Re: [ansible-project] installing windows updates on windows hosts

[David Foley]

Again you seem to be missing vaules 


reboot: yes
When: """ 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/719f19da-9014-4fde-beaa-d97fc617%40googlegroups.com.

Re: [ansible-project] installing windows updates on windows hosts

[David Foley]

Also appears you are missing the Tasks: element in your playbook

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e144217-99a6-4ee1-b03c-7da997a244e3%40googlegroups.com.

Re: [ansible-project] installing windows updates on windows hosts

[harry devine]

Your “hosts” line needs to be before the - name line.

Harry

On Wed, May 13, 2020 at 6:37 PM Tony Wong  wrote:

> ---
> - name: Install all critical and security updates
>   hosts: all
>   win_updates:
> category_names:
> - CriticalUpdates
> - SecurityUpdates
> state: installed
>   register: update_result
>
> - name: Reboot host if required
>   win_reboot:
>   when: update_result.reboot_required
>
>
>
>
> but getting this
>
>
> ERROR! 'win_updates' is not a valid attribute for a Play
>
> The error appears to be in
> '/home/tony/windows/install_windows_updates.yml': line 2, column 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
> - name: Install all critical and security updates
>   ^ here
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ad2e6e39-2858-42dc-836a-9edb29f22736%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CALYKJ24mh2PodagyQFM%3DtezR_Mhde0roun5wQi%2B3NPFxa79_pg%40mail.gmail.com.

[ansible-project] installing windows updates on windows hosts

[Tony Wong]

---
- name: Install all critical and security updates
  hosts: all
  win_updates:
category_names:
- CriticalUpdates
- SecurityUpdates
state: installed
  register: update_result

- name: Reboot host if required
  win_reboot:
  when: update_result.reboot_required




but getting this


ERROR! 'win_updates' is not a valid attribute for a Play

The error appears to be in 
'/home/tony/windows/install_windows_updates.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- name: Install all critical and security updates
  ^ here

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ad2e6e39-2858-42dc-836a-9edb29f22736%40googlegroups.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Dick Visser]

On Wed, 13 May 2020 at 19:44, Scott Fella  wrote:
>
> Okay, this is what I have now that is working, but can I simplify the when?
>
> ---
> - name: search_snmp # delete ime snmp ro string from wlc used in 
> {{ansible_play_name}}
>   hosts: all #wlc:london:sydney:!hawaii:!*5501
>   no_log: no
>   gather_facts: no
>   strategy: free
>   vars:
> oldSnmp:
>   - a
>   - b
>   - c
>   - d
>
>   tasks:
>   - name: validate all current snmp string
> aireos_command:
>commands:
>   - show snmpcommunity
> register: preOutputSummary

Add these tasks:

- set_fact:
matches: "{{ matches|default('') +
preOutputSummary.stdout_lines | regex_search(item + '\\s+.*\\n') }}"
  loop: "{{ oldSnmp }}"

- copy:
dest: "./{{ ansible_play_name }}_output.txt"
content: "{{ matches }}"




This should give this result:

xx  0.0.0.0 0.0.0.0
   Read Only   Enable
yy  0.0.0.0 0.0.0.0
   Read Only   Enable
zz  0.0.0.0 0.0.0.0
   Read Only   Enable






-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwOBGoq6kEJQoYZg5-mEN4UHj1ZAWMuPobukmHwLrb8D%2BA%40mail.gmail.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Scott Fella]

Vladimir,

I'm a bit confused on how I can use the register: preOutputSummary in the 
set_facts search.  My output when running the command: show snmpcommunity 
outputs this:

IPSec mode: Disabled / Profile: none

SNMP Community Name Client IP Address   Client IP 
MaskAccess Mode Status
--- - 
  - --- 
**  10.200.250.0 
255.255.255.0 Read/Write  Enable
**  10.100.10.208   
10.100.10.208Read/Write  Enable
xx0.0.0.0  
0.0.0.0   Read Only   Enable
yy0.0.0.0  
0.0.0.0   Read Only   Enable
zz0.0.0.0  
0.0.0.0   Read Only   Enable

I do understand what you posted in regard to the test, but don't know how 
to integrate your feedback to my playbook.

-Scott

On Wednesday, 13 May 2020 13:27:21 UTC-7, Vladimir Botka wrote:
>
> On Wed, 13 May 2020 10:44:18 -0700 (PDT) 
> Scott Fella > wrote: 
>
> > ... can I simplify the when? 
> > (when one of the items in the list is found in the output?) 
>
> It's possible to create a list of the "search" results and use the test 
> "any". For example the playbook 
>
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#testing-strings
>  
>
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#test-if-a-list-contains-a-value
>  
>
> shell> cat pb.yml 
> - hosts: localhost 
>   vars: 
> my_output: "aa bb cc" 
> my_list: [aa, bb, xx] 
>   tasks: 
> - set_fact: 
> my_search: "{{ my_search|default([]) + 
>[my_output is search(item)] }}" 
>   loop: "{{ my_list }}" 
> - debug: 
> var: my_search 
> - debug: 
> msg: Write to file 
>   when: my_search is any 
>
> gives 
>
> "my_search": [ 
> true, 
> true, 
> false 
> ] 
>
> "msg": "Write to file" 
>
> HTH, 
>
> -vlado 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/67c274ba-2809-4103-b84a-83401647060c%40googlegroups.com.

