from:"AS"

On Tue, 28 May 2024 at 15:42, Andrew Latham  wrote:

> Unable to test from current location but do you need to delegate_to for
> this?
>

Yes, I didn't explicitly mention it, but I'm running all the tasks from a
dedicated "local" play with these settings:

- name: API tasks
  hosts: foo_hosts
  # This is an API-only play, so we run it locally - not from the actual
hosts
  connection: local
  become: false
  gather_facts: false
  tags: foo,always
  run_once: true

  tasks:
- name: blah


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZ3mhSSEVkr9AJQHuFvk9xjHRPfLqj%2BbgE-0jOMHShTwQ%40mail.gmail.com.

Re: [ansible-project] Re: Is there a task/module to create a vaulted file?

2024-05-28 Thread Andrew Latham

Unable to test from current location but do you need to delegate_to for
this?

On Tue, May 28, 2024 at 7:23 AM Dick Visser  wrote:

>
>
> On Tue, 28 May 2024 at 15:17, Dick Visser  wrote:
>
>>
>> This seems to work, and because ansible.cfg contains the right
>> information (vault_identity_list, vault_encrypt_identity) the encrypted
>> content looks good, when I'm debugging.
>> But the actual file contents are plain text again. It seems the copy
>> module decrypts the encrypted content again? How can I force the content to
>> NOT be decrypted?
>>
>
> To quickly answer my own question: there is a decrypt parameter:
> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-decrypt
> I had never noticed that 嵐
>
> So the first task does work now.
>
> Still my other question remains:
>
>
>> Another approach is the vault filter, which seems to be a bit cleaner. I
>> thought this would do the trick:
>>
>> - name: save token
>>   ansible.builtin.copy:
>> content: "{{ token | ansible.builtin.vault }}"
>> dest: /tmp/out2
>> mode: 0600
>>
>> But that didn't work, the filter insists on an actual secret value. I
>> then must do a separate lookup for the ansible vault password. But the
>> vault password file can also be an executable that sends the secret to
>> stdout. I don't want to have to implement that logic myself.
>>
>> Is there a way for the ansible.builtin.vault filter to use the
>> vault_identity_list and vault_encrypt_identity that are in ansible.cfg?
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com
> 
> .
>


-- 
- Andrew "lathama" Latham -

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S890JNmisy6LkoHkJN8RA1_neDHmCL1XP0e7EwRm-Gx7w%40mail.gmail.com.

[ansible-project] Re: Is there a task/module to create a vaulted file?

On Tue, 28 May 2024 at 15:17, Dick Visser  wrote:

>
> This seems to work, and because ansible.cfg contains the right information
> (vault_identity_list, vault_encrypt_identity) the encrypted content looks
> good, when I'm debugging.
> But the actual file contents are plain text again. It seems the copy
> module decrypts the encrypted content again? How can I force the content to
> NOT be decrypted?
>

To quickly answer my own question: there is a decrypt parameter:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-decrypt
I had never noticed that 嵐

So the first task does work now.

Still my other question remains:


> Another approach is the vault filter, which seems to be a bit cleaner. I
> thought this would do the trick:
>
> - name: save token
>   ansible.builtin.copy:
> content: "{{ token | ansible.builtin.vault }}"
> dest: /tmp/out2
> mode: 0600
>
> But that didn't work, the filter insists on an actual secret value. I then
> must do a separate lookup for the ansible vault password. But the vault
> password file can also be an executable that sends the secret to stdout. I
> don't want to have to implement that logic myself.
>
> Is there a way for the ansible.builtin.vault filter to use the
> vault_identity_list and vault_encrypt_identity that are in ansible.cfg?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com.

[ansible-project] Is there a task/module to create a vaulted file?

Hii

In one of my playbooks there is a task that is creating a token through an
API.
As the next task, I would like to store that token somewhere in my vars
hierarchy.
If it were a plain text variable that would be easy.

But I don't seem to be able to safe a vaulted file with a task.

One approach is with the pipe lookup and ansible-vault encrypt (seems a big
ugly/unsafe):

- name: save token
ansible.builtin.copy:
content: "{{ lookup('ansible.builtin.pipe', 'echo ' ~ token|quote ~ '
ansible-vault encrypt') }}"
dest: /tmp/out1
mode: 0600

This seems to work, and because ansible.cfg contains the right information
(vault_identity_list, vault_encrypt_identity) the encrypted content looks
good, when I'm debugging.
But the actual file contents are plain text again. It seems the copy module
decrypts the encrypted content again? How can I force the content to NOT be
decrypted?

Another approach is the vault filter, which seems to be a bit cleaner. I
thought this would do the trick:

- name: save token
ansible.builtin.copy:
content: "{{ token | ansible.builtin.vault }}"
dest: /tmp/out2
mode: 0600

But that didn't work, the filter insists on an actual secret value. I then
must do a separate lookup for the ansible vault password. But the vault
password file can also be an executable that sends the secret to stdout. I
don't want to have to implement that logic myself.

Is there a way for the ansible.builtin.vault filter to use the
vault_identity_list and vault_encrypt_identity that are in ansible.cfg?

To see if it worked at all, i just hard coded the actual secret like this:

- name: save token
ansible.builtin.copy:
content: "{{ token | ansible.builtin.vault('hackme') }}"
dest: /tmp/out2
mode: 0600

Just like the other example, this works but the content is again decrypted
by the copy module.

Any hints are appreciated :)

tnx

Dick

--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLaV1HzkBjL_PR6d-D3kZ%3DQRkXdt%2BvfFsRENNJ0ZULwSyw%40mail.gmail.com.

[ansible-project] set module_defaults globally?

2024-05-28 Thread 'Rowe, Walter P. (Fed)' via Ansible Project

Hii

I know that it is possible to set defaults for modules:
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_module_defaults.html

The highest level at which this can be set is play level.
But I have many plays, so I'd have to edit all those plays and explicitly
define them.
I can use a variable for it (I think) but still it's a lot of extra code.

Is there a way to set this globally, in some (single) configuration/file?

Thx

Dick

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZaTTQyKa1qKD1Ut8umJ%2Bd0%2BtK2ifG-Ei1d9PjkC24WhQ%40mail.gmail.com.

[ansible-project] Re: ansible 2.17 and fortinet.fortios compatibility

2024-05-28 Thread Azadeh Amirhosseini

Update.
For those who are interested, i did uninstall ansible-core 2.17.0 and 
installed 2.16.7 and now it works as expected.

On Wednesday, May 22, 2024 at 11:15:16 AM UTC+2 Azadeh Amirhosseini wrote:

> Hi all,
>
> I have installed Ansible Core 2.17.0. My question is, is the Galaxy 
> collection fortinet.fortios 2.3.6 compatible with this version?
>
> I am facing issues executing the related playbook, even though the same 
> playbook runs well with an older version of Ansible.
>
> *An exception occurred during task execution. To see the full traceback, 
> use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 
> Requested entry (plugin_type: connection plugin: 
> ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: 
> access_token ) was not defined in configuration.* 
>
> Best regards,
>
> Azadeh
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/973f4c1d-6841-468c-9cb6-85cbc6d8c2f3n%40googlegroups.com.

[ansible-project] win_chocolatey not installed in AWX

2024-05-28 Thread Narender Singh

Dear Experts,

I am new to Ansible and working on Ansible Tower. I have some basic 
configuration ad able to play around. 

I was trying to manage packages in windows using win_chocolatey but its not 
in the AWX. 

Getting below error:
SSH password: 
1
BECOME password[defaults to SSH password]: 
2
ERROR! couldn't resolve module/action 'win_chocolatey'. This often 
indicates a misspelling, missing collection, or incorrect module path.
3
4
The error appears to be in 
'/runner/project/windows/install_uninstall_with_chocolatey.yml': line 13, 
column 6, but may
5
be elsewhere in the file depending on the exact syntax problem.
6
7
The offending line appears to be:
8
9
# Install/uninstall with chocolatey
10
- name: Ensure 7-Zip is installed through Chocolatey
11
^ here



*My installation is AWX Tower on k3s on centos 8 release.*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f0bd9b70-7ffd-4ded-9c1b-c475f8064e58n%40googlegroups.com.

[ansible-project] vmware_guest module network config for Redhat Linux version 9.X

2024-05-28 Thread Karthik

Hi,

I am using vmware_guest module to create a Redhat Linux 9.3 VM, so what
happens is the VM is launched and is online, but the network configurations
files are created under /etc/sysconfig/network-scripts/ which is the usual
approach.

but if one can take a look at the readme file(provided below), the ifcfg
format is deprecated & the configs will have to be updated or stored in
/etc/NetworkManager/system-connections/.

Can the vmware_guest module be tweaked to suit Linux v9 network
configuration setup please.

# cd /etc/sysconfig/network-scripts/
# ls -l

-rw-r--r--. 1 root root 366 May 10 16:44 ifcfg-ens192
-rw-r--r--. 1 root root 1244 Feb 21 12:51 readme-ifcfg-rh.txt

# cat readme-ifcfg-rh.txt
NetworkManager stores new network profiles in keyfile format in the
/etc/NetworkManager/system-connections/ directory.

Previously, NetworkManager stored network profiles in ifcfg format
in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg
format is deprecated. By default, NetworkManager no longer creates
new profiles in this format.

Connection profiles in keyfile format have many benefits. For example,
this format is INI file-based and can easily be parsed and generated.

Each section in NetworkManager keyfiles corresponds to a NetworkManager
setting name as described in the nm-settings(5) and nm-settings-keyfile(5)
man pages. Each key-value-pair in a section is one of the properties
listed in the settings specification of the man page.

If you still use network profiles in ifcfg format, consider migrating
them to keyfile format. To migrate all profiles at once, enter:

# nmcli connection migrate

This command migrates all profiles from ifcfg format to keyfile
format and stores them in /etc/NetworkManager/system-connections/.

Alternatively, to migrate only a specific profile, enter:

# nmcli connection migrate

For further details, see:
* nm-settings-keyfile(5)
* nmcli(1)

Regards,
Karthik

--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e7f3466e-5651-4609-b51c-42301b401dffn%40googlegroups.com.

Re: [ansible-project] Looping through a register variable

Very subtle but very different. Great catch Todd.

In the first instance you create a list that contains a single item – another 
list called known.stdout_lines.

loop:
  - '{{ known.stdout_lines }}'

In the second instance you provide a list called known.stdout_lines as the list 
for the loop:

loop: '{{ known.stdout_lines }}'

The second instance is the desired behavior. The difference is subtle at first 
glance but makes a world of difference in execution.

Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123

On May 23, 2024, at 11:30 AM, Todd Lewis  wrote:

Gah! Of course. known.stdout_lines is a list, so

loop:
  - '{{ known.stdout_lines }}'


passes the whole list as a single item. So you need to not put the list in a 
list:

loop: '{{ known.stdout_lines }}'


should do the trick.
—
Todd

On 5/23/24 11:17 AM, Dimitri Yioulos wrote:
Todd, I made the change, but, the last play failed:

TASK [Append to all known_host files] 
*
Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.012 **
Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.011 **
failed: [myhost] (item=['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']) => changed=true
  ansible_loop_var: item
  cmd: cat /tmp/append >> ['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']
  delta: '0:00:00.012330'
  end: '2024-05-23 11:06:33.947617'
  item:
  - /root/.ssh/known_hosts
  - /home/user1/.ssh/known_hosts
  - /home/user2/.ssh/known_hosts
  - /home/user3/.ssh/known_hosts
  - /home/user4/.ssh/known_hosts
  msg: non-zero return code
  rc: 1
  start: '2024-05-23 11:06:33.935287'
  stderr: '/bin/sh: line 1: [/root/.ssh/known_hosts,: No such file or directory'
  stderr_lines: 
  stdout: ''
  stdout_lines: 

I wonder if [ in  [/root/.ssh/known_hosts is getting in the way, since  
/root/.ssh/known_host does exist.

On Thursday, May 23, 2024 at 10:50:28 AM UTC-4 Todd Lewis wrote:
You want stdout_lines rather than stdout. The former is a list with new-lines 
removed. The latter is a possibly very long string with the complete output 
stream intact.

- name: Append to all known_host files
  shell: cat /tmp/append >> {{ item }}
  loop:
- '{{ known.stdout_lines }}'


On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
Good day, all. I hope I'm not wearing out my welcome with too many questions.

In the following playbook, I first find any know_host file for any user on a 
particular system. I then copy a file with the list of additions to add to the 
known_hosts files. What I want to do is use the output of my register values to 
make changes to those know_host files, which my last play does. My iteration is 
wrong, though.

The playbook:

---

- hosts: all
  gather_facts: false
  become: yes

  vars:
script_path:

Re: [ansible-project] Looping through a register variable

2024-05-28 Thread 'Rowe, Walter P. (Fed)' via Ansible Project

Here is an illustration of the difference for those interested.



- name: test loop constructs

  hosts: localhost

  gather_facts: false

  become: false

  vars:

my_list: [ one, two, three ]

  tasks:

- name: construct 1

  debug: var=item

  loop:

- '{{ my_list }}'


- name: construct 2

  debug: var=item

  loop: '{{ my_list }}'





% ansible-playbook -i localhost, loop.yml


PLAY [test loop constructs] 



TASK [construct 1] 
*

ok: [localhost] => (item=['one', 'two', 'three']) => {

"ansible_loop_var": "item",

"item": [

"one",

"two",

"three"

]

}


TASK [construct 2] 
*

ok: [localhost] => (item=one) => {

"ansible_loop_var": "item",

"item": "one"

}

ok: [localhost] => (item=two) => {

"ansible_loop_var": "item",

"item": "two"

}

ok: [localhost] => (item=three) => {

"ansible_loop_var": "item",

"item": "three"

}


PLAY RECAP 
*

localhost  : ok=2changed=0unreachable=0failed=0
skipped=0rescued=0ignored=0



Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123

On May 24, 2024, at 7:41 AM, Rowe, Walter P. (Fed)  wrote:

Very subtle but very different. Great catch Todd.

In the first instance you create a list that contains a single item – another 
list called known.stdout_lines.

loop:
  - '{{ known.stdout_lines }}'

In the second instance you provide a list called known.stdout_lines as the list 
for the loop:

loop: '{{ known.stdout_lines }}'

The second instance is the desired behavior. The difference is subtle at first 
glance but makes a world of difference in execution.

Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123

On May 23, 2024, at 11:30 AM, Todd Lewis  wrote:

Gah! Of course. known.stdout_lines is a list, so

loop:
  - '{{ known.stdout_lines }}'


passes the whole list as a single item. So you need to not put the list in a 
list:

loop: '{{ known.stdout_lines }}'


should do the trick.
—
Todd

On 5/23/24 11:17 AM, Dimitri Yioulos wrote:
Todd, I made the change, but, the last play failed:

TASK [Append to all known_host files] 
*
Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.012 **
Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.011 **
failed: [myhost] (item=['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']) => changed=true
  ansible_loop_var: item
  cmd: cat /tmp/append >> ['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']
  delta: '0:00:00.012330'
  end: '2024-05-23 11:06:33.947617'
  item:
  - /root/.ssh/known_hosts
  - /home/user1/.ssh/known_hosts
  - /home/user2/.ssh/known_hosts
  - /home/user3/.ssh/known_hosts
  - /home/user4/.ssh/known_hosts
  msg: non-zero return code
  rc: 1
  start: '2024-05-23 11:06:33.935287'
  stderr: '/bin/sh: line 1: [/root/.ssh/known_hosts,: No such file or directory'
  stderr_lines: 
  stdout: ''
  stdout_lines: 

I wonder if [ in  [/root/.ssh/known_hosts is getting in the way, since  
/root/.ssh/known_host does exist.

On Thursday, May 23, 2024 at 10:50:28 AM UTC-4 Todd Lewis wrote:
You want stdout_lines rather than stdout. The former is a list with new-lines 
removed. The latter is a possibly very long string with the complete output 
stream intact.

- name: Append to all known_host files
  shell: cat /tmp/append >> {{ item }}
  loop:
- '{{ known.stdout_lines }}'


On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
Good day, all. I hope I'm not wearing out my welcome with too many questions.

In the following playbook, I first find any know_host file for any user on a 
particular system. I then copy a file with the list of additions to add to the 
known_hosts files. What I want to do is use the output of my register values to 
make changes to those know_host files, which my last play does. My iteration is 
wrong, though.

The playbook:

---

- hosts: all
  gather_facts: false
  become: yes

  vars:
script_path:

Re: [ansible-project] Looping through a register variable

2024-05-23 Thread Dick Visser

Sent from Gmail Mobile


On Thu, May 23, 2024 at 16:50 Todd Lewis  wrote:

> You want stdout_lines rather than stdout. The former is a list with
> new-lines removed. The latter is a possibly very long string with the
> complete output stream intact.
>
> - name: Append to all known_host files
>   shell: cat /tmp/append >> {{ item }}
>   loop:
> - '{{ known.stdout_lines }}'
>
>
That should probably just loop over the list itself? So:

- name: Append to all known_host files
  shell: cat /tmp/append >> {{ item }}
  loop: '{{ known.stdout_lines }}'









> On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
>
> Good day, all. I hope I'm not wearing out my welcome with too many
> questions.
>
> In the following playbook, I first find any know_host file for any user on
> a particular system. I then copy a file with the list of additions to add
> to the known_hosts files. What I want to do is use the output of my
> register values to make changes to those know_host files, which my last
> play does. My iteration is wrong, though.
>
> The playbook:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *--- - hosts: all   gather_facts: false   become: yes   vars:
> script_path:

Re: [ansible-project] Looping through a register variable

2024-05-23 Thread Dimitri Yioulos

Yupper, that worked. And, I appreciate the explanation. As the Farber 
College motto states, "Learning is Good".

On Thursday, May 23, 2024 at 11:30:33 AM UTC-4 Todd Lewis wrote:

> Gah! Of course. known.stdout_lines is a list, so
>
> loop:
>   - '{{ known.stdout_lines }}'
>
> passes the whole list as a single item. So you need to not put the list in 
> a list:
>
> loop: '{{ known.stdout_lines }}'
>
> should do the trick.
> —
> Todd
>
>
> On 5/23/24 11:17 AM, Dimitri Yioulos wrote:
>
> Todd, I made the change, but, the last play failed:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *TASK [Append to all known_host files] 
> *
>  
> Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.012 
> ** Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   
> 0:00:06.011 ** failed: [myhost] (item=['/root/.ssh/known_hosts', 
> '/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
> '/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']) => 
> changed=true   ansible_loop_var: item   cmd: cat /tmp/append >> 
> ['/root/.ssh/known_hosts', '/home/user1/.ssh/known_hosts', 
> '/home/user2/.ssh/known_hosts', '/home/user3/.ssh/known_hosts', 
> '/home/user4/.ssh/known_hosts']   delta: '0:00:00.012330'   end: 
> '2024-05-23 11:06:33.947617'   item:   - /root/.ssh/known_hosts   - 
> /home/user1/.ssh/known_hosts   - /home/user2/.ssh/known_hosts   - 
> /home/user3/.ssh/known_hosts   - /home/user4/.ssh/known_hosts   msg: 
> non-zero return code   rc: 1   start: '2024-05-23 11:06:33.935287'   
> stderr: '/bin/sh: line 1: [/root/.ssh/known_hosts,: No such file or 
> directory'   stderr_lines:stdout: ''   stdout_lines: *
>
> I wonder if *[ *in  *[/root/.ssh/known_hosts* is getting in the way, 
> since  */root/.ssh/known_host* does exist.
>
> On Thursday, May 23, 2024 at 10:50:28 AM UTC-4 Todd Lewis wrote:
>
>> You want stdout_lines rather than stdout. The former is a list with 
>> new-lines removed. The latter is a possibly very long string with the 
>> complete output stream intact.
>>
>> - name: Append to all known_host files
>>   shell: cat /tmp/append >> {{ item }}
>>   loop:
>> - '{{ known.stdout_lines }}'
>>
>>
>> On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
>>
>> Good day, all. I hope I'm not wearing out my welcome with too many 
>> questions.
>>
>> In the following playbook, I first find any know_host file for any user 
>> on a particular system. I then copy a file with the list of additions to 
>> add to the known_hosts files. What I want to do is use the output of my 
>> register values to make changes to those know_host files, which my last 
>> play does. My iteration is wrong, though.
>>
>> The playbook:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *--- - hosts: all   gather_facts: false   become: yes   vars: 
>> script_path:

Re: [ansible-project] Looping through a register variable

2024-05-23 Thread Todd Lewis


Gah! Of course. known.stdout_lines is a list, so

loop:
  - '{{ known.stdout_lines }}'

passes the whole list as a single item. So you need to not put the list 
in a list:


loop: '{{ known.stdout_lines }}'

should do the trick.
—
Todd

On 5/23/24 11:17 AM, Dimitri Yioulos wrote:

Todd, I made the change, but, the last play failed:

*TASK [Append to all known_host files] 
*

Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629) 0:00:06.012 **
Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629) 0:00:06.011 **
failed: [myhost] (item=['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']) => 
changed=true

  ansible_loop_var: item
  cmd: cat /tmp/append >> ['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']

  delta: '0:00:00.012330'
  end: '2024-05-23 11:06:33.947617'
  item:
  - /root/.ssh/known_hosts
  - /home/user1/.ssh/known_hosts
  - /home/user2/.ssh/known_hosts
  - /home/user3/.ssh/known_hosts
  - /home/user4/.ssh/known_hosts
  msg: non-zero return code
  rc: 1
  start: '2024-05-23 11:06:33.935287'
  stderr: '/bin/sh: line 1: [/root/.ssh/known_hosts,: No such file or 
directory'

  stderr_lines: 
  stdout: ''
  stdout_lines: *

I wonder if *[ *in *[/root/.ssh/known_hosts* is getting in the way, 
since */root/.ssh/known_host* does exist.


