Re: [ansible-project] override variable from outside role

2023-10-04 Thread 'Matt Zagrabelny' via Ansible Project 
Hi Vladimir,

On Wed, Oct 4, 2023 at 5:38 PM Vladimir Botka  wrote:

> > $ cat roles/nftables/defaults/main.yaml
> > forward_policy: drop
> >
> > $ cat roles/router/vars/main.yaml
> > forward_policy: accept
> >
> > I don't know how to override the variable in the nftables role from
> within
> > the router role.
>
> Is it possible to minimize the example?
>
> shell> tree .
> .
> ├── hosts
> ├── pb.yml
> └── roles
> ├── nftables
> │   ├── defaults
> │   │   └── main.yml
> │   └── tasks
> │   └── main.yml
> └── router
> ├── tasks
> │   └── main.yml
> └── vars
> └── main.yml
>
> shell> cat roles/nftables/defaults/main.yml
> forward_policy: drop
> shell> cat roles/nftables/tasks/main.yml
> - debug:
> var: forward_policy
>
> shell> cat roles/router/vars/main.yml
> forward_policy: accept
> shell> cat roles/router/tasks/main.yml
> - debug:
> var: forward_policy
>
> shell> cat hosts
> [router]
> zed
> shell> cat pb.yml
> - hosts: all
>   roles:
> - nftables
>
> - hosts: router
>   roles:
> - router
>
> Running the playbook gives
>
> shell> ansible-playbook pb.yml
>
> PLAY [all] *
>
> TASK [nftables : debug] 
> ok: [zed] =>
>   forward_policy: drop
>

I would like forward_policy to be "accept" for the nftables role - since I
want the "router" role to affect how a j2 template gets set in the
"nftables" role.


>
> PLAY [router] **
>
> TASK [router : debug] **
> ok: [zed] =>
>   forward_policy: accept
>

So, I'd like to be able to modify a variable in one role from a different
role.

Or perhaps have a global variable that can bet set to a default value in
the role "nftables", but overridden in the role "router".

Thanks for the help!

-m

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOLfK3UCmzU-B3Fuegc%2B3VB23g4UCo5hPq36uO9dx5UUqbPwLA%40mail.gmail.com.

Re: [ansible-project] override variable from outside role

2023-10-04 Thread Vladimir Botka 
> $ cat roles/nftables/defaults/main.yaml
> forward_policy: drop
> 
> $ cat roles/router/vars/main.yaml
> forward_policy: accept
> 
> I don't know how to override the variable in the nftables role from within
> the router role.

Is it possible to minimize the example?

shell> tree .
.
├── hosts
├── pb.yml
└── roles
├── nftables
│   ├── defaults
│   │   └── main.yml
│   └── tasks
│   └── main.yml
└── router
├── tasks
│   └── main.yml
└── vars
└── main.yml

shell> cat roles/nftables/defaults/main.yml 
forward_policy: drop
shell> cat roles/nftables/tasks/main.yml 
- debug:
var: forward_policy

shell> cat roles/router/vars/main.yml 
forward_policy: accept
shell> cat roles/router/tasks/main.yml 
- debug:
var: forward_policy

shell> cat hosts
[router]
zed
shell> cat pb.yml 
- hosts: all
  roles:
- nftables

- hosts: router
  roles:
- router

Running the playbook gives

shell> ansible-playbook pb.yml

PLAY [all] *

TASK [nftables : debug] 
ok: [zed] =>
  forward_policy: drop

PLAY [router] **

TASK [router : debug] **
ok: [zed] =>
  forward_policy: accept

Does this reproduce your problem? If yes what do you expect?


-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20231005003836.3b6eaaed%40gmail.com.


pgp7O6lhChJRn.pgp
Description: OpenPGP digital signature

[ansible-project] override variable from outside role

2023-10-04 Thread 'Matt Zagrabelny' via Ansible Project 
Greetings Ansible users!

I have a role "nftables" that is assigned to all nodes in my inventory. It
has a variable 'forward_policy' that has a default value:

$ cat roles/nftables/defaults/main.yaml
forward_policy: drop

I'd like to have another role (applied only to my router system) that can
override that variable:

$ cat roles/router/vars/main.yaml
forward_policy: accept

I don't know how to override the variable in the nftables role from within
the router role. Does anyone have any suggestions?

Thanks for any help!

-m

PS. Here is are my current playbooks:

roles
├── nftables
│   ├── defaults
│   │   └── main.yaml
│   ├── files
│   │   └── etc
│   │   ├── nftables.conf
│   │   └── nftables.conf.d
│   │   └── 000-flush-ruleset.nft
│   ├── handlers
│   │   └── main.yaml
│   ├── tasks
│   │   └── main.yaml
│   └── templates
│   └── etc
│   └── nftables.conf.d
│   └── 050-default-chains.nft.j2
└── router
├── files
│   └── etc
│   └── nftables.conf.d
│   └── 070-default-nat-table.nft
├── tasks
│   ├── main.yaml
│   └── nftables_nat_table.yaml
└── vars
└── main.yaml

17 directories, 10 files

And the contents:

───┬
   │ File: hosts.yaml
───┼
   1   │ ungrouped:
   2   │ hosts:
   3   │ zed:
   4   │
   5   │ router:
   6   │ hosts:
   7   │ zed:
───┴
───┬
   │ File: roles/nftables/defaults/main.yaml
───┼
   1   │ forward_policy: drop
───┴
───┬
   │ File: roles/nftables/files/etc/nftables.conf
───┼
   1   │ #!/usr/sbin/nft -f
   2   │
   3   │ include "/etc/nftables.conf.d/*.nft"
───┴
───┬
   │ File:
roles/nftables/files/etc/nftables.conf.d/000-flush-ruleset.nft
───┼
   1   │ flush ruleset
───┴
───┬
   │ File: roles/nftables/handlers/main.yaml
───┼
   1   │ -
   2   │ name: restart nftables
   3   │ service:
   4   │ name:  nftables
   5   │ state: restarted
───┴
───┬
   │ File: roles/nftables/tasks/main.yaml
───┼
   1   │ ---
   2   │ # This playbook contains plays to configure nftables.
   3   │
   4   │ -
   5   │ name: enable service nftables
   6   │ service:
   7   │ name:nftables
   8   │ enabled: yes
   9   │
  10   │ -
  11   │ name: configure nftables.conf
  12   │ copy:
  13   │ src:  files/etc/nftables.conf
  14   │ dest: /etc/nftables.conf
  15   │ tags:
  16   │ - nftables
  17   │ notify: restart nftables
  18   │
  19   │ -
  20   │ name: configure nftables.conf.d
  21   │ copy:
  22   │ src:  files/etc/nftables.conf.d
  23   │ dest: /etc
  24   │ tags:
  25   │ - nftables
  26   │ notify: restart nftables
  27   │
  28   │ -
  29   │ name: configure nftables.conf.d/050-default-chains.nft
  30   │ template:
  31   │ src:  etc/nftables.conf.d/050-default-chains.nft.j2
  32   │ dest: /etc/nftables.conf.d/050-default-chains.nft
  33   │ tags:
  34   │ - nftables
  35   │ notify: restart nftables
───┴
───┬
   │ File:
roles/nftables/templates/etc/nftables.conf.d/050-default-chains.nft.j2
───┼
   1   │ table inet filter {
   2   │ chain input {
   3   │ type filter hook input \
   4   │ priority 0;
   5   │ policy accept;
   6   │ }
   7   │ chain forward {
   8   │ type filter hook forward \
   9   │ priority 0;
  10   │ policy {{

Re: [ansible-project] issue with "ansible-galaxy collection install" today

2023-10-04 Thread J M 
I think that last official version is 8.4.0, core must be accordly.

Regards


El mié., 4 oct. 2023 21:53, Matt Martz  escribió:

> You seem to have an unsupported version of ansible-core installed. Please
> see
> https://github.com/ansible/ansible/issues/81830#issuecomment-1743199288
> for more information.
>
> On Wed, Oct 4, 2023 at 3:52 PM 'Janet Wang' via Ansible Project <
> ansible-project@googlegroups.com> wrote:
>
>> Hi,
>>
>> My ci/cd pipeline failed today at step running "ansible-galaxy collection
>> install community.aws:==5.4.0" with following error:
>>
>> Starting galaxy collection install process
>> 14:41:17 Process install dependency map
>> 14:41:18 |/-\|/-[WARNING]: Skipping Galaxy server
>> https://galaxy.ansible.com/api/. Got an unexpected error when getting
>> available versions of collection community.aws:
>> 14:41:18
>> '/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
>> 14:41:18 ERROR! Unexpected Exception, this is probably a bug:
>> '/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
>> 14:41:18 to see the full traceback, use -vvv
>>
>> I also try to search 'community.aws' collection on
>> https://galaxy.ansible.com/ui/, but found nothing.
>>
>> anyone know what might have caused this issue?  my last successful run is
>> on 9/19/23.
>>
>> Thanks
>>
>> Janet
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/c9ee699d-654b-4c64-b745-a2b46d289968n%40googlegroups.com
>> 
>> .
>>
>
>
> --
> Matt Martz
> @sivel
> sivel.net
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAD8N0v8dnE33inFT-_u6HaDf98UVgCNDZe99QcK0TBbY2T-yng%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8MddUP-C0LtkNeFP4nYco7b6DQACrj10oZNBNc1%2B%2By6cFbKA%40mail.gmail.com.

Re: [ansible-project] issue with "ansible-galaxy collection install" today

2023-10-04 Thread Matt Martz 
You seem to have an unsupported version of ansible-core installed. Please
see https://github.com/ansible/ansible/issues/81830#issuecomment-1743199288
for more information.