Re: [ansible-project] Re: Ansible unable to run command by becoming other user and using sudo

[Luca 'remix_tj' Lorenzetto]

On Wed, May 13, 2020 at 5:58 PM Zayed Mahmud  wrote:
>
> Hi Luca, thanks for replying. Here's the data you requested:
>
> Here's the output of 'sudo -l' for user1:
> [user1@server1 ~]$ sudo -l
> Matching Defaults entries for user1 on server1:
> !visiblepw, always_set_home, match_group_by_gid, 
> always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME
> HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG 
> LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
> LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY 
> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
> env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", 
> secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
>
> User user1 may run the following commands on server1:
> (ALL) NOPASSWD: /bin/su - admin1
> [user1@server1 ~]$


The entry is saying that your user can run as any other user of the
system the command su - admin1. Looks to me as formally wrong.
Additionally is not the right command for a new interactive session,
you should use: sudo -u admin1 -i

You're are allowing only to do sudo su - admin1 without passowrd. As
far as i know is not what ansible does when you do become.

AFAIK ansible runs something similar to this:

echo BECOME-SUCCESS-sjsscfneygqfcntttkcomefpxnbkzumb; /bin/command --options

you can see with ansible -

It's difficult to create a single entry for this, so try first with (not tested)

user1 ALL: (admin1) NOPASSWD: ALL

To allow user1 to run any command as admin1 with sudo (sudo -u admin1
somecommand) without password.

This should work.

Luca



-- 
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKuX69oqdAfUWoAiC75U8tT46oYbr9URp2NKr6Cmn%3Dj1Tiy%2BCg%40mail.gmail.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Vladimir Botka]

On Wed, 13 May 2020 10:44:18 -0700 (PDT)
Scott Fella  wrote:

> ... can I simplify the when?
> (when one of the items in the list is found in the output?)

It's possible to create a list of the "search" results and use the test
"any". For example the playbook
https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#testing-strings
https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#test-if-a-list-contains-a-value

shell> cat pb.yml
- hosts: localhost
  vars:
my_output: "aa bb cc"
my_list: [aa, bb, xx]
  tasks:
- set_fact:
my_search: "{{ my_search|default([]) +
   [my_output is search(item)] }}"
  loop: "{{ my_list }}"
- debug:
var: my_search
- debug:
msg: Write to file
  when: my_search is any

gives

"my_search": [
true,
true,
false
]

"msg": "Write to file"

HTH,

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200513222656.79dee958%40gmail.com.


pgpn2ZzCd2VBy.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Scott Fella]

Okay, this is what I have now that is working, but can I simplify the when?

---
- name: search_snmp # delete ime snmp ro string from wlc used in 
{{ansible_play_name}}
  hosts: all #wlc:london:sydney:!hawaii:!*5501
  no_log: no
  gather_facts: no
  strategy: free
  vars:
oldSnmp:
  - a
  - b
  - c
  - d

  tasks:
  - name: validate all current snmp string
aireos_command:
   commands:
  - show snmpcommunity
register: preOutputSummary

  - name: write output to a file if snmp if found
lineinfile:
  path: ./{{ansible_play_name}}_output.txt
  line: 
"{{inventory_hostname}}\n\n{{preOutputSummary.stdout_lines[0]|join('\n')}}\n"
  insertafter: eof
  create: yes
when: 
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[0]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[1]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[2]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[3]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[4]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[5]}}") or
  preOutputSummary.stdout[0] | regex_search(".*{{oldSnmp[6]}}")

On Wednesday, 13 May 2020 08:19:20 UTC-7, Dick Visser wrote:
>
> Is there any chance you can have a single var that is a list for those 
> strings? 
> I.e.: 
>
> snmp_strings: 
>   - a 
>   - b 
>   - cc 
>
>
>
> On Wed, 13 May 2020 at 16:25, Scott Fella > 
> wrote: 
> > 
> > Here is a sample output when I run a show snmpcommunity.  The one with 
> '*' are hashed and read-only, so I will not be able to match on those, it 
> is the read-only strings i'm worried about. 
> > 
> > rusred991c55p1 
> > 
> > IPSec mode: Disabled / Profile: none 
> > 
> > SNMP Community Name Client IP Address   Client IP 
> MaskAccess Mode Status 
> > --- -   
> - ---  
> > **  10.200.250.0 
> 255.255.255.0 Read/Write  Enable 
> > **  10.100.10.208   
> 10.100.10.208Read/Write  Enable 
> > xx0.0.0.0  0.0.0.0   
> Read Only   Enable 
> > yy0.0.0.0  0.0.0.0   
> Read Only   Enable 
> > zz0.0.0.0  0.0.0.0   
> Read Only   Enable 
> > 
> > 
> > On Tuesday, 12 May 2020 18:35:23 UTC-7, Scott Fella wrote: 
> >> 
> >> I can share that later, not in front of my laptop. What I was looking 
> for is not just with snmp, I just started with snmp since I was working on 
> other playbooks.  I was looking to see if I can simplify the “when” to 
> check if the output has the any of the variables defined in the list. What 
> I have is working, but is there a better way? 
> >> 
> >> -Scott 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/6b6d44df-017a-4ecd-9ea3-ef20ccf8d915%40googlegroups.com.
>  
>
>
>
>
> -- 
> Dick Visser 
> Trust & Identity Service Operations Manager 
> GÉANT 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eb9ec701-6532-4851-bfd0-63c225df7dd2%40googlegroups.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Scott Fella]

So you mean define it like the following in a playbook:

vars:
  snmp_strings:
   - a
   - b
   - cc

-Scott

> On May 13, 2020, at 8:19 AM, Dick Visser  wrote:
> 
> snmp_strings:
>  - a
>  - b
>  - cc

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/393D7F36-FD23-4DCA-89AD-8B7024BDC8AC%40gmail.com.