On Thursday, May 23, 2024 at 10:50:28 AM UTC-4 Todd Lewis wrote:

You want stdout_lines rather than stdout. The former is a list
with new-lines removed. The latter is a possibly very long string
with the complete output stream intact.

 - name: Append to all known_host files
   shell: cat /tmp/append >> {{ item }}
   loop:
 - '{{ known.stdout_lines }}'


On 5/23/24 9:07 AM, Dimitri Yioulos wrote:

Good day, all. I hope I'm not wearing out my welcome with too
many questions.

In the following playbook, I first find any know_host file for
any user on a particular system. I then copy a file with the list
of additions to add to the known_hosts files. What I want to do
is use the output of my register values to make changes to those
know_host files, which my last play does. My iteration is wrong,
though.

The playbook:

*---

- hosts: all
  gather_facts: false
  become: yes

  vars:
    script_path:

Re: [ansible-project] Looping through a register variable

2024-05-23 Thread Dimitri Yioulos

Todd, I made the change, but, the last play failed:





















*TASK [Append to all known_host files] 
*Thursday
 
23 May 2024  11:06:33 -0400 (0:00:01.629)   0:00:06.012 
**Thursday 23 May 2024  11:06:33 -0400 (0:00:01.629)   
0:00:06.011 **failed: [myhost] (item=['/root/.ssh/known_hosts', 
'/home/user1/.ssh/known_hosts', '/home/user2/.ssh/known_hosts', 
'/home/user3/.ssh/known_hosts', '/home/user4/.ssh/known_hosts']) => 
changed=true  ansible_loop_var: item  cmd: cat /tmp/append >> 
['/root/.ssh/known_hosts', '/home/user1/.ssh/known_hosts', 
'/home/user2/.ssh/known_hosts', '/home/user3/.ssh/known_hosts', 
'/home/user4/.ssh/known_hosts']  delta: '0:00:00.012330'  end: '2024-05-23 
11:06:33.947617'  item:  - /root/.ssh/known_hosts  - 
/home/user1/.ssh/known_hosts  - /home/user2/.ssh/known_hosts  - 
/home/user3/.ssh/known_hosts  - /home/user4/.ssh/known_hosts  msg: non-zero 
return code  rc: 1  start: '2024-05-23 11:06:33.935287'  stderr: '/bin/sh: 
line 1: [/root/.ssh/known_hosts,: No such file or directory'  stderr_lines: 
  stdout: ''  stdout_lines: *

I wonder if *[ *in  *[/root/.ssh/known_hosts* is getting in the way, since  
*/root/.ssh/known_host* does exist.

On Thursday, May 23, 2024 at 10:50:28 AM UTC-4 Todd Lewis wrote:

> You want stdout_lines rather than stdout. The former is a list with 
> new-lines removed. The latter is a possibly very long string with the 
> complete output stream intact.
>
> - name: Append to all known_host files
>   shell: cat /tmp/append >> {{ item }}
>   loop:
> - '{{ known.stdout_lines }}'
>
>
> On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
>
> Good day, all. I hope I'm not wearing out my welcome with too many 
> questions.
>
> In the following playbook, I first find any know_host file for any user on 
> a particular system. I then copy a file with the list of additions to add 
> to the known_hosts files. What I want to do is use the output of my 
> register values to make changes to those know_host files, which my last 
> play does. My iteration is wrong, though.
>
> The playbook:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *--- - hosts: all   gather_facts: false   become: yes   vars: 
> script_path:

Re: [ansible-project] Looping through a register variable

2024-05-23 Thread Todd Lewis

You want stdout_lines rather than stdout. The former is a list with 
new-lines removed. The latter is a possibly very long string with the 
complete output stream intact.


- name: Append to all known_host files
  shell: cat /tmp/append >> {{ item }}
  loop:
- '{{ known.stdout_lines }}'


On 5/23/24 9:07 AM, Dimitri Yioulos wrote:
Good day, all. I hope I'm not wearing out my welcome with too many 
questions.


In the following playbook, I first find any know_host file for any 
user on a particular system. I then copy a file with the list of 
additions to add to the known_hosts files. What I want to do is use 
the output of my register values to make changes to those know_host 
files, which my last play does. My iteration is wrong, though.


The playbook:

*---

- hosts: all
  gather_facts: false
  become: yes

  vars:
    script_path:

[ansible-project] Looping through a register variable

2024-05-23 Thread Dimitri Yioulos

Good day, all. I hope I'm not wearing out my welcome with too many 
questions.

In the following playbook, I first find any know_host file for any user on 
a particular system. I then copy a file with the list of additions to add 
to the known_hosts files. What I want to do is use the output of my 
register values to make changes to those know_host files, which my last 
play does. My iteration is wrong, though.

The playbook:



































* hosts: all  gather_facts: false  become: yes  vars:script_path:

Re: [ansible-project] Create a variable based on a variable

2024-05-23 Thread Abhijeet Janwalkar

Not exactly based on the variables, but I use this to find the datacenter 
in the vCenter (in my case I have only one datacenter per vCenter so it 
works)

- name: Gather information about all datacenters in vCenter
  community.vmware.vmware_datacenter_info:
hostname: "{{ hostname }}"
username: "{{ username }}"
password: "{{ password }}"
validate_certs: "{{ false}}"
  delegate_to: localhost
  register: datacenterInfo

#- name: Display datacenter Info
  #ansible.builtin.debug:
#msg: "{{ datacenterInfo.datacenter_info[0].name }}" 

- name: set Fact - datacenter
  set_fact:
datacenter: "{{ datacenterInfo.datacenter_info[0].name }}"
Hope this helps.

Warm Regards,
Abhi

On Friday 17 May 2024 at 23:02:18 UTC+2 Brian Coca wrote:

Also: 

vars: 
vcenter_datacenter: '{{ vcenter_hostname == 
"vcenter1"|ternary("First", vcenter_hostname == 
"vcenter2"|ternary("datacenter1", "datacenter2")) }}' Dataceenter 

but i would do this: 

vars: 
DCS: 
vcenter1: First 
vcenter2: datacenter1 
vcenter_datacenter: '{{ DCS[vcenter_hostname]|default("datacenter2") 
}}' Datacenter 

-- 
-- 
Brian Coca (he/him/yo) 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4408f066-5195-468d-88a8-89e0a4b5b365n%40googlegroups.com.

[ansible-project] ansible 2.17 and fortinet.fortios compatibility

2024-05-22 Thread Azadeh Amirhosseini



Hi all,

I have installed Ansible Core 2.17.0. My question is, is the Galaxy 
collection fortinet.fortios 2.3.6 compatible with this version?

I am facing issues executing the related playbook, even though the same 
playbook runs well with an older version of Ansible.

*An exception occurred during task execution. To see the full traceback, 
use -vvv. The error was: ansible.module_utils.connection.ConnectionError: 
Requested entry (plugin_type: connection plugin: 
ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: 
access_token ) was not defined in configuration.* 

Best regards,

Azadeh


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dcdf7054-08ef-4194-978d-0142bb3ff585n%40googlegroups.com.

Re: [ansible-project] Use of register variable in following play(s)

2024-05-21 Thread Dimitri Yioulos

Thank you, Dick!

On Tuesday, May 21, 2024 at 4:07:19 PM UTC-4 Dick Visser wrote:

> I would use the dedicated find task. Apply a depth filter just in case.
> Something like this should do the trick:
>
>
> - name: known hosts script play
>   hosts: all
>   become: true
>   gather_facts: false
>
>   tasks:
> - name: Find known hosts
>   ansible.builtin.find:
> paths:
>   - /root
>   - /home
> patterns: known_hosts
> recurse: true
> depth: 3
>   register: found
>
> - name: Change known_host file
>   ansible.builtin.script:
> cmd: foo.sh "{{ item }}"
>   loop: "{{ found.files|map(attribute='path') }}"
>
>
>
> foo.sh is a script on your controller, adjacent to your playbook.
>
>
> On Tue, 21 May 2024 at 21:31, Dimitri Yioulos  wrote:
>
>> Good day.
>>
>> I need to make changes in the know_hosts files of users on various hosts. 
>> I'll use a script to do the actual changes in known_hosts. I have the 
>> following simple playbook, so far. It identifies users with known_host 
>> files:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * hosts: all  gather_facts: false  become: yes  tasks:- name: 
>> find known hosts  shell: find /root /home -type f -name known_hosts
>>   register: known- debug: msg="{{ known.stdout }}"*
>> It produces the following output:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *ok: [host1] =>  msg: |-/root/.ssh/known_hosts
>> /home/user1/.ssh/known_hosts/home/user2/.ssh/known_hosts
>> /home/user3/.ssh/known_hostsok: [host2] =>  msg: |-
>> /root/.ssh/known_hosts/home/user1/.ssh/known_hosts
>> /home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts
>> /home/user4/.ssh/known_hosts/home/user5/.ssh/known_hostsok: [host3] =>  
>> msg: /root/.ssh/known_hostsok: [host4] =>  msg: |-
>> /root/.ssh/known_hosts/home/user1/.ssh/known_hosts
>> /home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts~*
>>
>> I want to apply the script against the known_hosts file for each of the 
>> identified users. How do I do that?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/623b5aa3-d20b-4648-b169-d2cce2b00cadn%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/159a3001-7fbc-4ad2-b91f-3e95f9eb554dn%40googlegroups.com.

Re: [ansible-project] Use of register variable in following play(s)

2024-05-21 Thread Dick Visser

I would use the dedicated find task. Apply a depth filter just in case.
Something like this should do the trick:


- name: known hosts script play
  hosts: all
  become: true
  gather_facts: false

  tasks:
- name: Find known hosts
  ansible.builtin.find:
paths:
  - /root
  - /home
patterns: known_hosts
recurse: true
depth: 3
  register: found

- name: Change known_host file
  ansible.builtin.script:
cmd: foo.sh "{{ item }}"
  loop: "{{ found.files|map(attribute='path') }}"



foo.sh is a script on your controller, adjacent to your playbook.


On Tue, 21 May 2024 at 21:31, Dimitri Yioulos  wrote:

> Good day.
>
> I need to make changes in the know_hosts files of users on various hosts.
> I'll use a script to do the actual changes in known_hosts. I have the
> following simple playbook, so far. It identifies users with known_host
> files:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> * hosts: all  gather_facts: false  become: yes  tasks:- name: find
> known hosts  shell: find /root /home -type f -name known_hosts
> register: known- debug: msg="{{ known.stdout }}"*
> It produces the following output:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *ok: [host1] =>  msg: |-/root/.ssh/known_hosts
> /home/user1/.ssh/known_hosts/home/user2/.ssh/known_hosts
> /home/user3/.ssh/known_hostsok: [host2] =>  msg: |-
> /root/.ssh/known_hosts/home/user1/.ssh/known_hosts
> /home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts
> /home/user4/.ssh/known_hosts/home/user5/.ssh/known_hostsok: [host3] =>
> msg: /root/.ssh/known_hostsok: [host4] =>  msg: |-
> /root/.ssh/known_hosts/home/user1/.ssh/known_hosts
> /home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts~*
>
> I want to apply the script against the known_hosts file for each of the
> identified users. How do I do that?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/623b5aa3-d20b-4648-b169-d2cce2b00cadn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLa%2BEyEmOge1PAjG4gpHoxwwKbom%2BjTTxGabTowXez4JoA%40mail.gmail.com.

