Re: [ansible-project] Re: 2 levels nested loop with variables

[Dick Visser]

For several levels of loops I often split things out to separate files,
which are then included with 'include_tasks' in a loop.
It helps to name the files properly, ie according to their function.


On Mon, 17 Aug 2020 at 23:15, Nick-H  wrote:

> so basically I *just *need to  loop over extra variables in an inline way
> to construct the unique name and the unique policy template, then,  the
> usual loop for the module will create the resources in aws.
> - should using *Lookup *a good start  for inline loop ?
> - as *nested *and *subelements *can't seem to achieve this, what other
> solution I can explore ?
> cheers
> Le lundi 17 août 2020 à 11:52:15 UTC-7, Nick-H a écrit :
>
>> Thanks Racke, I should have had some context. policy_name can vary,
>> actually in the real task I have other policies with other names, hence the
>> use of a loop for item.name and item.policy .
>> Just this specific one named rds_foo_bar  needs the nested arguments from
>> my vars list(or dict I am not sure) .
>> Although I can create a dedicate task just for that policy if that is too
>> complicated, I just thought I could do some nested loop over variables.
>> Interesting facts, with nested it actually loop over each character in
>> the key:value
>> *Couldn't create policy rds-dev-[[u'r', u'e', u'g', u'i', u'o', u'n',
>> u's'], [u'r', u'o', u'l', u'e']]*
>>
>> the actual play  looks like:
>>
>> iam_managed_policy:
>> policy_name: "{{ item.name }}"
>> policy: "{{ item.policy }}"
>> state: present
>>   loop:
>> - { name:
>> "rds-prod-{{ lookup('dict', mysql_privilege[0].value ) }} ",
>> policy: "{{ lookup('template', rds-prod.json.j2) }}" }
>> # - { name: "rds-dev-{{  lookup('nested',mysql_privilege )",
>> policy: "{{ lookup('template', rds_dev.json.j2) }}" }
>>
>> # - { name: cloudwatch, policy: "{{ 
>> lookup('template','cloudwatch.json.j2') }}" }
>> # other policies with name and policy
>>   vars:
>> mysql_privilege:
>>   role:
>> - rw
>> - ro
>>  rds_region:
>> - us-west-1
>> - us-west-2
>>
>> And rds-prod.json.j2 also reuses the variables from  mysql_privilege dict
>> as:
>> ...
>> "Action": [
>> "rds-db:connect"
>> ],
>> "Resource": "arn:aws:rds-db:{{ rds_region }}{{ aws_id
>> }}:dbuser:*/username-{{ role }}"
>> ...
>>
>>
>> Le jeudi 13 août 2020 à 11:39:26 UTC-7, brae...@gmail.com a écrit :
>>
>>> On 8/13/20 8:00 PM, Nick-H wrote:
>>>
>>>
>>> > so, I have been trying with lookup('dict')  but still not quite close
>>> to the expected result
>>>
>>>
>>> > I get: " An unhandled exception occurred while running the lookup
>>> plugin 'dict'. Error was a >>
>>>
>>> > 'ansible.errors.AnsibleError'>, original message: with_dict expects a
>>> dict"
>>>
>>>
>>> > her is the last code :
>>>
>>>
>>> >
>>>
>>>
>>> >   iam_managed_policy:
>>>
>>>
>>> > policy_name: "{{ item.name }}"
>>>
>>>
>>> > policy: "{{ item.policy }}"
>>>
>>>
>>> > state: present
>>>
>>>
>>> >   loop:
>>>
>>>
>>> >
>>> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", 
>>> policy: "{{ lookup('template', 'template.json.j2') }}" }
>>>
>>>
>>> >
>>> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", 
>>> policy: "{{ lookup('template', 'template.json.j2') }}" }
>>>
>>>
>>> >   vars:
>>>
>>>
>>> > mysql_privilege:
>>>
>>>
>>> > role:
>>>
>>>
>>> >   - rw
>>>
>>>
>>> >   - ro
>>>
>>>
>>> > regions:
>>>
>>>
>>> >   - us-west-1
>>>
>>>
>>> >   - us-west-2
>>>
>>>
>>> >
>>>
>>>
>>>
>>>
>>>
>>> What are the possible values for policy_name? The value for the "policy"
>>> seems to the same lookup so you don't need in
>>>
>>>
>>> the loop.
>>>
>>>
>>>
>>>
>>>
>>> I'm pretty sure that you are running into brick walls for a possibly
>>> simple problem.
>>>
>>>
>>>
>>>
>>>
>>> So please explain / give examples how the policy_name is constructed.
>>>
>>>
>>>
>>>
>>>
>>> Regards
>>>
>>>
>>> Racke
>>>
>>>
>>>
>>>
>>>
>>> >
>>>
>>>
>>> >
>>>
>>>
>>> >
>>>
>>>
>>> > Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :
>>>
>>>
>>> >
>>>
>>>
>>> > Hi, I have been looking into /nested /, /subelements /and other
>>> /lookups /with no luck to make this working , using
>>>
>>>
>>> > ansible 2.8.
>>>
>>>
>>> > Basically , I'd like to construct a loop than can itself iterate over
>>> other variables (list or dict).
>>>
>>>
>>> > *  iam_managed_policy:*
>>>
>>>
>>> > *policy_name: "{{ item.name  }}"*
>>>
>>>
>>> > *policy: "{{ item.policy }}"*
>>>
>>>
>>> > *state: present*
>>>
>>>
>>> > *  loop:*
>>>
>>>
>>> > *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy:
>>> "{{ lookup('template', template.json.j2') }}" }*
>>>
>>>
>>> > *  vars:*
>>>
>>>
>>> > *mysql_privilege:**  *
>>>
>>>
>>> > *- rw*
>>>
>>>
>>> > *- ro*
>>>
>>>
>>> > *regions:*
>>>
>>>
>>> > *- us-west-1*
>>>
>>>
>>> > *- us-west-