[ansible-project] Re: Adding task output to a file in a loop

[harry devine]

OK, I'm finally getting back to this.  I failed to mention that I'm trying 
to query our LDAP server, which is Red Hat IDM (based off of FreeIPA).  
Here's what I have so far but its not working:

---
- hosts: ldap
  gather_facts: no
  become: yes
  become_method: sudo

  tasks:

   - name: Obtain Kerberos Ticket on Tower
 command: /usr/bin/kinit admin@ldap -k -t /var/lib/awx/admin.keytab
 delegate_to: tower_server

   - name: Obtain Kerberos Ticket from LDAP
 command: /usr/bin/kinit admin@ldap -k -t /root/admin.keytab

   - name: Get password entries from getent
 getent:
   database: password

   - name: Set User facts
 set_fact:
   uid_list: "{{ getent_passwd | dict2items | json_query('[].{user:key, 
uid: to_number(value[1])}) }}"

   - name: Set Attribute facts
 set_fact:
   uid_list: "{{ uid_list | json_query('[?uid >= `1000`]) | 
json_query('[?uid <= `1010`]') | sort(attribute='uid') | list }}"

   - name: Add to CSV template
 template:
   src: uid.csv.j2
   dest: uid.csv

Template:

User ID Inventory (generated on $[(datetime.datetime.today().date())]
{% for item in uid_list %}
{{ item.user }},{{ item.uid }}
{% endfor %}

When I run the playbook, I get the following error:

 [root@tower ~]#ansible-playbook uid_inventory.yml -K --check
BECOME password:

PLAY [ldap] 


TASK [Obtain Kerberos Ticket on Tower] 
**

TASK [Obtain Kerberos Ticket on LDAP] 
*

TASK [Get password entries from getent] 
***
fatal: [ldap]: FAILED! => {"ansible_facts": 
{"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, 
"msg": "Missing arguments, or database unknown."}

PLAY RECAP 

ldap   : ok=0changed=0unreachable=0failed=1skipped=2
rescued=0ignored=0

Any thoughts/ideas?

Thanks,
Harry

On Wednesday, May 6, 2020 at 3:41:55 PM UTC-4, harry devine wrote:
>
> I have a shell script that I'm trying to convert to Ansible.  It currently 
> is similar to the following:
>
> for uid in {1000..6500}
>   user = ipa user-find --uid=$uid --raw |grep uid: | awk '{print $2}'
>   echo "user,uid" >> uid.csv
> do
>
> How do I accomplish this in Ansible?  I know I can use the shell module 
> with a loop similar to the following:
>
> - name: Get user name based on the UID
>   shell: "set -o pipefail && /bin/ipa user-find --uid={{ uid }} --raw | 
> grep uid: | awk '{print $2}'"
>   register: output
>   loop:  {{ range(1000, 6500, 1) | list }}
>
> But how can I have each iteration add the values I need to a file?  I know 
> that I can use lineinfile, but I need to have it do this for each iteration 
> of the loop.
>
> Thanks,
> Harry
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eb72e245-6e5d-48d6-a42c-a50405b0b512%40googlegroups.com.

[ansible-project] Re: Ansible unable to run command by becoming other user and using sudo

[Zayed Mahmud]

*Hi Luca, thanks for replying. Here's the data you requested:*

*Here's the output of 'sudo -l' for user1:*
[user1@server1 ~]$ sudo -l
Matching Defaults entries for user1 on server1:
!visiblepw, always_set_home, match_group_by_gid, 
always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME
HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG 
LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY 
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", 
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User user1 may run the following commands on server1:
(ALL) NOPASSWD: /bin/su - admin1
[user1@server1 ~]$


*And here's it for admin1 user:*
[admin1@server1 ~]$ sudo -l
Matching Defaults entries for admin1 on server1:
!visiblepw, always_set_home, match_group_by_gid, 
always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME
HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG 
LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY 
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", 
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User admin1 may run the following commands on server1:
(ALL) NOPASSWD: ALL, !/bin/sh, !/bin/ksh, !/bin/bash, !/bin/zsh, 
!/bin/csh, !/bin/tcsh, !/usr/bin/login, !/usr/bin/su,
!/etc/sudoers, !/bin/su, !/usr/sbin/visudo, !/sbin/shutdown, 
!/sbin/reboot, !/sbin/init, !/usr/bin/shutdown -h now,
!/usr/bin/halt, !/usr/bin/poweroff, !/usr/bin/mount -o 
nosuid\,nodev\,noexec, !/usr/bin/umount, !/sbin/fdisk,
!/usr/sbin/format, !/usr/bin/dd, !/usr/bin/rlogin, 
!/etc/init.d/iptables, !/usr/bin/exportfs, !/sbin/pvs, !/sbin/lvs,
!/sbin/vgs, !/sbin/pvscan, !/sbin/pvscan, !/sbin/vgscan, 
!/sbin/lvscan, !/sbin/lvdisplay, !/sbin/vgdisplay,
!/sbin/pvdisplay, !/usr/bin/ifenslave, !/usr/bin/ethtool, 
!/usr/sbin/tcpd, !/usr/sbin/dump, !/usr/sbin/rdump,
!/usr/sbin/restore, !/usr/sbin/rrestore, !/usr/bin/mt, 
!/usr/bin/journalctl, !/usr/bin/netctl, !/usr/sbin/syslogd,
!/usr/bin/finger, !/usr/bin/tty
[admin1@server1 ~]$


--
Thanks,
Zayed.