[ansible-project] Use of register variable in following play(s)

2024-05-21 Thread Dimitri Yioulos

Good day.

I need to make changes in the know_hosts files of users on various hosts. 
I'll use a script to do the actual changes in known_hosts. I have the 
following simple playbook, so far. It identifies users with known_host 
files:














* hosts: all  gather_facts: false  become: yes  tasks:- name: find 
known hosts  shell: find /root /home -type f -name known_hosts  
register: known- debug: msg="{{ known.stdout }}"*
It produces the following output:























*ok: [host1] =>  msg: |-/root/.ssh/known_hosts
/home/user1/.ssh/known_hosts/home/user2/.ssh/known_hosts
/home/user3/.ssh/known_hostsok: [host2] =>  msg: |-
/root/.ssh/known_hosts/home/user1/.ssh/known_hosts
/home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts
/home/user4/.ssh/known_hosts/home/user5/.ssh/known_hostsok: [host3] =>  
msg: /root/.ssh/known_hostsok: [host4] =>  msg: |-
/root/.ssh/known_hosts/home/user1/.ssh/known_hosts
/home/user2/.ssh/known_hosts/home/user3/.ssh/known_hosts~*

I want to apply the script against the known_hosts file for each of the 
identified users. How do I do that?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/623b5aa3-d20b-4648-b169-d2cce2b00cadn%40googlegroups.com.

Re: [ansible-project] depending on extra variables call a template

2024-05-20 Thread Prady A

Hi Dick,

Sorry to confuse.
We already have a Job template which installs the DB independently.
ALSO we ha have a workflow which builds server without DB Installation.

Service Catalog we use this term in ServiceNow.
The catalog will call AAP via rest and execute the job templates based on
the service catalog..

Regards

On Tue, 21 May 2024 at 3:31, Dick Visser  wrote:

> I'm not sure what "call a template which install the actual db" means?
> There is a template task that can template a file.
> And if you want to install a db then that would consist of a number of
> tasks that do that.
> And I also don't know what a "service catalog" is in an ansible context?
>
> Can you share the playbook that you have right now?
> Dick
>
> On Mon, 20 May 2024 at 19:39, Prady A  wrote:
>
>> Hi experts,
>>
>> I m trying to add a feature to install db after installing vm. In my
>> service catalog if I select Postgres db it is passing extra variable as
>> Postgres to ansible  platform. Using that variable how can a call a
>> template which install the actual db..
>>
>> Regards
>> PD
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAEuB3AqWL68%3DpYMjxSp%2BAfpoXzWVH-fA8h-yXV0zVDc%2BMfDbEA%40mail.gmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAF8BbLYX1CdCGseo%2BPo4vSZkt9UfmgicokzYjDUqG4qXj1a43w%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEuB3Aoe%3DG%3DYELTejPeHW9xb2%3D2QYGCkoh%2Bq3umUchWnSTFvMw%40mail.gmail.com.

[ansible-project] New Release: ansible-core v2.17.0

ANSIBLE-CORE V2.17.0
View this release on:

 * GitHub [https://github.com/ansible/ansible/releases/tag/v2.17.0]
 * PyPI [https://pypi.org/project/ansible-core/v2.17.0/]

CHANGELOG
See the full changelog
[https://github.com/ansible/ansible/blob/v2.17.0/changelogs/CHANGELOG-v2.17.rst]
 
for the changes included in this release.

RELEASE ARTIFACTS
 * Built Distribution: ansible_core-2.17.0-py3-none-any.whl
   
[https://files.pythonhosted.org/packages/2f/77/97fb1880abb485f1df31b36822c537330db86bea4105fdea6e1946084c16/ansible_core-2.17.0-py3-none-any.whl]
 
   - ‍2191647 bytes * 
  a5de008985cd51eb01599cf1a14d3b45f917095ac6cdab867b0d11c3f922c343 (SHA256)
   
   
 * Source Distribution: ansible_core-2.17.0.tar.gz
   
[https://files.pythonhosted.org/packages/a7/e5/956a16811044c28663d88740932de9c3fbbe2ec14fabe86a69b3cfe4842b/ansible_core-2.17.0.tar.gz]
 
   - 3120288 bytes * 
  bd16e30ecac405dac594de3e1b1b4d9cc6fa1a9f7a01a6a8d4c471b20660716d (SHA256)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c864b56f-0e2f-bada-e692-789dd54653f5%40redhat.com.

[ansible-project] New Release: ansible-core v2.16.7

ANSIBLE-CORE V2.16.7
View this release on:

 * GitHub [https://github.com/ansible/ansible/releases/tag/v2.16.7]
 * PyPI [https://pypi.org/project/ansible-core/v2.16.7/]

CHANGELOG
See the full changelog
[https://github.com/ansible/ansible/blob/v2.16.7/changelogs/CHANGELOG-v2.16.rst]
 
for the changes included in this release.

RELEASE ARTIFACTS
 * Built Distribution: ansible_core-2.16.7-py3-none-any.whl
   
[https://files.pythonhosted.org/packages/c5/b3/6a389d53f4893f1e873ecfa36ef6d2fac04f1be644b1f7730859834642c9/ansible_core-2.16.7-py3-none-any.whl]
 
   - 2250690 bytes * 
  3e1b0ed76ff40d8722f1b5bf19348b95ff226ef5157f7afd720e3da1369a4a6e (SHA256)
   
   
 * Source Distribution: ansible_core-2.16.7.tar.gz
   
[https://files.pythonhosted.org/packages/6b/1b/6a9e9012b250b9f13680eaabaf9ec5eae51622a1c519a851046d0eac4e3b/ansible_core-2.16.7.tar.gz]
 
   - 3178312 bytes * 
  a8c8f4facba30514571d47abec5c62a5768b86fef3d80d724911c8f20b7b34b7 (SHA256)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3fb4442b-bbe1-0bac-c735-d75ca66d3070%40redhat.com.

[ansible-project] New Release: ansible-core v2.15.12

ANSIBLE-CORE V2.15.12
View this release on:

 * GitHub [https://github.com/ansible/ansible/releases/tag/v2.15.12]
 * PyPI [https://pypi.org/project/ansible-core/v2.15.12/]

CHANGELOG
See the full changelog
[https://github.com/ansible/ansible/blob/v2.15.12/changelogs/CHANGELOG-v2.15.rst]
 
for the changes included in this release.

RELEASE ARTIFACTS
 * Built Distribution: ansible_core-2.15.12-py3-none-any.whl
   
[https://files.pythonhosted.org/packages/0a/d1/67c54983566130e7c54231ff223a7e5fb0154de8ff998aaacb962a2fecef/ansible_core-2.15.12-py3-none-any.whl]
 
   - 2250977 bytes * 
  390edd603420122f7cb1c470d8d1f8bdbbd795a1844dd03c1917db21935aecb9 (SHA256)
   
   
 * Source Distribution: ansible_core-2.15.12.tar.gz
   
[https://files.pythonhosted.org/packages/a1/fc/e81a2e2a6e4247444fe632c8ffaff5c1bcc3adf85ae87d08158724f419fd/ansible_core-2.15.12.tar.gz]
 
   - 3171335 bytes * 
  5fde82cd3928d9857ad880782c644f27d3168b0f25321d5a8d6befa524aa1818 (SHA256)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38ba09f8-b015-d600-1688-4cb32f57a5e1%40redhat.com.

[ansible-project] New Release: ansible-core v2.14.17

2024-05-14 Thread 'Rowe, Walter P. (Fed)' via Ansible Project

ANSIBLE-CORE V2.14.17
View this release on:

 * GitHub [https://github.com/ansible/ansible/releases/tag/v2.14.17]
 * PyPI [https://pypi.org/project/ansible-core/v2.14.17/]

CHANGELOG
See the full changelog
[https://github.com/ansible/ansible/blob/v2.14.17/changelogs/CHANGELOG-v2.14.rst]
 
for the changes included in this release.

RELEASE ARTIFACTS
 * Built Distribution: ansible_core-2.14.17-py3-none-any.whl
   
[https://files.pythonhosted.org/packages/16/4e/ec2f34e7b117809a2dd699ac9472680a0568e1a8841b8f45d889c9d386c9/ansible_core-2.14.17-py3-none-any.whl]
 
   - 2219040 bytes * 
  fefd600780a9fa40f7cdc432264d861731682db43255eb0ebb6e6b6ab6165b1e (SHA256)
   
   
 * Source Distribution: ansible_core-2.14.17.tar.gz
   
[https://files.pythonhosted.org/packages/0d/80/28d3320914500b6d7b83b8d3a8932ca0303bc38cec6ade1f6e93ed50227e/ansible_core-2.14.17.tar.gz]
 
   - 3148785 bytes * 
  9afec5ffd3bd762c258f4661e831e0930a4d99ae9d84844ddd7abf7da2c63114 (SHA256)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b277c03a-fdf2-d20a-efe3-1d0641ab0fa7%40redhat.com.

Re: [ansible-project] depending on extra variables call a template

2024-05-20 Thread Dick Visser

I'm not sure what "call a template which install the actual db" means?
There is a template task that can template a file.
And if you want to install a db then that would consist of a number of
tasks that do that.
And I also don't know what a "service catalog" is in an ansible context?

Can you share the playbook that you have right now?
Dick

On Mon, 20 May 2024 at 19:39, Prady A  wrote:

> Hi experts,
>
> I m trying to add a feature to install db after installing vm. In my
> service catalog if I select Postgres db it is passing extra variable as
> Postgres to ansible  platform. Using that variable how can a call a
> template which install the actual db..
>
> Regards
> PD
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAEuB3AqWL68%3DpYMjxSp%2BAfpoXzWVH-fA8h-yXV0zVDc%2BMfDbEA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLYX1CdCGseo%2BPo4vSZkt9UfmgicokzYjDUqG4qXj1a43w%40mail.gmail.com.

[ansible-project] depending on extra variables call a template

2024-05-20 Thread Prady A

Hi experts,

I m trying to add a feature to install db after installing vm. In my
service catalog if I select Postgres db it is passing extra variable as
Postgres to ansible  platform. Using that variable how can a call a
template which install the actual db..

Regards
PD

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEuB3AqWL68%3DpYMjxSp%2BAfpoXzWVH-fA8h-yXV0zVDc%2BMfDbEA%40mail.gmail.com.

Re: [ansible-project] Create a variable based on a variable

2024-05-17 Thread Brian Coca

Also:

vars:
  vcenter_datacenter:  '{{ vcenter_hostname ==
"vcenter1"|ternary("First", vcenter_hostname ==
"vcenter2"|ternary("datacenter1", "datacenter2")) }}' Dataceenter

but i would do this:

vars:
   DCS:
  vcenter1: First
  vcenter2: datacenter1
  vcenter_datacenter: '{{ DCS[vcenter_hostname]|default("datacenter2")
}}' Datacenter

-- 
--
Brian Coca (he/him/yo)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7f-Ojs5YBN9XX30-0dpH3w8M3mjeMcGHf9m3OsnOgx1Rg%40mail.gmail.com.

