> ]
>
>
> etc
>
>
> I need to capture the second line regex:
>
> test/xc-yh-1/qa
>
> farm/dt-tk-1/env
>
> I need to capture the above part. Im aware I can use set_fact with regex
> but Im having difficulty in forming regex. Can someone kindly help

You don't need any regexp, just add this to your stdout_lines

  .stdout_lines.1.split(':').0

-- 
Kai Stian Olstad


-- 
You received this message because you are subscribed to a topic in the
Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/ansible-project/A6S4hbCGqZI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/ansible-project/2330303.j3Vt51A68T%40x1.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPYop%2Bg5vNL4znsNRDjUvSsRnz%2Bc1CPb8RxnG%3DioDRD-sWUbWw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible git uri

2019-01-14 Thread JS 
Hello

Just wanted to let you know this has now been solved. Did not realise 
--data could be passed in as the body.

E.g from SO:

curl -k -X POST https://mylink/action -d username=admin


- uri:
url: https://your.form.based.auth.example.com/index.php
method: POST
body: "name=your_username=your_password=Sign%20in"
status_code: 302
headers:
  Content-Type: "application/x-www-form-urlencoded"
  register: login


body is similar to --data.



So in my case, 

curl --request POST --header "PRIVATE-TOKEN: " --header 
"Content-Type: 
application/json" --data '{"title": "My deploy key", "key": "ssh-rsa 
...", "can_push": "true"}' "https://gitlab.example.com/
api/v4/projects/5/deploy_keys/"

became this:

- name: Deploy SSH Key to New Project
  uri:
url: "https://gitlab.example.com/api/v4/projects/5/deploy_keys/;
method: POST
body_format: json
body:
  title: "My deploy key"
  key: "ssh-rsa ..."
  can_push: "true"
headers:
  PRIVATE-TOKEN: "{{ gitlab_private_token }}"
  Content-Type: application/json
status_code: 201



Regards
Jinal

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a49efdb8-4f6e-4311-b856-33ec88b1fec7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Issuing creating domain users with module win_dsc and resource xADuser parsing pscredentials

2019-01-14 Thread java_cat33 
Thanks, Jordan - I tried your suggestion for the username and password 
parameter 

Password_username: "{{ item.user }}"
Password_password: "{{ testuser_pwd }}" # This is stored in secrets.yml - 
encrypted via Vault

New error is:

"module_stderr": "Exception calling \"Add\" with \"2\" argument(s): \"Item 
has already been added. \r\nKey in dictionary: 'Password'  Key being added: 
'Password'\"\r\nAt line:229 char:13\r\n+
 $config.Property.Add($key.Replace(\"_username\",\"\"),$KeyVal ...\r\n+
 ~\r\n+ 
CategoryInfo  : NotSpecified: (:) [], ParentContainsErrorRecordE 
\r\n   xception\r\n+ FullyQualifiedErrorId : ArgumentException\r\n 
\r\n\r\n",

Setting parameter "Password_username" bombed out with a different error 
of.

""module_stderr": "New-Object : Exception calling \".ctor\" with \"2\" 
argument(s): \"Cannot process \r\nargument because the value of argument 
\"userName\" is not valid. Change the \r\nvalue of the \"userName\" 
argument and run the operation again.\"\r\nAt line:228 char:25\r\n+ ... 
$KeyValue = New-Object System.Management.Automation.PSCredential ($Pr 
...\r\n+
 ~\r\n+ 
CategoryInfo  : InvalidOperation: (:) [New-Object], MethodInvoca 
\r\n   tionException\r\n+ FullyQualifiedErrorId : 
ConstructorInvokedThrowException,Microsoft.Power \r\n  
 Shell.Commands.NewObjectCommand\r\n \r\n\r\n","

Prior to trying this module, I was trying to use win_domain_user module - 
however, I strike a different issue with this. It creates a user in AD but 
fails to set the password even though I can confirm the password meets 
policy requirements (complexity, length, history etc). I confirmed this via 
creating the account via PS, manually and also writing the password to a 
txt file via Ansible.

In addition, even after returning the attributes of a newly created user it 
reports "server is not operational"

The code I used was.

 - name: create new test accounts (dev + test env) 
   win_domain_user:
 name: "{{ item.user }}"
 firstname:  "{{ item.user }}"
 groups_action:  add
 state:  present
 enabled:  yes
 path: "ou=employees,dc=domain,dc=test"
 password: "{{ testuser_pwd | quote }}" # this is stored in secrets.yml 
- encrypted via vault
 password_never_expires: yes
 user_cannot_change_password:  yes
 upn:  "{{ item.upn }}"
 groups: "{{ item.groups }}" 
   loop :  "{{ testers }}" #definted in group_vars

 *   "msg": "The server is not operational",*
*"password_updated": true,*

The groups also aren't added to the user (these are defined in a 
list) this is stored in group_vars

testers:
- user: test1
groups: 
- group1
- group2
description: 'tester'
upn: te...@domain.test


On Monday, January 14, 2019 at 5:16:36 PM UTC+13, Jordan Borean wrote:
>
> Looking at the code, it seems like the Password option is actually of the 
> type PSCredential and not just a SecureString 
> https://github.com/PowerShell/xActiveDirectory/blob/dev/DSCResources/MSFT_xADUser/MSFT_xADUser.psm1#L101.
>  
> This means that you need to setup the Password like you any other 
> PSCredential field by setting Password_username and Password_password. The 
> module win_dsc scans each property for the expected type and tries to cast 
> the input value from Ansible to what it expects but in the case of a 
> PSCredential we need to know both the username and password to create it. 
> You can see this in the warning message when it says it failed to convert 
> Password (System.String) to a PSCredential.
>
> I'm not sure why a Password field is expecting the full credential so 
> maybe you can set 'Password_username' as an empty string or set it to the 
> same value as 'UserName'. This is more a question for the actual module 
> itself as we have no control over this.
>
> On a side note, we do have the win_domain_user module 
> https://docs.ansible.com/ansible/latest/modules/win_domain_user_module.html 
> and from a glance it should give you what you need without relying on the 
> DSC resource.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/aa3db594-3ff7-4a59-8138-dabc0d8d30e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.