On Wednesday, May 13, 2020 at 9:41:15 PM UTC+6, Zayed Mahmud wrote:
>
> Hi all,
>
> I have a target server where I have a user, *user1*, who can become 
> another privileged user, *admin1*, without password.and admin1 can run 
> any command with sudo, like "sudo ls /root" --> works.
>
> So from remote server I can do this:
> *[user1@server1~]$ sudo su - admin1 *--> successful
> *[admin1@server1~]$ sudo ls -l /root/* --> successful
>
> Now, if I try this from ansible, it doesn't work, note that I do not need 
> password to become admin1 from user1 user.
>
> Tried this, failed, while connecting to server1 as user1:
> *$ ansible -i hosts server1 -m shell -a "ls /root/" --become-user admin1 
> --become-method sudo -b*
>
> I receive error like:
>
> <192.168.10.10> ssh_retry: attempt: 5, caught exception(Missing sudo 
> password) from cmd (['ssh', '-vvv', '-C', '-o', 'ControlMaster=auto', '-o', 
> 'ControlPersist=60s', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', 
> '-o', 'IdentityFile="/home/user1/ansible-env/user1"', '-o', 
> 'KbdInteractiveAuthentication=no', '-o', 
> 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', 
> '-o', 'PasswordAuthentication=no', '-o', 'User="user1"', '-o', 
> 'ConnectTimeout=10', '-o', 
> 'ControlPath=/home/user1/.ansible/cp/e81f1307f9', '-tt', '192.168.10.10', 
> '/bin/sh -c \'sudo -H -S -n  -u mygpadmin /bin/sh -c \'"\'"\'echo 
> BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; /usr/bin/python 
> /var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py\'"\'"\' 
> && sleep 0\'']...), pausing for 15 seconds
> <192.168.10.10> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 
> 'IdentityFile="/home/user1/ansible-env/user1"' -o 
> KbdInteractiveAuthentication=no -o 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o PasswordAuthentication=no -o 'User="user1"' -o ConnectTimeout=10 -o 
> ControlPath=/home/user1/.ansible/cp/e81f1307f9 -tt 192.168.10.10 '/bin/sh 
> -c '"'"'sudo -H -S -n  -u mygpadmin /bin/sh -c '"'"'"'"'"'"'"'"'echo 
> BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; /usr/bin/python 
> /var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py'"'"'"'"'"'"'"'"'
>  
> && sleep 0'"'"''
> Escalation requires password
>
> How can I resolve this issue if I want to become another and run command 
> with sudo using ansible/ansible-playbook but without using password. As 
> user1, I can run all commands user1 is allowed to.
>
>
> Thanks.
>
> - Zayed.
>

-- 
You received this message because you are subscribed to 

Re: [ansible-project] Ansible unable to run command by becoming other user and using sudo

[Luca 'remix_tj' Lorenzetto]

Hello,

can we have the output of:

sudo -l

for the user you're using for the connection? You need to be sure that
the given user is allowed to sudo with NOPASSWD

Luca

On Wed, May 13, 2020 at 5:41 PM Zayed Mahmud  wrote:
>
> Hi all,
>
> I have a target server where I have a user, user1, who can become another 
> privileged user, admin1, without password.and admin1 can run any command with 
> sudo, like "sudo ls /root" --> works.
>
> So from remote server I can do this:
> [user1@server1~]$ sudo su - admin1 --> successful
> [admin1@server1~]$ sudo ls -l /root/ --> successful
>
> Now, if I try this from ansible, it doesn't work, note that I do not need 
> password to become admin1 from user1 user.
>
> Tried this, failed, while connecting to server1 as user1:
> $ ansible -i hosts server1 -m shell -a "ls /root/" --become-user admin1 
> --become-method sudo -b
>
> I receive error like:
>
> <192.168.10.10> ssh_retry: attempt: 5, caught exception(Missing sudo 
> password) from cmd (['ssh', '-vvv', '-C', '-o', 'ControlMaster=auto', '-o', 
> 'ControlPersist=60s', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', 
> '-o', 'IdentityFile="/home/user1/ansible-env/user1"', '-o', 
> 'KbdInteractiveAuthentication=no', '-o', 
> 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', 
> '-o', 'PasswordAuthentication=no', '-o', 'User="user1"', '-o', 
> 'ConnectTimeout=10', '-o', 'ControlPath=/home/user1/.ansible/cp/e81f1307f9', 
> '-tt', '192.168.10.10', '/bin/sh -c \'sudo -H -S -n  -u mygpadmin /bin/sh -c 
> \'"\'"\'echo BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; 
> /usr/bin/python 
> /var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py\'"\'"\' 
> && sleep 0\'']...), pausing for 15 seconds
> <192.168.10.10> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o 
> ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 
> 'IdentityFile="/home/user1/ansible-env/user1"' -o 
> KbdInteractiveAuthentication=no -o 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o 
> PasswordAuthentication=no -o 'User="user1"' -o ConnectTimeout=10 -o 
> ControlPath=/home/user1/.ansible/cp/e81f1307f9 -tt 192.168.10.10 '/bin/sh -c 
> '"'"'sudo -H -S -n  -u mygpadmin /bin/sh -c '"'"'"'"'"'"'"'"'echo 
> BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; /usr/bin/python 
> /var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py'"'"'"'"'"'"'"'"'
>  && sleep 0'"'"''
> Escalation requires password
>
> How can I resolve this issue if I want to become another and run command with 
> sudo using ansible/ansible-playbook but without using password. As user1, I 
> can run all commands user1 is allowed to.
>
>
> Thanks.
>
> - Zayed.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/18c1ee0d-2f8a-40fe-bf56-356a8bb4f210%40googlegroups.com.



-- 
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKuX69qH8fef5Lr8_i%2BMRW2P2Ese736t9dOzHEL-e90yzZB05Q%40mail.gmail.com.

Re: [ansible-project] Re: ssl: the specified credentials were rejected by the server

[Tony Wong]

Thanks I changed the auth to ntlm and works now

another question how do I use a domain account instead of a local
administrator?