Re: [ansible-project] Create a variable based on a variable

2024-05-17 Thread Dimitri Yioulos

Than you all. I'll make note of your suggestions. I solved my issue like 
this (whether it's "optimal, I don;t know):




*  vars:vcenter_datacenter: >-  {% if vcenter_hostname == 
'vcenter1' %}* *Datacenter1 *

*Datacenter  {% elif vcenter_hostname == 'vcenter2' %}* 
*Datacenter2* 


*Datacenter  {% else %}Default Datacenter  {% endif %}*

On Tuesday, May 14, 2024 at 5:34:29 AM UTC-4 Rowe, Walter P. (Fed) wrote:

> A dictionary would solve this using the guest name as the key. 
>
> vcenter:
>   host1: { datacenter: datacenter1, vcenter: vcenter2 }
>   host2: { datacenter: datacenter1, vcenter: vcenter1 }
>   host3: { datacenter: datacenter2, vcenter: vcenter2 }
>   host4: { datacenter: datacenter2, vcenter: vcenter1 }
>
> {{ vcenter[inventory_hostname].datacenter }}
> {{ vcenter[inventory_hostname].vcenter }}
>
> Keeping that dictionary update to date will be tedious but could be 
> automated too. Query each vcenter / datacenter pair for its list of VMs and 
> generate a vars file with the above dictionary. Include that vars file in 
> your playbooks. Alternatively (and more expensive) is to create an initial 
> task that queries the each vcenter / datacenter pair and creates this 
> dictionary in real time.
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services Division
> Mobile: 202.355.4123 <(202)%20355-4123> 
>
> On May 8, 2024, at 12:34 PM, Dimitri Yioulos  wrote:
>
> Hello, all. 
>
> The subject of this post is probably terribly named. That said, here's 
> what I'm trying to accomplish:
>
> I have two VMware vCenter hosts - vcenter1.mycompany.com and 
> vcenter2.mycompany.com. Within each host is are two datacenters - 
> datacenter1 and datacenter2. for each host, the datacenter alignments are 
> vcenter1 -- datacenter1 and vcenter2 -- datacenter2.
>
> I have a number of playbooks that do actions against vCenter. For example, 
> I have one deletes all snapshots. It looks like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *--- - hosts: all   become: false   gather_facts: false   vars_prompt: 
> - name: "vcenter_username"   prompt: "Enter your Vcenter username 
> (without @vsphere.local)"   private: no - name: "vcenter_password" 
>   prompt: "Enter your VMware password"   private: yes - name: 
> "vcenter_hostname"   prompt: "Enter your Vcenter host 
> name:\nvcenter1\nvcenter2\n"   private: no - name: 
> "vcenter_datacenter"   prompt: "Enter your Vcenter 
> datacenter:\ndatacenter1\ndatacenter2\n"   private: no   tasks: - 
> name: Find vm folder name   ~ - name: Remove all snapshots of all 
> VMs   community.vmware.vmware_guest_snapshot: hostname: "{{ 
> vcenter_hostname }}.fmycompany.com " 
> username: "{{ vcenter_username }}@vsphere.local" password: "{{ 
> vcenter_password }}" datacenter: "{{ vcenter_datacenter }} 
> Datacenter" folder: "{{ vm_folder.folders | 
> regex_replace(\"([\\[\\]'])\",'') }}" name: "{{ inventory_hostname 
> }}" state: remove_all validate_certs: False   
> delegate_to: localhost*
>
> As you can see, at present, I have to provide the vCenter name, and the 
> corresponding datacenter name in order for the playbook to work. I would 
> like to eliminate the need to specify the datacenter name, and have that 
> populate datacenter ("{{ vcenter_datacenter }} Datacenter") based on the 
> vCenter host that I choose (hostname: "{{ vcenter_hostname }}.
> fmycompany.com"). I'm not clever enough to suss that out, and would 
> appreciate your help.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/424d790e-e657-405b-b720-8ce0448df4f4n%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/59368883-6996-488f-8973-b9e4eb299d59n%40googlegroups.com.

Re: [ansible-project] Create a variable based on a variable

2024-05-17 Thread Dimitri Yioulos

Thank you all. I'll make note of everything you suggested. I solved my 
issue by adding this (whether it's "optimal", I don't know):

  




*vars:vcenter_datacenter: >-  {% if vcenter_hostname == 'vcenter1' 
%}First Datacenter  {% elif vcenter_hostname == 'vcenter2' %}  
  * *datacenter1*  

* Datacenter  {% else %}* *datacenter2*  
* Datacenter  {% endif %}*

On Tuesday, May 14, 2024 at 5:34:29 AM UTC-4 Rowe, Walter P. (Fed) wrote:

> A dictionary would solve this using the guest name as the key. 
>
> vcenter:
>   host1: { datacenter: datacenter1, vcenter: vcenter2 }
>   host2: { datacenter: datacenter1, vcenter: vcenter1 }
>   host3: { datacenter: datacenter2, vcenter: vcenter2 }
>   host4: { datacenter: datacenter2, vcenter: vcenter1 }
>
> {{ vcenter[inventory_hostname].datacenter }}
> {{ vcenter[inventory_hostname].vcenter }}
>
> Keeping that dictionary update to date will be tedious but could be 
> automated too. Query each vcenter / datacenter pair for its list of VMs and 
> generate a vars file with the above dictionary. Include that vars file in 
> your playbooks. Alternatively (and more expensive) is to create an initial 
> task that queries the each vcenter / datacenter pair and creates this 
> dictionary in real time.
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services Division
> Mobile: 202.355.4123 <(202)%20355-4123> 
>
> On May 8, 2024, at 12:34 PM, Dimitri Yioulos  wrote:
>
> Hello, all. 
>
> The subject of this post is probably terribly named. That said, here's 
> what I'm trying to accomplish:
>
> I have two VMware vCenter hosts - vcenter1.mycompany.com and 
> vcenter2.mycompany.com. Within each host is are two datacenters - 
> datacenter1 and datacenter2. for each host, the datacenter alignments are 
> vcenter1 -- datacenter1 and vcenter2 -- datacenter2.
>
> I have a number of playbooks that do actions against vCenter. For example, 
> I have one deletes all snapshots. It looks like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *--- - hosts: all   become: false   gather_facts: false   vars_prompt: 
> - name: "vcenter_username"   prompt: "Enter your Vcenter username 
> (without @vsphere.local)"   private: no - name: "vcenter_password" 
>   prompt: "Enter your VMware password"   private: yes - name: 
> "vcenter_hostname"   prompt: "Enter your Vcenter host 
> name:\nvcenter1\nvcenter2\n"   private: no - name: 
> "vcenter_datacenter"   prompt: "Enter your Vcenter 
> datacenter:\ndatacenter1\ndatacenter2\n"   private: no   tasks: - 
> name: Find vm folder name   ~ - name: Remove all snapshots of all 
> VMs   community.vmware.vmware_guest_snapshot: hostname: "{{ 
> vcenter_hostname }}.fmycompany.com " 
> username: "{{ vcenter_username }}@vsphere.local" password: "{{ 
> vcenter_password }}" datacenter: "{{ vcenter_datacenter }} 
> Datacenter" folder: "{{ vm_folder.folders | 
> regex_replace(\"([\\[\\]'])\",'') }}" name: "{{ inventory_hostname 
> }}" state: remove_all validate_certs: False   
> delegate_to: localhost*
>
> As you can see, at present, I have to provide the vCenter name, and the 
> corresponding datacenter name in order for the playbook to work. I would 
> like to eliminate the need to specify the datacenter name, and have that 
> populate datacenter ("{{ vcenter_datacenter }} Datacenter") based on the 
> vCenter host that I choose (hostname: "{{ vcenter_hostname }}.
> fmycompany.com"). I'm not clever enough to suss that out, and would 
> appreciate your help.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/424d790e-e657-405b-b720-8ce0448df4f4n%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f1878cf3-5aa4-4f94-a217-828e12e60467n%40googlegroups.com.

Re: [ansible-project] wait_for_connection module waits more than timeout specified

2024-05-14 Thread Todd Lewis


Several things going on.

#0: Your post/email is dated May 9, but I didn't see this until Tuesday 
May 14. This is not related to what you were asking about, but the irony 
of a "timeout" question taking ~5 days to land is too delicious not to 
mention.


#1: I have no idea what your ssh_timeout_wait_for variable might be set 
to. Maybe it isn't set, so the default(5) may be kicking in. I don't 
think it matters in any case, though, because of #2.


#2: Of all the possible modules you could invoke for your "Check host 
reachability" task, wait_for_connection is perhaps the most opposite of 
what you're trying to accomplish. The whole point of that module assumes 
the host in question is actually down - probably because you just 
rebooted it in a prior task - and you want to wait for it to come back 
up before proceeding. And that's what it's doing: waiting until the host 
comes back up or until the end of time (which, fortunately, comes sooner 
in the lifespan of this task than it does for us out here in the real 
world). Change this to ansible.builtin.ping (or almost anything else) to 
get the behavior you seek.


#3: "timeout" is one of the most horribly encapsulated concepts in 
Ansible (and a lot of other software). It's used to describe aspects of

  - connections,
  - running times for
  - tasks
  - plays
  - playbooks
  - workflows
  - pauses
  - async task management
      - before iterations
  - between iterations
  - plus whatever crazy foo any particular plugin might want to do with 
a bit of spare time

  - …
I say "encapsulated concepts" because, while all those things are 
mentioned somewhere in the docs, there's no single place you can look 
and see them all laid out side by side, compared and contrasted where 
the interplay between them all is discussed. To be fair, none of those 
specific docs where some timeout is discussed should be the canonical 
home of such an overview. That "General Discussion of All Things Timing" 
page is yet to be written.


To get a feel for ping vs wait_for_connection, consider this snippet of 
bash script. You'll need to substitute actual host names for 
"reachable.host" and "unreachable.host". The tl;dr (too long, didn't 
run) upshot is: you don't want to use wait_for_connection as a 
reachability test.


for module in ansible.builtin.ping ansible.builtin.wait_for_connection ; do
  for ct in 2 20 ; do
printf "module: %s with connection_timeout: %d\n" $module $ct
time ansible all -i reachable.host,unreachable.host, -m $module -e 
connection_timeout=$ct -v
  done
done


On 5/9/24 7:56 AM, Ismail Ett wrote:

Hey everyone,

I have multiple playbooks that runs on a schedule on lots of hosts, 
some are sometimes turned off for cost saving.


Almost all jobs on AWX are marked as failed because there is at least 
1 host that is powered off. Which is not very aesthetically pleasing  
and also hard to know when a job has actually failed on an important 
task on a host.


Another inconvenience is that the jobs take a lot of time to execute 
when there are lots of hosts that are unreachable, because ansible 
hangs on them and waits for the connection. I tried decreasing the 
timeout settings in our ansible.cfg to 20 seconds which did help a bit 
but the hanging on (turned off) hosts take a lot of waiting before the 
tasks carry on with the other hosts.