Re: [ansible-project] Ansible inventory duplicate hosts in different groups - Ansible picks the last one from the duplicates

[alicia]

The host  host1.example.com  is listed in both group 
A and group B - the only difference is the value of the variable ‘lhost’. 
Ansible is executing on the correct host, host1.example.com 
, but with the variable value from the list ing 
group B. See 
https://docs.ansible.com/ansible/devel/user_guide/intro_inventory.html#how-variables-are-merged
 

 for information on how Ansible applies variable values. 

If that’s a typo and they are different hosts, just correct the inventory 
entries and the problem will solve itself. If for some reason you want two 
entries in your inventory for hte same host, you can still give them different 
aliases - host1on1010 and host1on22010. Or you can store the variable values in 
a playbook or vars file and select the correct one at run time.

Hope this helps,
Alicia

> On Aug 17, 2020, at 9:17 AM, Abhishek Sharma  wrote:
> 
> 
> updated command is 
> 
> # ansible -i inventory A -m shell -a "ls -l /tmp/{{ lhost }}" --limit 
> host1.example.com
> 
> 
> On Monday, August 17, 2020 at 7:46:00 PM UTC+5:30 Abhishek Sharma wrote:
> Hi
> 
> I have an inventory defined as below:
> 
> [A]
> host1.example.com  lhost=1010
> host2.example.com  lhost=1110
> 
> [B]
> host1.example.com  lhost=2010
> 
> now when i run below command on group A for host1.example.com 
>  ansible picks up the host in group B
> 
> # ansible -i inventory A -m shell -a "ls -l /tmp/{{ lhost }}"
> 
> output
> 
> ls: no such file or directory /tmp/2010
> 
> expected:  Ansible should execute on host1 in group A and not group B
> 
> Is this behaviour intentional or am i running into some bug or is there 
> something wrong with the command execution.
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/cc567b0a-8095-4c1b-8a3b-85c11f2a4d34n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/C8395702-061C-4215-AA49-442A606FE532%40redhat.com.