On Sat, Apr 25, 2020 at 3:28 PM Jordan Borean  wrote:

> You WinRM service has been set to reject Basic auth. You need to change
> the auth to something like kerberos (for domain auth) or ntlm using the
> ansible_winrm_transport var.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e04a3c3f-6c8d-4eac-a8dd-75d6ef959fd9%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CALmkhkpk4NF%3DAxChDRye-O_Qu3Ua9i08YCQa_rfLJfw%2BwSxXoQ%40mail.gmail.com.

[ansible-project] Ansible unable to run command by becoming other user and using sudo

[Zayed Mahmud]

Hi all,

I have a target server where I have a user, *user1*, who can become another 
privileged user, *admin1*, without password.and admin1 can run any command 
with sudo, like "sudo ls /root" --> works.

So from remote server I can do this:
*[user1@server1~]$ sudo su - admin1 *--> successful
*[admin1@server1~]$ sudo ls -l /root/* --> successful

Now, if I try this from ansible, it doesn't work, note that I do not need 
password to become admin1 from user1 user.

Tried this, failed, while connecting to server1 as user1:
*$ ansible -i hosts server1 -m shell -a "ls /root/" --become-user admin1 
--become-method sudo -b*

I receive error like:

<192.168.10.10> ssh_retry: attempt: 5, caught exception(Missing sudo 
password) from cmd (['ssh', '-vvv', '-C', '-o', 'ControlMaster=auto', '-o', 
'ControlPersist=60s', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', 
'-o', 'IdentityFile="/home/user1/ansible-env/user1"', '-o', 
'KbdInteractiveAuthentication=no', '-o', 
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', 
'-o', 'PasswordAuthentication=no', '-o', 'User="user1"', '-o', 
'ConnectTimeout=10', '-o', 
'ControlPath=/home/user1/.ansible/cp/e81f1307f9', '-tt', '192.168.10.10', 
'/bin/sh -c \'sudo -H -S -n  -u mygpadmin /bin/sh -c \'"\'"\'echo 
BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; /usr/bin/python 
/var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py\'"\'"\' 
&& sleep 0\'']...), pausing for 15 seconds
<192.168.10.10> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 
'IdentityFile="/home/user1/ansible-env/user1"' -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o 'User="user1"' -o ConnectTimeout=10 -o 
ControlPath=/home/user1/.ansible/cp/e81f1307f9 -tt 192.168.10.10 '/bin/sh 
-c '"'"'sudo -H -S -n  -u mygpadmin /bin/sh -c '"'"'"'"'"'"'"'"'echo 
BECOME-SUCCESS-prgmplogeczegkatiwtdoyhjtxaphgrv ; /usr/bin/python 
/var/tmp/ansible-tmp-1589381399.57-2262637800948/AnsiballZ_command.py'"'"'"'"'"'"'"'"'
 
&& sleep 0'"'"''
Escalation requires password

How can I resolve this issue if I want to become another and run command 
with sudo using ansible/ansible-playbook but without using password. As 
user1, I can run all commands user1 is allowed to.


Thanks.

- Zayed.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/18c1ee0d-2f8a-40fe-bf56-356a8bb4f210%40googlegroups.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Dick Visser]

Is there any chance you can have a single var that is a list for those strings?
I.e.:

snmp_strings:
  - a
  - b
  - cc



On Wed, 13 May 2020 at 16:25, Scott Fella  wrote:
>
> Here is a sample output when I run a show snmpcommunity.  The one with '*' 
> are hashed and read-only, so I will not be able to match on those, it is the 
> read-only strings i'm worried about.
>
> rusred991c55p1
>
> IPSec mode: Disabled / Profile: none
>
> SNMP Community Name Client IP Address   Client IP Mask
> Access Mode Status
> --- -   - 
> --- 
> **  10.200.250.0 255.255.255.0
>  Read/Write  Enable
> **  10.100.10.208   10.100.10.208
> Read/Write  Enable
> xx0.0.0.0  0.0.0.0   
> Read Only   Enable
> yy0.0.0.0  0.0.0.0   
> Read Only   Enable
> zz0.0.0.0  0.0.0.0   
> Read Only   Enable
>
>
> On Tuesday, 12 May 2020 18:35:23 UTC-7, Scott Fella wrote:
>>
>> I can share that later, not in front of my laptop. What I was looking for is 
>> not just with snmp, I just started with snmp since I was working on other 
>> playbooks.  I was looking to see if I can simplify the “when” to check if 
>> the output has the any of the variables defined in the list. What I have is 
>> working, but is there a better way?
>>
>> -Scott
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/6b6d44df-017a-4ecd-9ea3-ef20ccf8d915%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwOaHK%2BEYCyQCzNPvpAAi5V8%2BAxaLVxQJREGVh5Td0qMtQ%40mail.gmail.com.

Re: [ansible-project] Forced --limit

[Julien Seknazi]

Thank you, it s work ! 

But, i have another question :) 
I use - hosts: "{{ ansible_limit }}"  but i need to have  "{{ ansible_limit 
}}" is included in group GROUP_1. 

When i use "{{ ansible_limit }}", it`s work for every host. I want to use 
var ansible_limit with condition, host is in group_1.

Thank you :) 


Le mercredi 6 mai 2020 18:54:52 UTC-4, James Cassell a écrit :
>
>
> On Wed, May 6, 2020, at 4:35 PM, Julien Seknazi wrote: 
> > Hi! 
> > 
> > I hope everything it's ok for you. 
> > 
> > 
> > I would like to know if it's possible to use mandatory "--limit" when 
> you run : 
> > "ansible-playbook site.yml --limit DEVICE_1" 
> > 
> > I explain, if i don't use --limit, my playbook will deploy on all my 
> > devices. 
> > Me, I want my playbook don't run if --limit is not defined on my run 
> > ansible-playbook command 
> > 
>
> I use 
>
> - hosts: "{{ ansible_limit }}" 
>
>
> V/r, 
> James Cassell 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/54305cba-56b9-4147-88cc-ca31ad0e31c0%40googlegroups.com.

