Re: [ansible-project] random grub password

2023-04-16 Thread 'Kai Stian Olstad' via Ansible Project 

On 12.04.2023 11:52, Kathy L wrote:
That is pretty cool.  Mgmt is not thrilled with using a filter and want 
me
to see if I can do it another way.  I'm trying using the expect module, 
but

not getting the response I thought:

- name: Use expect
  expect:
command: /usr/bin/grub-mkpasswd-pbkdf2
   responses:
(?i)Enter password: "{{ random_plaintext_password }}"
(?i)Reenter password: {{ random_plaintext_password }}"
  register: grub_hash
  delegate_to: 127.0.0.1

- name: Print grub_hash
  debug:
msg: "Grub hash is {{ grub_hash.stdout }}"

However this prints the entire "exchange":

New grub hash is Enter password:
Reenter password:
PDKDF2 hash of your password is.

Why is the entire exchange printed out?  I expected that the last line
above would be printed which I could then use cut on to print only the
password.


The .stdout contains everything that is printed to stdout, hence the 
name.

You have .stdout_lines where each lines is an element in the list,
so grub_hash.stdout_lines[-1] gives you the last line.

So what you are looking for is this

  {{ grub_hash.stdout_lines[-1].split()[-1] }}


--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6ec051cf3437b32a33ea46ba84c6ed9c%40olstad.com.

Re: [ansible-project] Need to automate task via bastion host

2023-04-16 Thread Vladimir Botka 
Hi Monica,

On Sun, 16 Apr 2023 00:23:14 -0700 (PDT)
Monica  wrote:

> Hi  Vladimir Botka,
> Looking for your support on this.

You said you can "connect to the remote host via bastion host
using ssh".

shell> ssh user@@ -p 8022

Let me ask you first. Wouldn't an Ansible controller in the internal
network serve you use-case better?

 ext_net <-> bastion_host <-> ansible_controller <-> remote_host

You should store you projects in a version control. Why don't you
clone the projects on the controller and run your playbooks from
there? This has many advantages:

 * The configuration is simpler
 * You can limit the external SSH access to single host
 * Playbooks in the local network run faster
 * The execution of the projects don't depend on the throughput and
   quality of the external network
 * You can use *ansible-pull* on the controller to update the
   projects automatically
 * You can schedule the projects' updating to off-peak times

Why do you want to run Ansible via proxy?

-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20230416132743.16fb3f4a%40gmail.com.


pgpluFiJdA3XJ.pgp
Description: OpenPGP digital signature

Re: Re: [ansible-project] Need to automate task via bastion host

2023-04-16 Thread Monica 
Hi  Vladimir Botka,

Looking for your support on this.

On Wednesday, April 12, 2023 at 11:00:45 AM UTC+5:30 Monica wrote:

> Hi,
>
> Can anyone help me on this, still I am facing the issue.
>
> On Tuesday, April 4, 2023 at 3:17:43 PM UTC+5:30 dulh...@mailbox.org 
> wrote:
>
> what I would try is 
>   
> 1. create an *~/.ssh/conf* file as per the example I sent 
> 2. use Ansible as if there was no jumphost involved at all 
>   
>   
>   
> -- Original Message -- 
> From: Monica  
> To: Gunnar Wagner  
> Date: 04/03/2023 6:11 PM CEST 
> Subject: Re: [ansible-project] Need to automate task via bastion host 
>   
>   
> hi Gunnar, 
>   
> I tried this and the same didn't work out-: 
>   
> [remote-nodes] 
> remote-node-1 ansible_host= ansible_user=user 
> ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 
> user@"' 
> remote-node-2 ansible_host= ansible_user=user 
> ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 
> user@"' 
>   
> On Mon, Apr 3, 2023 at 6:00 PM Gunnar Wagner  
> wrote: 
>
> it is not quite clear what exactly you have tried & did not work 
>
> On 04/03/2023 12:32 PM CEST Monica  wrote: 
>   
>   
> Hi Todd, 
>   
> Thank you for explaining the same, however I am still getting the same 
> error-: 
>   
>   
>
> On Mon, Apr 3, 2023 at 11:13 AM dulhaver via Ansible Project <
> ansible...@googlegroups.com> wrote: 
>
> I agree with Tood, that setting up a propper ~/.ssh/config should be the 
> way to do this. something like ... 
>
>Host jumphost 
>   HostName jumphost.blub.com 
>   User username 
>   PreferredAuthentication publickey 
>   IdentityFile ~/.ssh/demo.ed25519 
>
>Host internal-target 
>   Hostname target.blub.com 
>   ProxyJump jumphost 
>   User username 
>   PreferredAuthentication publickey 
>   IdentityFile ~/.ssh/demo.ed25519 
>
>
> ... should do it I believe 
>
>
> > On 04/02/2023 10:51 PM CEST Todd Zullinger  wrote: 
> > 
> >  
> > Will McDonald wrote: 
> > > https://www.jeffgeerling.com/blog/2022/ 
> > > using-ansible-playbook-ssh-bastion-jump-host 
> > 
> > Odd that uses ProxyCommand in `ansible_ssh_common_args` and 
> > not the far simpler ProxyJump, which it does mention in the 
> > ~/.ssh/config method.  The `-J` shortcut for that is even 
> > better. 
> > 
> > Perhaps it does that to illsutrate a more complex use case, 
> > where the bastion runs on a different port, but if you're 
> > not doing that, it's likely simpler to skip it and use the 
> > `-J` argument. 
> > 
> > I would expect (but have not tested) this works: 
> > 
> > ansible_ssh_common_args='-J $your_bastion_hostname' 
> > 
> > ProxyJump / -J was added in OpenSSH-7.3 -- so it's surely on 
> > any host folks would be using as an ansible control host. 
> > 
> > -- 
> > Todd 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com. 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/ZCnqsTK-z1LKdm05%40pobox.com.
>  
>
>
> --- 
> gunnar wagner | fichtestr. 1, 19386 lübz | fon: 0176 7808 9090 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com. 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/404677238.549090.1680500565843%40office.mailbox.org.
>  
>
>
>
>   
>
>  
> -- 
>
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com. 
>
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/CANi23%3Dy4qzVo6Ci9DReu%3DxvLHYx9Swokd_EaB8e1s_%3D_k5hDjQ%40mail.gmail.com
>  
> .
>  
>
>
>   
>
>  
>
>
>  
>   
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/048feeb7-21e6-43c1-88f9-63949834e3c0n%40googlegroups.com.