The solution for me was:
- Add a pre_task on each playbook that will run a wait_for_connection task
- Check if it fails then i end the task without proceeding like so

```
- hosts: all
gather_facts: no
pre_tasks:
- name: Check host reachability
wait_for_connection:
timeout: "{{ ssh_timeout_wait_for | default(5) }}"
sleep: 1
ignore_errors: true
ignore_unreachable: true
register: host_is_reachable
- name: End play if host is unreachable
meta: end_play
when: host_is_reachable.failed
roles:
- role: roles/somerole
```
This seems to fix my first problem of jobs been marked as failed if 
one host is unreachable.


But it does not fix my second problem which is ansible hanging on the 
unreachable hosts for so long.


In the the wait_for_connection i have set the timeout to 5 seconds, 
expecting that the ansible should try and reach the host but if it 
fails to do so in 5 seconds it should end the play. But it doe not do 
that.


Instead ansible hangs on the unreachable host for more than 2 minutes 
throws a warning like this:

WARNING]: Unhandled error in Python interpreter discovery for host
172.12.23.34: Failed to connect to the host via ssh: ssh: connect to host

And then waits some extra time and then the output of the 
wait_for_connection task gets printed like so:
TASK [Check host reachability] 
*

fatal: [172.12.23.34]: FAILED! => {"changed": false,
"elapsed": 169, "msg": "timed out waiting for ping module test:
Data could not be sent to remote host \"172.12.23.34\".
Make sure this host can be reached over ssh: ssh:
connect to host

Re: [ansible-project] Re: become: true does not work but -b works

2024-05-14 Thread Sameer Modak

Hello Brian,

Yes it works , Issue was my role was picking the values from roles 
directory instead from current directory hence despite making changes at 
current file become was not working.

On Tuesday, May 14, 2024 at 8:12:07 PM UTC+5:30 Brian Coca wrote:

> We have tests for this and i just tested manually, become: true on a
> task does work. Tried with your task (supplying my own values for the
> vars) and it works the same, putting it on the task, the play, a
> block, role or command line. The only way i get it to 'not work' is
> setting ansible_become: false , but that makes them ALL not work, not
> just the task level become.
>
> I cannot tell from the email as it breaks formatting, but my guess
> would be that it is set to the task.
>
> -- 
> --
> Brian Coca (he/him/yo)
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fe433d00-869f-4e9d-b368-34680a8ff041n%40googlegroups.com.

[ansible-project] AAP error: "template error while templating string: No module named 'ansible.module_utils.compat.version'. String: {{ mountfact | community.general.json_query( query ) }}",

2024-05-14 Thread G-train99

I'm not using  'ansible.module_utils.compat.version'.  AAP is using that 
module, i guess.
Underneath playbook works locally, not in AAP. The fact mountfact is a 
dict. I've also tried to add to_json , from_json, and both, without any 
changes.
I made a SO post as i'm currently blocked with this. Not sure what to 
troubleshoot next.
This is part of a role, underneath my test playbook.

 ---
- name: get instana mounts
  hosts: localhost
  tasks:
- ansible.builtin.setup:
  filter: 'ansible_mounts'
  delegate_to: vmcode1234 
  connection: ssh
  register: mountfat

- debug:
  var: item
   loop: "{{ mountfat | community.general.json_query( query ) }}"
   vars:
 query: 
"ansible_facts.ansible_mounts[?contains(mount,'instana')].mount"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/50ca916f-0a2a-4fd3-af58-bb9be54e16dfn%40googlegroups.com.

Re: [ansible-project] become sudo not working for apt module

2024-05-14 Thread Brian Coca

FYI, become is independent of modules, it wraps module execution so
modules do not need to enable/support it. Connection plugins on the
other hand can affect how become works, in the case of local, windows
and networking appliances.


-- 
--
Brian Coca (he/him/yo)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7ehAN6YFJ%3Di7ceydPOH8wtBV_-9tJ4PcwbpY7z6KOTbeg%40mail.gmail.com.

Re: [ansible-project] Re: become: true does not work but -b works

2024-05-14 Thread Brian Coca

We have tests for this and i just tested manually, become: true on a
task does work. Tried with your task (supplying my own values for the
vars) and it works the same, putting it on the task, the play, a
block, role or command line. The only way i get it to 'not work' is
setting ansible_become: false , but that makes them ALL not work, not
just the task level become.

I cannot tell from the email as it breaks formatting, but my guess
would be that it is set to the task.

-- 
--
Brian Coca (he/him/yo)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7czSxRiwqw6k5MgDEqZikk8%3DtLs5F-6uBsnZw%2B9RnG5Rg%40mail.gmail.com.

[ansible-project] Release announcement: Ansible community package 10.0.0a3 (Pre-Release)

2024-05-14 Thread 'Felix Fontein' via Ansible Project

Hello everyone,

We're happy to announce the release of the Ansible 10.0.0a3 package pre-release!

Ansible 10.0.0a3 depends on ansible-core 2.17.0rc2 and includes a curated set 
of Ansible collections that provide a vast number of modules, plugins, and 
roles. This is a pre-release of Ansible 10.

How to get it
-

This pre-release is available on PyPI and can be installed with pip:

```console
python3 -m pip install ansible==10.0.0a3 --user
```

The sources for this release can be found here:

Release tarball:

https://files.pythonhosted.org/packages/b2/26/d86c014570c3bdc02603a1d7d4f6de8ebb88a06e357a29e3ef134bb13b81/ansible-10.0.0a3.tar.gz

SHA256:

b572238e30e6b7819a79cf78fa4bea75265639f5fd909e1dc2c5bdbd97f8977f

Wheel package:

https://files.pythonhosted.org/packages/9f/8e/23bc1343e2afd1ad74ebfde2027e5c65f4d741db030bfc5c5147301e77cb/ansible-10.0.0a3-py3-none-any.whl

SHA256:

8335b07e3c000e5793aad49c345adaf722349a48a032777ca722c4cecfeef6b8


Some important details
--

ansible-core is a separate package on which ansible depends. `pip install 
ansible` installs `ansible-core`, but it can also be installed independently of 
the ansible package.

Collections that have opted to join the Ansible 10 unified changelog will have 
an entry on this page:

https://github.com/ansible-community/ansible-build-data/blob/10.0.0a3/10/CHANGELOG-v10.md

For collections which have not opted-in to the unified changelog, you may find 
more information on

https://docs.ansible.com/ansible/latest/collections

or on the collection source repository. For example, the community.crypto 
collection is available at

https://docs.ansible.com/ansible/latest/collections/community/crypto/index.html

and you can find a link to the source repository under the “Repository 
(Sources)” button.

The changelog for ansible-core 2.17 installed by this release of Ansible 10 can 
be found here:

https://github.com/ansible/ansible/blob/v2.17/changelogs/CHANGELOG-v2.17.rst

What's the schedule for new Ansible releases after 10.0.0a3?


The next release roadmap can be found at

https://docs.ansible.com/ansible/devel/roadmap/ansible_roadmap_index.html

The Ansible community package release schedule follows the Ansible Core release 
schedule, including, for example, delays for holidays. This means Ansible 
releases happen every four weeks through most of the year, but release dates 
may be delayed when Ansible Core releases are.

Subscribe to the Bullhorn for all future release dates, announcements, and 
Ansible contributor community news.

Visit this link to subscribe: https://bit.ly/subscribe-bullhorn

You can find all past Bullhorn issues on the Ansible Community Forum at:

https://forum.ansible.com/c/news/bullhorn/17

Join the new Ansible Community Forum to follow along and participate in all the 
project and release related discussions and announcements. Feel free to share 
your thoughts, feedback, ideas and concerns there.

Register here to join the Ansible Forum:

https://forum.ansible.com

Porting Help


A unified porting guide for collections that have opted in is available here:

https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_10.html

Getting collection updates from Ansible 10 with older releases of ansible-core
--

Ansible 10 depends on ansible-core 2.17. Depending on your needs, you can get 
collection updates as they ship in the Ansible “batteries included” package 
while continuing to use older versions of ansible-core.

See the ansible-galaxy requirements file based on the collections from Ansible 
10 for this use case:

https://github.com/ansible-community/ansible-build-data/blob/10.0.0a3/10/galaxy-requirements.yaml

After you download the requirements file, you can install the collections by 
running the following command:

```console
ansible-galaxy collection install -r galaxy-requirements.yaml
```

On behalf of the Ansible community, thank you and happy automating!

Cheers,
Ansible Release Management Working Group


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20240514154023.0126779c%40rovaniemi.

Re: [ansible-project] Possible to pass values back from an include_tasks set of tasks to main playbook?

2024-05-14 Thread Todd Lewis

You can use set_fact to extend an array of prior results with your new
result. Behold:

---
# tasks.yml
- name: Powershell
win_command: powershell.exe -executionpolicy bypass c:\scripts\somescript.ps1
register: result

- name: Accumulate registered results
ansible.builtin.set_fact:
task_yml_results: "{{ task_yml_results | default([]) + [result] }}"

Cheers,
—
Todd

On 5/13/24 11:29 AM, Sean Trimm wrote:
I would like to trim a large playbook down by looping through the
tasks using include_tasks in a parent playbook. However I need to be
able to track the return code and stdout from those tasks in the
parent playbook in order to determine overall play success. Is it
possible to pass values back into the parent? When I do the following
the loop_result only includes the values passed to include task but no
values recorded in the tasks in include_tasks. I'd like to be able to
collect each iteration to test the return code from the win_command
and stdout in the main.yml.

tasks.yml
- name: Powershell
win_command: powershell.exe -executionpolicy bypass
c:\scripts\somescript.ps1

- name: test
debug:
msg: "{%if result.rc == 0 %} success {% else %} fail"

main.yml
usual stuff...

- name: loop
include_tasks: tasks.yml
register: loop_result
loop: "{{ list }}"

--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/fdf28c14-555b-43f1-9da3-aa0036800fbdn%40googlegroups.com
.

--
Todd

--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/90302a53-295c-4721-8cef-8687189588e9%40gmail.com.

Re: [ansible-project] Create a variable based on a variable

A dictionary would solve this using the guest name as the key.

vcenter:
  host1: { datacenter: datacenter1, vcenter: vcenter2 }
  host2: { datacenter: datacenter1, vcenter: vcenter1 }
  host3: { datacenter: datacenter2, vcenter: vcenter2 }
  host4: { datacenter: datacenter2, vcenter: vcenter1 }

{{ vcenter[inventory_hostname].datacenter }}
{{ vcenter[inventory_hostname].vcenter }}

Keeping that dictionary update to date will be tedious but could be automated 
too. Query each vcenter / datacenter pair for its list of VMs and generate a 
vars file with the above dictionary. Include that vars file in your playbooks. 
Alternatively (and more expensive) is to create an initial task that queries 
the each vcenter / datacenter pair and creates this dictionary in real time.

Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123

On May 8, 2024, at 12:34 PM, Dimitri Yioulos  wrote:

Hello, all.