Re: [ansible-project] Is there a better way to search through a list using when and regex_search

[Scott Fella]

Here is a sample output when I run a show snmpcommunity.  The one with '*' 
are hashed and read-only, so I will not be able to match on those, it is 
the read-only strings i'm worried about.  

rusred991c55p1

IPSec mode: Disabled / Profile: none

SNMP Community Name Client IP Address   Client IP 
MaskAccess Mode Status
--- -   
- --- 
**  10.200.250.0 
255.255.255.0 Read/Write  Enable
**  10.100.10.208   
10.100.10.208Read/Write  Enable
xx0.0.0.0  
0.0.0.0   Read Only   Enable
yy0.0.0.0  
0.0.0.0   Read Only   Enable
zz0.0.0.0  
0.0.0.0   Read Only   Enable


On Tuesday, 12 May 2020 18:35:23 UTC-7, Scott Fella wrote:
>
> I can share that later, not in front of my laptop. What I was looking for 
> is not just with snmp, I just started with snmp since I was working on 
> other playbooks.  I was looking to see if I can simplify the “when” to 
> check if the output has the any of the variables defined in the list. What 
> I have is working, but is there a better way? 
>
> -Scott

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6b6d44df-017a-4ecd-9ea3-ef20ccf8d915%40googlegroups.com.

Re: [ansible-project] how to dynamic update value in vars_file

[Stefan Hornburg (Racke)]

On 5/13/20 3:58 PM, Eric Chang wrote:
> location is defined in inventory file , but I have trouble to update nodes.pub
> 

lineinfile is not appropriate for any structured data (JSON, YAML, XML, ...).

Regards
Racke


> |
> - hosts: srvs
>   become: yes
>   vars:
>     location: l13
> 
>   tasks:                     
>     -name:debug vars        
>       debug:                 
>         var:nodes            
>                              
>     -name:update vars.yml whenpub isnotdefined
>       lineinfile:           
>         line:"public: none" 
>         path:vars.yml        
>         state:present        
>       when:item.location ==location anditem.pub ==""   
>       with_items:"{{ nodes }}"
> 
> 
> |
> 
> 
> Stefan Hornburg (Racke)於 2020年5月13日星期三 UTC+8下午4時03分16秒寫道：
> 
> On 5/13/20 9:32 AM, Eric Chang wrote:
> > like I said , I want to update nodes.ma  
>  with somevalue based on location in
> playbook , if ma is not
> > defined.
> > ma is matainer's id , owner is customer's id.
> > with different location , there are different matainers.
> > and because some reason , we didn't keep all that records , so there 
> are plenty of missing maintainers
> > I want to update these data via ansible , if ma is missing , then I 
> will assign a employee to it based on location.
> > thats what I want to do.
> >
> 
> How does your playbook look like right now?
> 
> Regards
>         Racke
> 
> >
> >
> > Dick Visser於 2020年5月13日星期三 UTC+8下午3時04分42秒寫道：
> >
> >     Update vars files based on the content of a variable it contains
> >     sounds like doing things backwards.
> >     Could you tell more about your ACTUAL deployment goal(s)? I.e. what
> >     are you trying to achieve with ansible?
> >
> >     On Wed, 13 May 2020 at 03:34, Eric Chang  > wrote:
> >     >
> >     > I have a var file like
> >     >
> >     > nodes:
> >     >   - name: rk12
> >     >     location: tp-101
> >     >     ma:
> >     >     own:
> >     >   - name: rk14
> >     >     location: tp-201
> >     >     ma: p11023
> >     >     own: p11023
> >     >   - name: rk15
> >     >     location: tc-332
> >     >     ma:
> >     >     own: p92032
> >     >
> >     >
> >     >
> >     >
> >     > and I want to update nodes.ma   
> with somevalue based on location in
> playbook , if ma is not defined.
> >     > I try lineinfile , but there could be more lines  that ma was not 
> defined. (like rk12 , rk15 )
> >     > can I update specified nodes.ma  
>  in playbook ?
> >     >
> >
> >
> >
> >     --
> >     Dick Visser
> >     Trust & Identity Service Operations Manager
> >     GÉANT
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to
> > ansible...@googlegroups.com  
> .
> > To view this discussion on the web visit
> > 
> https://groups.google.com/d/msgid/ansible-project/d1aba12f-0f26-4b5b-8c83-c45d542553e0%40googlegroups.com
> 
> 
> >
> 
>  
> >.
> 
> 
> 
> -- 
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/dd9ece05-dfdb-4bc5-9a83-0840789bf1a5%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web 

Re: [ansible-project] how to dynamic update value in vars_file

[Eric Chang]

location is defined in inventory file , but I have trouble to update 
nodes.pub

- hosts: srvs
  become: yes
  vars:
location: l13

  tasks:  
- name: debug vars
  debug:  
var: nodes
  
- name: update vars.yml when pub is not defined
  lineinfile: 
line: "public: none"  
path: vars.yml
state: present
  when: item.location == location and item.pub == "" 
  with_items: "{{ nodes }}"