Re: [ansible-project] Re: 2 levels nested loop with variables

[Nick-H]

so basically I *just *need to  loop over extra variables in an inline way 
to construct the unique name and the unique policy template, then,  the 
usual loop for the module will create the resources in aws.
- should using *Lookup *a good start  for inline loop ?
- as *nested *and *subelements *can't seem to achieve this, what other 
solution I can explore ? 
cheers
Le lundi 17 août 2020 à 11:52:15 UTC-7, Nick-H a écrit :

> Thanks Racke, I should have had some context. policy_name can vary, 
> actually in the real task I have other policies with other names, hence the 
> use of a loop for item.name and item.policy .
> Just this specific one named rds_foo_bar  needs the nested arguments from 
> my vars list(or dict I am not sure) .
> Although I can create a dedicate task just for that policy if that is too 
> complicated, I just thought I could do some nested loop over variables.
> Interesting facts, with nested it actually loop over each character in the 
> key:value 
> *Couldn't create policy rds-dev-[[u'r', u'e', u'g', u'i', u'o', u'n', 
> u's'], [u'r', u'o', u'l', u'e']]* 
>
> the actual play  looks like: 
>
> iam_managed_policy:
> policy_name: "{{ item.name }}"
> policy: "{{ item.policy }}"
> state: present
>   loop:
> - { name: 
> "rds-prod-{{ lookup('dict', mysql_privilege[0].value ) }} ",  
> policy: "{{ lookup('template', rds-prod.json.j2) }}" }
> # - { name: "rds-dev-{{  lookup('nested',mysql_privilege )",  
> policy: "{{ lookup('template', rds_dev.json.j2) }}" }
>
> # - { name: cloudwatch, policy: "{{ 
> lookup('template','cloudwatch.json.j2') }}" }
> # other policies with name and policy
>   vars:
> mysql_privilege:
>   role:
> - rw
> - ro
>  rds_region:
> - us-west-1
> - us-west-2
>
> And rds-prod.json.j2 also reuses the variables from  mysql_privilege dict 
> as: 
> ...
> "Action": [
> "rds-db:connect"
> ],
> "Resource": "arn:aws:rds-db:{{ rds_region }}{{ aws_id 
> }}:dbuser:*/username-{{ role }}"
> ...
>
>
> Le jeudi 13 août 2020 à 11:39:26 UTC-7, brae...@gmail.com a écrit :
>
>> On 8/13/20 8:00 PM, Nick-H wrote: 
>> > so, I have been trying with lookup('dict')  but still not quite close 
>> to the expected result  
>> > I get: " An unhandled exception occurred while running the lookup 
>> plugin 'dict'. Error was a > > 'ansible.errors.AnsibleError'>, original message: with_dict expects a 
>> dict" 
>> > her is the last code : 
>> > 
>> >   iam_managed_policy: 
>> > policy_name: "{{ item.name }}" 
>> > policy: "{{ item.policy }}" 
>> > state: present 
>> >   loop: 
>> > 
>> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", 
>> policy: "{{ lookup('template', 'template.json.j2') }}" } 
>>
>> > 
>> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", 
>> policy: "{{ lookup('template', 'template.json.j2') }}" } 
>>
>> >   vars: 
>> > mysql_privilege: 
>> > role: 
>> >   - rw 
>> >   - ro 
>> > regions: 
>> >   - us-west-1 
>> >   - us-west-2 
>> > 
>>
>> What are the possible values for policy_name? The value for the "policy" 
>> seems to the same lookup so you don't need in 
>> the loop. 
>>
>> I'm pretty sure that you are running into brick walls for a possibly 
>> simple problem. 
>>
>> So please explain / give examples how the policy_name is constructed. 
>>
>> Regards 
>> Racke 
>>
>> > 
>> > 
>> > 
>> > Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit : 
>> > 
>> > Hi, I have been looking into /nested /, /subelements /and other 
>> /lookups /with no luck to make this working , using 
>> > ansible 2.8.  
>> > Basically , I'd like to construct a loop than can itself iterate over 
>> other variables (list or dict).  
>> > *  iam_managed_policy:* 
>> > *policy_name: "{{ item.name  }}"* 
>> > *policy: "{{ item.policy }}"* 
>> > *state: present* 
>> > *  loop:* 
>> > *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy: 
>> "{{ lookup('template', template.json.j2') }}" }* 
>> > *  vars:* 
>> > *mysql_privilege:**  * 
>> > *- rw* 
>> > *- ro* 
>> > *regions:* 
>> > *- us-west-1* 
>> > *- us-west-2* 
>> > 
>> > but it end up with such result: 
>> > "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1', 
>> u'us-west-1']" 
>> > 
>> > What i d like is each loop would build a 2 dimensions array with the 
>> vars elements ( rw-us-west-1 , rw-us-west-2,  
>> > ro-us-west-1, ro-us-west-2) 
>> > 
>> > Is that even possible to achieve with ansible ?  
>> > thanks 
>> > 
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Ansible Project" group. 
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to 
>> > ansible-proje...@googlegroups.com > ansible-proje...@googlegroups.com>. 
>> > To view this discussion on the 

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[John Petro]

Can you post the output with the error message you are getting?