The subject of this post is probably terribly named. That said, here's what I'm 
trying to accomplish:

I have two VMware vCenter hosts - vcenter1.mycompany.com and 
vcenter2.mycompany.com. Within each host is are two datacenters - datacenter1 
and datacenter2. for each host, the datacenter alignments are vcenter1 -- 
datacenter1 and vcenter2 -- datacenter2.

I have a number of playbooks that do actions against vCenter. For example, I 
have one deletes all snapshots. It looks like this:

---

- hosts: all
  become: false
  gather_facts: false

  vars_prompt:

- name: "vcenter_username"
  prompt: "Enter your Vcenter username (without @vsphere.local)"
  private: no
- name: "vcenter_password"
  prompt: "Enter your VMware password"
  private: yes
- name: "vcenter_hostname"
  prompt: "Enter your Vcenter host name:\nvcenter1\nvcenter2\n"
  private: no
- name: "vcenter_datacenter"
  prompt: "Enter your Vcenter datacenter:\ndatacenter1\ndatacenter2\n"
  private: no

  tasks:

- name: Find vm folder name
  ~

- name: Remove all snapshots of all VMs
  community.vmware.vmware_guest_snapshot:
hostname: "{{ vcenter_hostname }}.fmycompany.com"
username: "{{ vcenter_username }}@vsphere.local"
password: "{{ vcenter_password }}"
datacenter: "{{ vcenter_datacenter }} Datacenter"
folder: "{{ vm_folder.folders | regex_replace(\"([\\[\\]'])\",'') }}"
name: "{{ inventory_hostname }}"
state: remove_all
validate_certs: False
  delegate_to: localhost

As you can see, at present, I have to provide the vCenter name, and the 
corresponding datacenter name in order for the playbook to work. I would like 
to eliminate the need to specify the datacenter name, and have that populate 
datacenter ("{{ vcenter_datacenter }} Datacenter") based on the vCenter host 
that I choose (hostname: "{{ vcenter_hostname }}.fmycompany.com"). I'm not 
clever enough to suss that out, and would appreciate your help.

--
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/424d790e-e657-405b-b720-8ce0448df4f4n%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/E3B4BB6D-1A35-4EA0-9D87-B16EEDF3A036%40nist.gov.

[ansible-project] wait_for_connection module waits more than timeout specified

2024-05-14 Thread Ismail Ett

Hey everyone,

I have multiple playbooks that runs on a schedule on lots of hosts, some
are sometimes turned off for cost saving.

Almost all jobs on AWX are marked as failed because there is at least 1
host that is powered off. Which is not very aesthetically pleasing and
also hard to know when a job has actually failed on an important task on a
host.

Another inconvenience is that the jobs take a lot of time to execute when
there are lots of hosts that are unreachable, because ansible hangs on them
and waits for the connection. I tried decreasing the timeout settings in
our ansible.cfg to 20 seconds which did help a bit but the hanging on
(turned off) hosts take a lot of waiting before the tasks carry on with the
other hosts.

The solution for me was:
- Add a pre_task on each playbook that will run a wait_for_connection task
- Check if it fails then i end the task without proceeding like so

```
- hosts: all
gather_facts: no
pre_tasks:
- name: Check host reachability
wait_for_connection:
timeout: "{{ ssh_timeout_wait_for | default(5) }}"
sleep: 1
ignore_errors: true
ignore_unreachable: true
register: host_is_reachable

- name: End play if host is unreachable
meta: end_play
when: host_is_reachable.failed
roles:
- role: roles/somerole
```
This seems to fix my first problem of jobs been marked as failed if one
host is unreachable.

But it does not fix my second problem which is ansible hanging on the
unreachable hosts for so long.

In the the wait_for_connection i have set the timeout to 5 seconds,
expecting that the ansible should try and reach the host but if it fails to
do so in 5 seconds it should end the play. But it doe not do that.

Instead ansible hangs on the unreachable host for more than 2 minutes
throws a warning like this:
WARNING]: Unhandled error in Python interpreter discovery for host
172.12.23.34: Failed to connect to the host via ssh: ssh: connect to host

And then waits some extra time and then the output of the
wait_for_connection task gets printed like so:
TASK [Check host reachability]
*
fatal: [172.12.23.34]: FAILED! => {"changed": false,
"elapsed": 169, "msg": "timed out waiting for ping module test:
Data could not be sent to remote host \"172.12.23.34\".
Make sure this host can be reached over ssh: ssh:
connect to host 172.12.23.34 port 22: Connection timed out\r\n"}
...ignoring

As you can see in the task output the wait_for_connection alone waited for
169 seconds even after specifying a way lower value.

Am i doing something wrong? Is this the default behavior?

Extra questions:
- Is this because ansible tries to facts gather before even starting the
wait_for task? that was the reason i put the wait_for_connection in a
pre_task.
- Is the 169 seconds not random and it has to do with the default timeout
ssh settings? i get different values every time i run the playbook so i
don't think so.
- Please share with me any alternative approach to fix to first 2 problems.

Any help would be appreciated :)

--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/09688194-d7f2-4d89-9935-d7b8c326dd6cn%40googlegroups.com.

Re: [ansible-project] become sudo not working for apt module

2024-05-14 Thread John Petro

Have you tried a ps on the host you are trying to upgrade to see if an apt
command is already running?  I've run into it before where an auto update
is running, so it has the lock file already in place.

--john

On Mon, May 13, 2024, 10:42 PM Gregory Machin  wrote:

> Hi
>
> I have a number of ubuntu servers that I want to update using ansible via
> AWX. my current test playbook :
>
> ---
>  - hosts: all
>tasks:
>- name: Test Connection
>  ansible.builtin.ping:
>
>- name: Update Cache
>  become: true
>  apt:
>update_cache: true
>
> is not work as expected on the ubuntu servers.
> The servers that have the root user configured are fine. But the Ubuntu
> servers where the root user doesn't have a password set are failing with
> the following error:
>
> "Failed to lock apt for exclusive operation: Failed to lock directory
> /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock -
> open (13: Permission denied)"
>
> In AWX I have configured privilege escalation to use sudo but this doesnt
> help.
>
> I have tried moving the become: yes statement but this did help.
>
> Doe the apt module support the sudo ?
>
> What have I missed ?
>
> Thank you
>
>  Greg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5247dc46-a89e-4685-97af-53f8b91c8be8n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8HmzXZxiHvGnaP63yykLPrBmRkWeJurhm0P9%3DBzfUF4w%40mail.gmail.com.

[ansible-project] Possible to pass values back from an include_tasks set of tasks to main playbook?

2024-05-14 Thread Sean Trimm

I would like to trim a large playbook down by looping through the tasks 
using include_tasks in a parent playbook.  However I need to be able to 
track the return code and stdout from those tasks in the parent playbook in 
order to determine overall play success.  Is it possible to pass values 
back into the parent? When I do the following the loop_result only includes 
the values passed to include task but no values recorded in the tasks in 
include_tasks.  I'd like to be able to collect each iteration to test the 
return code from the win_command and stdout in the main.yml.

tasks.yml
- name: Powershell
 win_command: powershell.exe -executionpolicy bypass 
c:\scripts\somescript.ps1
 register: result

- name: test
 debug:
  msg: "{%if result.rc == 0 %} success {% else %} fail"

main.yml
usual stuff...

 - name: loop
   include_tasks: tasks.yml
   register: loop_result
   loop: "{{ list }}"


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fdf28c14-555b-43f1-9da3-aa0036800fbdn%40googlegroups.com.

[ansible-project] Re: become: true does not work but -b works

2024-05-14 Thread Sameer Modak

Task which throwing error:

name: Create Prometheus install  and config directory

become: true. <-- does not work 

file:

  path: "{{ item }}"

  state: directory

  mode: 0755

  owner: "{{user}}"

  group: "{{group}}"

loop:

- "{{ jmxexporter_jar_path | dirname }}"

- "{{ jmxexporter_config_path }}"


If i put become: true at role playbook it works but i dont want to give 
blanket become: true hence i was trying to do at task level.

vim prometheusjmxrole.yml 

 name: Deploy  jmx_exporter

  hosts: all

  become: true. <  works fine if we set it here but i 
dont want it in this way. 

  tasks:

  - name: Importing jmx prometheus role

import_role:

  name: prometheusjmx
On Tuesday, May 14, 2024 at 2:08:14 PM UTC+5:30 Sameer Modak wrote:

> Hello team,
>
> I am running a role like below despite putting become true for install 
> task i get error. However if run with -b it works.
>
> Getting error while running this ,
>
> ansible-playbook prometheusjmxrole.yml -i ../inventory/staging.yaml
>
> The full traceback is:
>
> WARNING: The below traceback may *not* be related to the actual failure.
>
>   File 
> "/tmp/ansible_file_payload_CA4MQM/ansible_file_payload.zip/ansible/module_utils/basic.py",
>  
> line 841, in set_owner_if_different
>
> os.lchown(b_path, uid, -1)
>
> failed: [10.xx.xx.xxx] (item=/etc/jmx_prometheus/) => {
>
> "ansible_loop_var": "item",
>
> "changed": false,
>
> "gid": 0,
>
> "group": "root",
>
> "invocation": {
>
> "module_args": {
>
> "_diff_peek": null,
>
> "_original_basename": null,
>
> "access_time": null,
>
> "access_time_format": "%Y%m%d%H%M.%S",
>
> "attributes": null,
>
> "follow": true,
>
> "force": false,
>
> "group": "confluent",
>
> "mode": 493,
>
> "modification_time": null,
>
> "modification_time_format": "%Y%m%d%H%M.%S",
>
> "owner": "cp-kafka",
>
> "path": "/etc/jmx_prometheus/",
>
> "recurse": false,
>
> "selevel": null,
>
> "serole": null,
>
> "setype": null,
>
> "seuser": null,
>
> "src": null,
>
> "state": "directory",
>
> "unsafe_writes": false
>
> }
>
> },
>
> "item": "/etc/jmx_prometheus/",
>
> "mode": "0755",
>
> "msg": "chown failed: [Errno 1] Operation not permitted: 
> '/etc/jmx_prometheus/'",
>
> "owner": "root",
>
> "path": "/etc/jmx_prometheus/",
>
> "secontext": "unconfined_u:object_r:etc_t:s0",
>
> "size": 4096,
>
> "state": "directory",
>
> "uid": 0
>
> ==
>
> Working fine,
>
> ansible-playbook prometheusjmxrole.yml -i ../inventory/staging.yaml -b 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/49482827-c301-4366-92af-50a02f68c761n%40googlegroups.com.

[ansible-project] become: true does not work but -b works

2024-05-14 Thread Sameer Modak

Hello team,

I am running a role like below despite putting become true for install task 
i get error. However if run with -b it works.

Getting error while running this ,

ansible-playbook prometheusjmxrole.yml -i ../inventory/staging.yaml

The full traceback is:

WARNING: The below traceback may *not* be related to the actual failure.