Stefan Hornburg (Racke)於 2020年5月13日星期三 UTC+8下午4時03分16秒寫道：
>
> On 5/13/20 9:32 AM, Eric Chang wrote: 
> > like I said , I want to update nodes.ma  with 
> somevalue based on location in playbook , if ma is not 
> > defined. 
> > ma is matainer's id , owner is customer's id. 
> > with different location , there are different matainers. 
> > and because some reason , we didn't keep all that records , so there are 
> plenty of missing maintainers 
> > I want to update these data via ansible , if ma is missing , then I will 
> assign a employee to it based on location. 
> > thats what I want to do. 
> > 
>
> How does your playbook look like right now? 
>
> Regards 
> Racke 
>
> > 
> > 
> > Dick Visser於 2020年5月13日星期三 UTC+8下午3時04分42秒寫道： 
> > 
> > Update vars files based on the content of a variable it contains 
> > sounds like doing things backwards. 
> > Could you tell more about your ACTUAL deployment goal(s)? I.e. what 
> > are you trying to achieve with ansible? 
> > 
> > On Wed, 13 May 2020 at 03:34, Eric Chang  > wrote: 
> > > 
> > > I have a var file like 
> > > 
> > > nodes: 
> > >   - name: rk12 
> > > location: tp-101 
> > > ma: 
> > > own: 
> > >   - name: rk14 
> > > location: tp-201 
> > > ma: p11023 
> > > own: p11023 
> > >   - name: rk15 
> > > location: tc-332 
> > > ma: 
> > > own: p92032 
> > > 
> > > 
> > > 
> > > 
> > > and I want to update nodes.ma  with somevalue 
> based on location in playbook , if ma is not defined. 
> > > I try lineinfile , but there could be more lines  that ma was not 
> defined. (like rk12 , rk15 ) 
> > > can I update specified nodes.ma  in playbook ? 
> > > 
> > 
> > 
> > 
> > -- 
> > Dick Visser 
> > Trust & Identity Service Operations Manager 
> > GÉANT 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to 
> > ansible...@googlegroups.com   ansible-project+unsubscr...@googlegroups.com >. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/d1aba12f-0f26-4b5b-8c83-c45d542553e0%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/ansible-project/d1aba12f-0f26-4b5b-8c83-c45d542553e0%40googlegroups.com?utm_medium=email_source=footer>.
>  
>
>
>
> -- 
> Ecommerce and Linux consulting + Perl and web application programming. 
> Debian and Sympa administration. Provisioning with Ansible. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd9ece05-dfdb-4bc5-9a83-0840789bf1a5%40googlegroups.com.

[ansible-project] win_shell, kerberos and credential delegation

[Luca Lorenzetto]

Hello,

i'm hitting an issue with windows authentication and credential delegation. 
That's the piece of playbook that has problem with privileges:

- name: define migrator command
  set_fact:
 migratore_command: "{{ backup_path }}\\Migrator\\DB.Migrator.exe 
-s -connstring \"Server=application-listener.dev\\applications,64000; 
Database=USERAPPDB; User Id=USERAPP; Integrated Security=True;\""

- name: Execute migrator
  win_shell: "{{ migrator_command }}"
  args:
chdir: "{{ backup_path }}\\Migrator"
  register: migrator
  failed_when: migrator.rc != 6
  run_once: true

I'm connecting to the windows machine where DB.Migrator.exe is via winrm 
authenticated through kerberos. Authentication works fine, because tasks 
before this are working perfectly (copy, remove file, other win_shell, 
unarchive, etc).

this DB.Migrator is a tool that uses my own credentials to connect to a 
remote MSSQL application listener via integrated security and then updates 
some data on that DB.

I'm hitting this error (returned by stdout of execution):

System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT 
AUTHORITY\\ANONYMOUS LOGON' 

On my inventory file i've set this parameters:

ansible_port=5986
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=kerberos
ansible_winrm_kerberos_delegation=true


What i'm expecting is that with kerberos_delegation, the application will 
connect using the ansible_user, not anonymous logon.

What is wrong?

Is possible to use become: to use a given user to run this task, using the 
right permissions?

Thanks,

Luca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/35124e9b-76fe-4e89-829b-e6bfe5de6916%40googlegroups.com.

[ansible-project] Re: fortigate / fortinet

[Robert Grätz]

Hallo Andrew,

I had the same problem as you. Please use 
https://galaxy.ansible.com/fortinet/fortios. This works very well.

Am Mittwoch, 6. Mai 2020 21:49:51 UTC+2 schrieb Andrew Meyer:
>
> Has anyone gotten a fortinet/fortigate playbook to work?  I have a 
> Fortigate 100D running 6.2.2 and I can't get it to pass an ansible ping.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/59b9ad22-d1ae-4fe9-96c8-bd8c3de7ebc3%40googlegroups.com.

Re: [ansible-project] Re: loop control for with_together

[Diyawary]

Hi ,

Please find below my inner yml
- name: Checking TCP Service objects
  uri:
url: "https://{{hostname}}/web_api/show-objects;
validate_certs: False
method: POST
headers:
  x-chkp-sid: "{{ login.json.sid }}"
body:
  filter: "{{item}}"
  type: "service-tcp"
body_format: json
  register: check_host_result

- name: Checking if TCP Service Object already exists
  set_fact:
item_tcptype_exists: true
svc_name: "{{ item['name'] }}"
  with_items: "{{ check_host_result.json.objects  }}"
  when:
#- item['port'] == "{{svc_port}}"
-  item['port'] == "{{port}}"
-  item['type'] is defined
-  item['type'] == "service-tcp"
- debug:
msg: "Service  Object exists with name [{{svc_name}}]"

and also other api call on the output of above set_facts in this inner yml


On Tuesday, 12 May 2020 11:17:00 UTC-5, Dick Visser wrote:
>
> Send the inner yml 
>