On Wed, Oct 4, 2023 at 3:52 PM 'Janet Wang' via Ansible Project <
ansible-project@googlegroups.com> wrote:

> Hi,
>
> My ci/cd pipeline failed today at step running "ansible-galaxy collection
> install community.aws:==5.4.0" with following error:
>
> Starting galaxy collection install process
> 14:41:17 Process install dependency map
> 14:41:18 |/-\|/-[WARNING]: Skipping Galaxy server
> https://galaxy.ansible.com/api/. Got an unexpected error when getting
> available versions of collection community.aws:
> 14:41:18
> '/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
> 14:41:18 ERROR! Unexpected Exception, this is probably a bug:
> '/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
> 14:41:18 to see the full traceback, use -vvv
>
> I also try to search 'community.aws' collection on
> https://galaxy.ansible.com/ui/, but found nothing.
>
> anyone know what might have caused this issue?  my last successful run is
> on 9/19/23.
>
> Thanks
>
> Janet
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c9ee699d-654b-4c64-b745-a2b46d289968n%40googlegroups.com
> 
> .
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8dnE33inFT-_u6HaDf98UVgCNDZe99QcK0TBbY2T-yng%40mail.gmail.com.

[ansible-project] issue with "ansible-galaxy collection install" today

2023-10-04 Thread 'Janet Wang' via Ansible Project 
Hi, 

My ci/cd pipeline failed today at step running "ansible-galaxy collection 
install community.aws:==5.4.0" with following error:

Starting galaxy collection install process
14:41:17 Process install dependency map
14:41:18 |/-\|/-[WARNING]: Skipping Galaxy server 
https://galaxy.ansible.com/api/. Got an unexpected error when getting 
available versions of collection community.aws:
14:41:18 
'/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
14:41:18 ERROR! Unexpected Exception, this is probably a bug: 
'/api/v3/plugin/ansible/content/published/collections/index/community/aws/versions/'
14:41:18 to see the full traceback, use -vvv

I also try to search 'community.aws' collection 
on https://galaxy.ansible.com/ui/, but found nothing.  

anyone know what might have caused this issue?  my last successful run is 
on 9/19/23.

Thanks

Janet




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c9ee699d-654b-4c64-b745-a2b46d289968n%40googlegroups.com.

Re: [ansible-project] Ansible Collections community.general: 403 Forbidden

2023-10-04 Thread Jerome Arellano 
I found a workaround, since I'm not familiar with the ins and outs or 
modification of ansible configurations inside the k3s pods that I'm using 
to manage ansible AWX.

we added a source in the *requirements.yml* of our collections pointing to 
the old galaxy_ng and it worked.
---
collections:
  - name: community.general
version: 7.4.0
source: https://old-galaxy.ansible.com

other workaround mentioned in Skipping Galaxy server 
https://galaxy.ansible.com/api/ - Get Help - Ansible 

 is 
adding the galaxy server in your ansible.cfg.

[galaxy] server = https://old-galaxy.ansible.com/

cheers!

On Monday, October 2, 2023 at 4:47:43 PM UTC+2 Matt Martz wrote:

> If you have a ~/.ansible/galaxy_token file with a token from the previous 
> deployment, the token will not work with the new deployment, and cause a 
> 403.
>
> On Mon, Oct 2, 2023 at 10:43 AM Todd Lewis  wrote:
>
>> This appears to be serious issues with the galaxy_ng deployment at 
>> galaxy.ansible.com. The Ansible Forum's "get help" topic (
>> https://forum.ansible.com/c/help) is blowing up this morning with all 
>> sort of things not working, all of which have galaxy.ansible.com in 
>> common.
>>
>> On Monday, October 2, 2023 at 5:51:44 AM UTC-4 Jerome Arellano wrote:
>>
>>> okay, thank you for your response.
>>>
>>> On Monday, October 2, 2023 at 9:35:20 AM UTC+2 Dick Visser wrote:
>>>
 Hii
 Sounds like something specifically for AWX, so you might get more 
 response on the dedicated AWX list/group...

 On Mon, 2 Oct 2023 at 09:19, Jerome Arellano  
 wrote:

> Hello,
>
> Has someone experienced an error when syncing projects?
>
> error encountered:  
> *ERROR! Failed to download collection tar from 
> 'explicit_requirement_community.general' due to the following unforeseen 
> error: .  error Tunnel connection failed: 403 Forbidden>*
> The file requirements.yml created under collections folder in my 
> project directory.
> ---
> collections:
>   - name: community.general
> version: 7.4.0
> source: https://galaxy.ansible.com
>
> From the AWX GUI Output, the download is starting however is 403 
> Forbidden, it somewhat needs some kind of authentication.
>
> Starting galaxy collection install process
> Process install dependency map
> Starting collection install process
> Downloading 
> https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-general-7.2.0.tar.gz
>  
> to 
> /var/lib/awx/projects/.__awx_cache/**/stage/tmp/ansible-local-55416g0r_kfh4/tmp1nury9pd/community-general-7.2.0-23jv496b
>
> Do you know any workaround?
>
> -- 
> You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/de321e50-770b-4571-bdb9-975f63fd2fd9n%40googlegroups.com
>  
> 
> .
>
 -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com.
>>
> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/7ffa0649-ac95-4f4d-9e8a-2097a6ce6b9en%40googlegroups.com
>>  
>> 
>> .
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/388e9164-6eef-4766-8dab-6fb782e798c0n%40googlegroups.com.