--John

On Mon, Aug 17, 2020 at 5:05 PM Mauricio Tavares 
wrote:

> On Mon, Aug 17, 2020 at 4:58 PM giob...@gmail.com 
> wrote:
> >
> > Sorry i made a mistake..i used the command
> >
> > ansible-playbook path_to_my_playbook.yml
> >
> > and in the hosts files i added the hostname and then the IP address of
> the remote Computer where i want apply the configurations. But does not
> work:-(
> >
>
> Below are real files of mine. Only difference is that I changed the
> hostname:
>
> file: hosts
> [test]
> testcentos
> testfedora
>
> File: host_vars/testcentos.yml
> ---
> # File: host_vars/testcentos.yml
> # OS: CentOS (for now? Make this so it does not care)
>
> ansible_host: testfedora.example.com
> ansible_port: 2022
> ansible_ssh_private_key_file: ~/.ssh/ansible-test
> ansible_user: root
>
> File: test.yml
> ---
> # file: test.yml
> #
>
> - hosts:
> - test
>
>   vars:
> # - some_var: "roles/test/handlers/duck.yml"
> # - some_var: "wrongability"
> - user_test: "Yes"
> - file_test: "Maybe"
> - string_test: true
>
>   roles:
>   - test
>
> >
> > Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com
> ha scritto:
> >>
> >> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi 
> wrote:
> >> >
> >> >
> >> > I'm new of the Ansible World, and for the moment i used just to
> hardening some linux systems using every time the command locally:
> >> >
> >> >> ansible path_to_my_playbook.yml
> >> >
> >> >
> >> > There is a way to run this commant to a remote computer? i tried
> adding a remote computer in the hosts files but or i make a mistake or it
> does not work
> >> >
> >> Try
> >>
> >> ansible-playbook path_to_my_playbook.yml
> >>
> >> instead
> >>
> >> > could you recommend some links that can help me? as far i will have
> time i will start more in details how ansible works..but now i have to
> hader lots of Linux systems :-|
> >> >
> >> > A.
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an email to ansible-proje...@googlegroups.com.
> >> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com
> .
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAHEKYV7J%2BGCsSr%3DSA1WFw2tSSR7HPiC8b5D6N_t%3DYYa9a%3DQF2w%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_kazAXfge0GWW6mHiW_hWqJfK%3D4isZgpUqWdSWdEKBaQ%40mail.gmail.com.

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[Mauricio Tavares]

On Mon, Aug 17, 2020 at 4:58 PM giob...@gmail.com  wrote:
>
> Sorry i made a mistake..i used the command
>
> ansible-playbook path_to_my_playbook.yml
>
> and in the hosts files i added the hostname and then the IP address of the 
> remote Computer where i want apply the configurations. But does not 
> work:-(
>

Below are real files of mine. Only difference is that I changed the hostname:

file: hosts
[test]
testcentos
testfedora

File: host_vars/testcentos.yml
---
# File: host_vars/testcentos.yml
# OS: CentOS (for now? Make this so it does not care)

ansible_host: testfedora.example.com
ansible_port: 2022
ansible_ssh_private_key_file: ~/.ssh/ansible-test
ansible_user: root

File: test.yml
---
# file: test.yml
#

- hosts:
- test

  vars:
# - some_var: "roles/test/handlers/duck.yml"
# - some_var: "wrongability"
- user_test: "Yes"
- file_test: "Maybe"
- string_test: true

  roles:
  - test

>
> Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com ha 
> scritto:
>>
>> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi  wrote:
>> >
>> >
>> > I'm new of the Ansible World, and for the moment i used just to hardening 
>> > some linux systems using every time the command locally:
>> >
>> >> ansible path_to_my_playbook.yml
>> >
>> >
>> > There is a way to run this commant to a remote computer? i tried adding a 
>> > remote computer in the hosts files but or i make a mistake or it does not 
>> > work
>> >
>> Try
>>
>> ansible-playbook path_to_my_playbook.yml
>>
>> instead
>>
>> > could you recommend some links that can help me? as far i will have time i 
>> > will start more in details how ansible works..but now i have to hader 
>> > lots of Linux systems :-|
>> >
>> > A.
>> >
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > email to ansible-proje...@googlegroups.com.
>> > To view this discussion on the web visit 
>> > https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAHEKYV7J%2BGCsSr%3DSA1WFw2tSSR7HPiC8b5D6N_t%3DYYa9a%3DQF2w%40mail.gmail.com.