> On Tue, 12 May 2020 at 17:57, Diyawary > 
> wrote:
>
>> I tried with the other loop_var name but didnt worked. my issues is for 
>> inner yml i wanted only port list items pass ,when using a loop_var it is 
>> passing both list items . Please suggets how i can achieve this.
>>
>>
>> On Tuesday, 12 May 2020 04:42:13 UTC-5, Diyawary wrote:
>>>
>>> Hi team,
>>> could you please help me how to give two loop_vars for corresponding 
>>> list for with_together module
>>>
>>> my requirement is ,i am calling a role and where looping with_togetjher
>>> - include_role:
>>>   name: validatetcp_port
>>>when: item.0 ==  'tcp'
>>>with_together:
>>>   -  "{{ proto}}"
>>>   -   "{{ svc_port}}"
>>>loop_control:
>>>   loop_var: svc_port
>>>
>>>  this is not working .my inner yml is only utilizing svc_port  and for 
>>> when condition I need  item of proto  list. in my inner yml already a loop 
>>> so without loop control it is not working. in current loop_var for inner 
>>> yml its passing whole list of svc_port as a single item.
>>>  so please suggest me how i can apply loop_vars
>>>
>>>
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/2bc33397-1739-496d-bdb5-b445170317d0%40googlegroups.com
>>  
>> 
>> .
>>
>
>
> -- 
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6322be3c-4388-4cff-a166-ea1826ff6932%40googlegroups.com.

Re: [ansible-project] how to dynamic update value in vars_file

[Stefan Hornburg (Racke)]

On 5/13/20 9:32 AM, Eric Chang wrote:
> like I said , I want to update nodes.ma  with somevalue 
> based on location in playbook , if ma is not
> defined.
> ma is matainer's id , owner is customer's id.
> with different location , there are different matainers.
> and because some reason , we didn't keep all that records , so there are 
> plenty of missing maintainers
> I want to update these data via ansible , if ma is missing , then I will 
> assign a employee to it based on location.
> thats what I want to do.
> 

How does your playbook look like right now?

Regards
Racke

> 
> 
> Dick Visser於 2020年5月13日星期三 UTC+8下午3時04分42秒寫道：
> 
> Update vars files based on the content of a variable it contains
> sounds like doing things backwards.
> Could you tell more about your ACTUAL deployment goal(s)? I.e. what
> are you trying to achieve with ansible?
> 
> On Wed, 13 May 2020 at 03:34, Eric Chang  > wrote:
> >
> > I have a var file like
> >
> > nodes:
> >   - name: rk12
> >     location: tp-101
> >     ma:
> >     own:
> >   - name: rk14
> >     location: tp-201
> >     ma: p11023
> >     own: p11023
> >   - name: rk15
> >     location: tc-332
> >     ma:
> >     own: p92032
> >
> >
> >
> >
> > and I want to update nodes.ma  with somevalue based on 
> location in playbook , if ma is not defined.
> > I try lineinfile , but there could be more lines  that ma was not 
> defined. (like rk12 , rk15 )
> > can I update specified nodes.ma  in playbook ?
> >
> 
> 
> 
> -- 
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to
> ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d1aba12f-0f26-4b5b-8c83-c45d542553e0%40googlegroups.com
> .


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bc5eae4b-19ee-5b9c-cf5f-83b37a471c98%40linuxia.de.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] how to dynamic update value in vars_file

[Eric Chang]

like I said , I want to update nodes.ma with somevalue based on location in 
playbook , if ma is not defined.
ma is matainer's id , owner is customer's id.
with different location , there are different matainers.
and because some reason , we didn't keep all that records , so there are 
plenty of missing maintainers
I want to update these data via ansible , if ma is missing , then I will 
assign a employee to it based on location.
thats what I want to do.



Dick Visser於 2020年5月13日星期三 UTC+8下午3時04分42秒寫道：
>
> Update vars files based on the content of a variable it contains 
> sounds like doing things backwards. 
> Could you tell more about your ACTUAL deployment goal(s)? I.e. what 
> are you trying to achieve with ansible? 
>
> On Wed, 13 May 2020 at 03:34, Eric Chang > 
> wrote: 
> > 
> > I have a var file like 
> > 
> > nodes: 
> >   - name: rk12 
> > location: tp-101 
> > ma: 
> > own: 
> >   - name: rk14 
> > location: tp-201 
> > ma: p11023 
> > own: p11023 
> >   - name: rk15 
> > location: tc-332 
> > ma: 
> > own: p92032 
> > 
> > 
> > 
> > 
> > and I want to update nodes.ma with somevalue based on location in 
> playbook , if ma is not defined. 
> > I try lineinfile , but there could be more lines  that ma was not 
> defined. (like rk12 , rk15 ) 
> > can I update specified nodes.ma in playbook ? 
> > 
>
>
>
> -- 
> Dick Visser 
> Trust & Identity Service Operations Manager 
> GÉANT 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d1aba12f-0f26-4b5b-8c83-c45d542553e0%40googlegroups.com.

Re: [ansible-project] how to dynamic update value in vars_file

[Dick Visser]

Update vars files based on the content of a variable it contains
sounds like doing things backwards.
Could you tell more about your ACTUAL deployment goal(s)? I.e. what
are you trying to achieve with ansible?

On Wed, 13 May 2020 at 03:34, Eric Chang  wrote:
>
> I have a var file like
>
> nodes:
>   - name: rk12
> location: tp-101
> ma:
> own:
>   - name: rk14
> location: tp-201
> ma: p11023
> own: p11023
>   - name: rk15
> location: tc-332
> ma:
> own: p92032
>
>
>
>
> and I want to update nodes.ma with somevalue based on location in playbook , 
> if ma is not defined.
> I try lineinfile , but there could be more lines  that ma was not defined. 
> (like rk12 , rk15 )
> can I update specified nodes.ma in playbook ?
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/adc79238-ee69-4883-86e0-e6555b9a5356%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwN55YVMEf_guXu8HQgPN-0%3DzDBcu5PkUxH3vvgo89Hh7g%40mail.gmail.com.