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[giob...@gmail.com]

Sorry i made a mistake..i used the command

*ansible-playbook path_to_my_playbook.yml*  

and in the hosts files i added the hostname and then the IP address of the 
remote Computer where i want apply the configurations. But does not 
work:-(

  
Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com ha 
scritto:

> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi  wrote:
> >
> >
> > I'm new of the Ansible World, and for the moment i used just to 
> hardening some linux systems using every time the command locally:
> >
> >> ansible path_to_my_playbook.yml
> >
> >
> > There is a way to run this commant to a remote computer? i tried adding 
> a remote computer in the hosts files but or i make a mistake or it does not 
> work
> >
> Try
>
> ansible-playbook path_to_my_playbook.yml
>
> instead
>
> > could you recommend some links that can help me? as far i will have time 
> i will start more in details how ansible works..but now i have to hader 
> lots of Linux systems :-|
> >
> > A.
> >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com.

Re: [ansible-project] Re: 2 levels nested loop with variables

[Nick-H]

Thanks Racke, I should have had some context. policy_name can vary, 
actually in the real task I have other policies with other names, hence the 
use of a loop for item.name and item.policy .
Just this specific one named rds_foo_bar  needs the nested arguments from 
my vars list(or dict I am not sure) .
Although I can create a dedicate task just for that policy if that is too 
complicated, I just thought I could do some nested loop over variables.
Interesting facts, with nested it actually loop over each character in the 
key:value 
*Couldn't create policy rds-dev-[[u'r', u'e', u'g', u'i', u'o', u'n', 
u's'], [u'r', u'o', u'l', u'e']]* 

the actual play  looks like: 

iam_managed_policy:
policy_name: "{{ item.name }}"
policy: "{{ item.policy }}"
state: present
  loop:
- { name: "rds-prod-{{ lookup('dict', mysql_privilege[0].value ) }} ",  
policy: "{{ lookup('template', rds-prod.json.j2) }}" }
# - { name: "rds-dev-{{  lookup('nested',mysql_privilege )",  
policy: "{{ lookup('template', rds_dev.json.j2) }}" }
# - { name: cloudwatch, policy: "{{ lookup('template','cloudwatch.json.j2') 
}}" }
# other policies with name and policy
  vars:
mysql_privilege:
  role:
- rw
- ro
 rds_region:
- us-west-1
- us-west-2

And rds-prod.json.j2 also reuses the variables from  mysql_privilege dict 
as: 
...
"Action": [
"rds-db:connect"
],
"Resource": "arn:aws:rds-db:{{ rds_region }}{{ aws_id 
}}:dbuser:*/username-{{ role }}"
...


Le jeudi 13 août 2020 à 11:39:26 UTC-7, brae...@gmail.com a écrit :

> On 8/13/20 8:00 PM, Nick-H wrote:
> > so, I have been trying with lookup('dict')  but still not quite close to 
> the expected result 
> > I get: " An unhandled exception occurred while running the lookup plugin 
> 'dict'. Error was a  > 'ansible.errors.AnsibleError'>, original message: with_dict expects a 
> dict"
> > her is the last code :
> > 
> >   iam_managed_policy:
> > policy_name: "{{ item.name }}"
> > policy: "{{ item.policy }}"
> > state: present
> >   loop:
> > 
> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", policy: 
> "{{ lookup('template', 'template.json.j2') }}" }
> > 
> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", 
> policy: "{{ lookup('template', 'template.json.j2') }}" }
> >   vars:
> > mysql_privilege:
> > role:
> >   - rw
> >   - ro
> > regions:
> >   - us-west-1
> >   - us-west-2
> > 
>
> What are the possible values for policy_name? The value for the "policy" 
> seems to the same lookup so you don't need in
> the loop.
>
> I'm pretty sure that you are running into brick walls for a possibly 
> simple problem.
>
> So please explain / give examples how the policy_name is constructed.
>
> Regards
> Racke
>
> > 
> > 
> > 
> > Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :
> > 
> > Hi, I have been looking into /nested /, /subelements /and other /lookups 
> /with no luck to make this working , using
> > ansible 2.8. 
> > Basically , I'd like to construct a loop than can itself iterate over 
> other variables (list or dict). 
> > *  iam_managed_policy:*
> > *policy_name: "{{ item.name  }}"*
> > *policy: "{{ item.policy }}"*
> > *state: present*
> > *  loop:*
> > *- { name: "rds-{{mysql_privilege}}-{{regions}}", policy: 
> "{{ lookup('template', template.json.j2') }}" }*
> > *  vars:*
> > *mysql_privilege:**  *
> > *- rw*
> > *- ro*
> > *regions:*
> > *- us-west-1*
> > *- us-west-2*
> > 
> > but it end up with such result:
> > "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1', 
> u'us-west-1']"
> > 
> > What i d like is each loop would build a 2 dimensions array with the 
> vars elements ( rw-us-west-1 , rw-us-west-2, 
> > ro-us-west-1, ro-us-west-2)
> > 
> > Is that even possible to achieve with ansible ? 
> > thanks
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to
> > ansible-proje...@googlegroups.com  ansible-proje...@googlegroups.com>.
> > To view this discussion on the web visit
> > 
> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>
>
> -- 
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[Mauricio Tavares]

On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi  wrote:
>
>
> I'm new of the Ansible World, and for the moment i used just to hardening 
> some linux systems using every time the command locally:
>
>> ansible path_to_my_playbook.yml
>
>
> There is a way to run this commant to a remote computer?  i tried adding a 
> remote computer in the hosts files but or i make a mistake or it does not work
>
  Try

  ansible-playbook path_to_my_playbook.yml

instead

> could you recommend some links that can help me?  as far i will have time i 
> will start more in details how ansible works..but now i have to hader 
> lots of Linux systems :-|
>
> A.
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAHEKYV6wPRK-Qx1bH1k5kmJ1Xgb%2Bg_cv%3DJ7rAHdszt0MDN4XjQ%40mail.gmail.com.

[ansible-project] Using ansible to hardening Linux Systems Remotely

[giovanni baldi]

I'm new of the Ansible World, and for the moment i used just to hardening 
some linux systems using every time the command locally:

*ansible path_to_my_playbook.yml*


There is a way to run this commant to a remote computer?  i tried adding a 
remote computer in the hosts files but or i make a mistake or it does not 
work

could you recommend some links that can help me?  as far i will have time i 
will start more in details how ansible works..but now i have to hader 
lots of Linux systems :-|

A.


 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com.

Re: [ansible-project] Tags or Variables, not sure which way to go

[John Petro]

Thanks for the response.  I did see that this morning, but hadn't had a
chance to test it out yet.  I"ll give that option a shot and see if it's
better than the variable method I ended up writing.

--John

On Mon, Aug 17, 2020 at 1:18 PM alicia  wrote:

> Hi John,
>
> The opposite of “- -tags my_tag” is “—skip-tags my_tag” - see the updated
> documentation on tags at
> https://docs.ansible.com/ansible/devel/user_guide/playbooks_tags.html.
>
> You would, of course, need to add tags to your task, block, or play before
> you could select or skip those tags at runtime.
>
> Hope this helps,
> Alicia
>
>
> On Aug 16, 2020, at 3:32 PM, John Petro  wrote:
>
> So I am having an issue about not knowing what the best thing to do is.
> Here's what I am trying to accomplish...
>
> I have the following sanitized tasks:
>
> - name: Set authorized key ( prod)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="Prod control node IP"'
>
> - name: Set authorized key ( test)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="testlab control node IP"'
>
> The key option specifies that only the ansible control node can use ssh
> keys to the ansible account.
>
> So is there a way to say execute the prod task unless a "test" tag is
> passed?  At the same time, I want to do the opposite with the test task,
> and say only execute if the "test" tag is passed.  (I know how to do this
> second part),
>
> My other option, would be to just set a variable, and I know I can do it
> that way, but wasn't sure if I could do the same thing with a tag.
>
> --John
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2b8b6e09-b998-48fb-9096-00050012e4d9n%40googlegroups.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/801C0B34-637E-411D-B010-D72E0AE9AE72%40redhat.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8C7DUFX6VYXB-Qh8dqBm_64N-ZgJx4bqj%2BE-WMXOxTFg%40mail.gmail.com.

Re: [ansible-project] Tags or Variables, not sure which way to go

[alicia]

Hi John,

The opposite of “- -tags my_tag” is “—skip-tags my_tag” - see the updated 
documentation on tags at 
https://docs.ansible.com/ansible/devel/user_guide/playbooks_tags.html 
.

You would, of course, need to add tags to your task, block, or play before you 
could select or skip those tags at runtime.

Hope this helps,
Alicia


> On Aug 16, 2020, at 3:32 PM, John Petro  wrote:
> 
> So I am having an issue about not knowing what the best thing to do is.  
> Here's what I am trying to accomplish...
> 
> I have the following sanitized tasks:
> 
> - name: Set authorized key ( prod)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="Prod control node IP"'
> 
> - name: Set authorized key ( test)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="testlab control node IP"'
> 
> The key option specifies that only the ansible control node can use ssh keys 
> to the ansible account.  
> 
> So is there a way to say execute the prod task unless a "test" tag is passed? 
>  At the same time, I want to do the opposite with the test task, and say only 
> execute if the "test" tag is passed.  (I know how to do this second part),  
> 
> My other option, would be to just set a variable, and I know I can do it that 
> way, but wasn't sure if I could do the same thing with a tag.
> 
> --John
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/2b8b6e09-b998-48fb-9096-00050012e4d9n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/801C0B34-637E-411D-B010-D72E0AE9AE72%40redhat.com.

[ansible-project] Re: Ansible inventory duplicate hosts in different groups - Ansible picks the last one from the duplicates

[Abhishek Sharma]

updated command is 

# ansible -i inventory A -m shell -a "ls -l /tmp/{{ lhost }}" --limit 
host1.example.com


On Monday, August 17, 2020 at 7:46:00 PM UTC+5:30 Abhishek Sharma wrote:

> Hi
>
> I have an inventory defined as below:
>
> [A]
> host1.example.com lhost=1010
> host2.example.com lhost=1110
>
> [B]
> host1.example.com lhost=2010
>
> now when i run below command on group A for host1.example.com ansible 
> picks up the host in group B
>
> # ansible -i inventory A -m shell -a "ls -l /tmp/{{ lhost }}"
>
> *output*
>
> ls: no such file or directory /tmp/2010
>
> *expected:*  Ansible should execute on host1 in group A and not group B
>
> Is this behaviour intentional or am i running into some bug or is there 
> something wrong with the command execution.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cc567b0a-8095-4c1b-8a3b-85c11f2a4d34n%40googlegroups.com.

[ansible-project] Ansible inventory duplicate hosts in different groups - Ansible picks the last one from the duplicates

[Abhishek Sharma]

Hi

I have an inventory defined as below:

[A]
host1.example.com lhost=1010
host2.example.com lhost=1110

[B]
host1.example.com lhost=2010

now when i run below command on group A for host1.example.com ansible picks 
up the host in group B

# ansible -i inventory A -m shell -a "ls -l /tmp/{{ lhost }}"

*output*

ls: no such file or directory /tmp/2010

*expected:*  Ansible should execute on host1 in group A and not group B

Is this behaviour intentional or am i running into some bug or is there 
something wrong with the command execution.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f54f4eda-c2b1-4da2-a26a-355356a86f95n%40googlegroups.com.

Re: [ansible-project] Re: Ansible Windows Deployment - 'Connection aborted.', error(104, 'Connection reset by peer')

[Tony Wong]

i dont understand what this mean

You need both the hotfix and the registry keys set for the connection to
break like this, having one or the other is not enough. A

On Sun, Aug 16, 2020 at 5:40 PM Tony Wong  wrote:

> I have same problem. I enabled winrm over https and i can see it listen to
> 5986. but a simple win_ping is not working
>
> On Monday, September 17, 2018 at 2:46:26 PM UTC-7 jbor...@gmail.com wrote:
>
>> You need both the hotfix and the registry keys set for the connection to
>> break like this, having one or the other is not enough. Another thing to
>> note is that this only applies to Server 2008, the 2008 R2 edition works
>> just fine with TLSv1.2. So if this is the original 2008 version (and not
>> 2008 R2) verify that TLS1.2 isn't enabled in the registry for the server
>> side.
>>
>> Thanks
>>
>> Jordan
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/CmgTs1NbvZE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1f417e6f-d87f-44e7-9a7e-60ff9fc57765n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CALmkhkoiwzdYFZXazGWoo1tz5v5dCY2hsLFDz%2Byruk3P46jFzg%40mail.gmail.com.

[ansible-project] Passing encrypted password to playbook using --ask-become-pass option

[kulal.k...@gmail.com]

Hello,

 I am trying to pass the encrypted password to execute my playbook and 
while doing so I see below error.

 Error: FAILED! => {"msg": "The field 'become_pass' has an invalid value, 
which includes an undefined variable. The error was: 'ansible_password' is 
undefined"}

My Host file named hosts:

[windows]

192.168.1.113 ##Windows 10

[windows:vars]

ansible_user=domainnet\xyzaccount

ansible_become=yes  # use sudo

ansible_become_method=sudo

ansible_become_password='{{ ansible_password }}'

ansible_connection=winrm

#ansible_port=5985

ansible_winrm_transport=ntlm

ansible_winrm_server_cert_validation=ignore

Encrypted data file named passwd.yml:

---

ansible_password='myEncryptedPass'

Tried this command to execute:  

sudo ansible-playbook -i hosts copytesting.yml --ask-pass --ask-become-pass

Also tried this one as well: sudo ansible-playbook -i hosts 
--ask-vault-pass --extra-vars passwd.yml copytesting.yml 

 Is the variable declaration correct? 

Has this anything to do with my execute command line switch? 

 Many Thanks!!


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b374090e-096b-42b7-b781-b1b49d8fc534n%40googlegroups.com.

Re: [ansible-project] install ansible system wide

[Dick Visser]

How did you install it?

On Mon, 17 Aug 2020 at 09:53, Manuel Sopena Ballesteros
 wrote:
>
>
> hi,
> I just realised that ansible installs on user home folder
> ```
> $ whereis ansible-playbook
> ansible-playbook: /home/msopena/.local/bin/ansible-playbook
> ```
> how can I install ansible system-wide so I can install it once and any user 
> can use it?
>
> thank you
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/78ef395e-5ddd-4697-a7b2-12faaffdc5afn%40googlegroups.com.



-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwPCMeM8Vai8MRzQ4BPJCMaeKWPkNHOiE6FOz4ESy4khhA%40mail.gmail.com.

[ansible-project] install ansible system wide

[Manuel Sopena Ballesteros]

hi, 
I just realised that ansible installs on user home folder 
```
$ whereis ansible-playbook
ansible-playbook: /home/msopena/.local/bin/ansible-playbook
```
how can I install ansible system-wide so I can install it once and any user 
can use it?

thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/78ef395e-5ddd-4697-a7b2-12faaffdc5afn%40googlegroups.com.

[ansible-project] How to add var file in task level and not playbook level

[דודו דודו]

This is not working 

Thanks 

- name: Update server etc/host 
  vars_files: /opt/defaults/defaults.yml
  lineinfile:
  path: /etc/hosts
  line: "{{ external_address }}{{ service_name }}"
  state: present
  backup: yes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e950bbe-0f2f-41c2-9dbb-075addf5c268o%40googlegroups.com.

Re: [ansible-project] How do i install an ansible galaxy role from a tar.gz file as non-root user ?

[Luca 'remix_tj' Lorenzetto]

On Sat, Aug 15, 2020 at 2:56 PM Hans Lammerts  wrote:
> Just discovered that the command
>
> ansible-galaxy install dsglaser-cis_security-1.2.0.tar.gz -p ./bla
>
> does work, but only as root. And that's not what I want...
>
> What am I doing wrong ?

It's very strange, maybe ./bla directory is root owned?

You should be able to  run this command without being root.

Luca


-- 
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKuX69rK1AV3%3DF-As5GmiFjzgyaHR2cmpyCAv6COCZpT%2B51Lvw%40mail.gmail.com.