  File 
"/tmp/ansible_file_payload_CA4MQM/ansible_file_payload.zip/ansible/module_utils/basic.py",
 
line 841, in set_owner_if_different

os.lchown(b_path, uid, -1)

failed: [10.xx.xx.xxx] (item=/etc/jmx_prometheus/) => {

"ansible_loop_var": "item",

"changed": false,

"gid": 0,

"group": "root",

"invocation": {

"module_args": {

"_diff_peek": null,

"_original_basename": null,

"access_time": null,

"access_time_format": "%Y%m%d%H%M.%S",

"attributes": null,

"follow": true,

"force": false,

"group": "confluent",

"mode": 493,

"modification_time": null,

"modification_time_format": "%Y%m%d%H%M.%S",

"owner": "cp-kafka",

"path": "/etc/jmx_prometheus/",

"recurse": false,

"selevel": null,

"serole": null,

"setype": null,

"seuser": null,

"src": null,

"state": "directory",

"unsafe_writes": false

}

},

"item": "/etc/jmx_prometheus/",

"mode": "0755",

"msg": "chown failed: [Errno 1] Operation not permitted: 
'/etc/jmx_prometheus/'",

"owner": "root",

"path": "/etc/jmx_prometheus/",

"secontext": "unconfined_u:object_r:etc_t:s0",

"size": 4096,

"state": "directory",

"uid": 0

==

Working fine,

ansible-playbook prometheusjmxrole.yml -i ../inventory/staging.yaml -b 


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/46addbbb-aa64-4561-aa36-719b24dc2d0dn%40googlegroups.com.

Re: [ansible-project] become sudo not working for apt module

2024-05-13 Thread Stefan Hornburg (Racke)

On 14/05/2024 04:42, Gregory Machin wrote:

I have a number of ubuntu servers that I want to update using ansible via AWX.
my current test playbook :

---
- hosts: all
tasks:
- name: Test Connection
ansible.builtin.ping:

- name: Update Cache
become: true
apt:
update_cache: true

is not work as expected on the ubuntu servers.
The servers that have the root user configured are fine. But the Ubuntu servers
where the root user doesn't have a password set are failing with the following
error:

"Failed to lock apt for exclusive operation: Failed to lock directory
/var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13:
Permission denied)"

In AWX I have configured privilege escalation to use sudo but this doesnt help.

I have tried moving the become: yes statement but this did help.

Doe the apt module support the sudo ?

What have I missed ?

Thank you

Greg

Hello Greg,

you miss "become: true" in your playbook-

Regards
Racke

--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ansible-project+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5247dc46-a89e-4685-97af-53f8b91c8be8n%40googlegroups.com

--
Automation expert - Ansible and friends
Linux administrator & Debian maintainer
Perl Dancer & conference hopper

--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a3c42b1e-fe51-4706-8f08-ce0ea1ceb130%40linuxia.de.

[ansible-project] become sudo not working for apt module

2024-05-13 Thread Gregory Machin

Hi 

I have a number of ubuntu servers that I want to update using ansible via 
AWX. my current test playbook : 

---
 - hosts: all
   tasks:
   - name: Test Connection
 ansible.builtin.ping:

   - name: Update Cache
 become: true
 apt:
   update_cache: true

is not work as expected on the ubuntu servers. 
The servers that have the root user configured are fine. But the Ubuntu 
servers where the root user doesn't have a password set are failing with 
the following error: 

"Failed to lock apt for exclusive operation: Failed to lock directory 
/var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - 
open (13: Permission denied)"

In AWX I have configured privilege escalation to use sudo but this doesnt 
help. 

I have tried moving the become: yes statement but this did help. 

Doe the apt module support the sudo ? 

What have I missed ?

Thank you

 Greg

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5247dc46-a89e-4685-97af-53f8b91c8be8n%40googlegroups.com.

Re: [ansible-project] Ansible and aureport

2024-05-09 Thread John Harmon

I will give it a try, thank you.  Sorry about the slow reply--been a busy 
day

On Thursday, May 9, 2024 at 1:30:29 AM UTC-6 Dick Visser wrote:

> In any case, the following tasks works fine for me:
>
>
> ---
> - name: test
> become: true
> hosts: bar
> tasks:
> - name: foo
> command: aureport
> register: out
>
> - debug: var=out.stdout_lines
>
>
>
>
> TASK [debug] 
> ***
> ok: [bar] =>
> out.stdout_lines:
> - ''
> - Summary Report
> - ==
> - 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 
> 09:28:42.513'
> - 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
> - 'Number of changes in configuration: 3'
> - 'Number of changes to accounts, groups, or roles: 0'
> - 'Number of logins: 6'
> - 'Number of failed logins: 0'
> - 'Number of authentications: 1'
> - 'Number of failed authentications: 0'
> - 'Number of users: 4'
> - 'Number of terminals: 9'
> - 'Number of host names: 3'
> - 'Number of executables: 6'
> - 'Number of commands: 5'
> - 'Number of files: 0'
> - 'Number of AVC''s: 0'
> - 'Number of MAC events: 0'
> - 'Number of failed syscalls: 0'
> - 'Number of anomaly events: 0'
> - 'Number of responses to anomaly events: 0'
> - 'Number of crypto events: 0'
> - 'Number of integrity events: 0'
> - 'Number of virt events: 0'
> - 'Number of keys: 0'
> - 'Number of process IDs: 49'
> - 'Number of events: 221'
>
> On Thu, 9 May 2024 at 09:28, Dick Visser  wrote:
> >
> > On Thu, 9 May 2024 at 00:12, John Harmon  wrote:
> > >
> > > I am running this in my task file (tried shell, command, and raw). Any 
> idea why and how to work around the issue?:
> > >
> > > - name: Check number of AVCs
> > > ansible.builtin.raw: "aureport | grep -i avc"
> > > register: avcreport
> > >
> > > - debug:
> > > var: avcreport
> > >
> > > It returns a report with all zero values, but if I run this directly 
> on a server I get non-zero values. Can't seem to figure out why:
> > >
> > > "aureport_output.stdout_lines": [
> > > "",
> > > "Summary Report",
> > > "==",
> > > "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 
> 00:00:00.000",
> > > "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 
> 00:00:00.000",
> > > "Number of changes in configuration: 0",
> > > "Number of changes to accounts, groups, or roles: 0",
> > > "Number of logins: 0",
> > > "Number of failed logins: 0",
> > > "Number of authentications: 0",
> > > "Number of failed authentications: 0",
> > > "Number of users: 0",
> > > "Number of terminals: 0",
> > > "Number of host names: 0",
> > > "Number of executables: 0",
> > > "Number of commands: 0",
> > > "Number of files: 0",
> > > "Number of AVC's: 0",
> > > "Number of MAC events: 0",
> > > "Number of failed syscalls: 0",
> > > "Number of anomaly events: 0",
> > > "Number of responses to anomaly events: 0",
> > > "Number of crypto events: 0",
> > > "Number of integrity events: 0",
> > > "Number of virt events: 0",
> > > "Number of keys: 0",
> > > "Number of process IDs: 0",
> > > "Number of events: 0"
> >
> > This is NOT the output of the task you posted above, because that
> > command with the piped grep cannot return all those lines.
> > Can you post accurate playbooks and output?
> >
> > > Directly on the server I get this:
> > >
> > >
> > > Summary Report
> > > ==
> > > Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 
> 22:10:09.990
> > > Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
> > > Number of changes in configuration: 0
> > > Number of changes to accounts, groups, or roles: 0
> > > Number of logins: 15
> > > Number of failed logins: 705
> > > Number of authentications: 3
> > > Number of failed authentications: 0
> > > Number of users: 3
> > > Number of terminals: 6
> > > Number of host names: 5
> > > Number of executables: 21
> > > Number of commands: 31
> > > Number of files: 1401
> > > Number of AVC's: 15184
> > > Number of MAC events: 1124
> > > Number of failed syscalls: 544
> > > Number of anomaly events: 0
> > > Number of responses to anomaly events: 0
> > > Number of crypto events: 4990
> > > Number of integrity events: 0
> > > Number of virt events: 0
> > > Number of keys: 0
> > > Number of process IDs: 10864
> > > Number of events: 70010
> >
> >
> > I would suspect some environment variables are off, or the become logic 
> is off.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2e2affab-63af-4f10-bae0-5cdb1108495dn%40googlegroups.com.

Re: [ansible-project] Ansible and aureport

2024-05-09 Thread Dick Visser

In any case, the following tasks works fine for me:


---
- name: test
  become: true
  hosts: bar
  tasks:
- name: foo
  command: aureport
  register: out

- debug: var=out.stdout_lines




TASK [debug] 
***
ok: [bar] =>
  out.stdout_lines:
  - ''
  - Summary Report
  - ==
  - 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 09:28:42.513'
  - 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
  - 'Number of changes in configuration: 3'
  - 'Number of changes to accounts, groups, or roles: 0'
  - 'Number of logins: 6'
  - 'Number of failed logins: 0'
  - 'Number of authentications: 1'
  - 'Number of failed authentications: 0'
  - 'Number of users: 4'
  - 'Number of terminals: 9'
  - 'Number of host names: 3'
  - 'Number of executables: 6'
  - 'Number of commands: 5'
  - 'Number of files: 0'
  - 'Number of AVC''s: 0'
  - 'Number of MAC events: 0'
  - 'Number of failed syscalls: 0'
  - 'Number of anomaly events: 0'
  - 'Number of responses to anomaly events: 0'
  - 'Number of crypto events: 0'
  - 'Number of integrity events: 0'
  - 'Number of virt events: 0'
  - 'Number of keys: 0'
  - 'Number of process IDs: 49'
  - 'Number of events: 221'

On Thu, 9 May 2024 at 09:28, Dick Visser  wrote:
>
> On Thu, 9 May 2024 at 00:12, John Harmon  wrote:
> >
> > I am running this in my task file (tried shell, command, and raw).  Any 
> > idea why and how to work around the issue?:
> >
> > - name: Check number of AVCs
> >   ansible.builtin.raw: "aureport | grep -i avc"
> >   register: avcreport
> >
> > - debug:
> > var: avcreport
> >
> > It returns a report with all zero values, but if I run this directly on a 
> > server I get non-zero values.  Can't seem to figure out why:
> >
> > "aureport_output.stdout_lines": [
> > "",
> > "Summary Report",
> > "==",
> > "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 
> > 00:00:00.000",
> > "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 
> > 00:00:00.000",
> > "Number of changes in configuration: 0",
> > "Number of changes to accounts, groups, or roles: 0",
> > "Number of logins: 0",
> > "Number of failed logins: 0",
> > "Number of authentications: 0",
> > "Number of failed authentications: 0",
> > "Number of users: 0",
> > "Number of terminals: 0",
> > "Number of host names: 0",
> > "Number of executables: 0",
> > "Number of commands: 0",
> > "Number of files: 0",
> > "Number of AVC's: 0",
> > "Number of MAC events: 0",
> > "Number of failed syscalls: 0",
> > "Number of anomaly events: 0",
> > "Number of responses to anomaly events: 0",
> > "Number of crypto events: 0",
> > "Number of integrity events: 0",
> > "Number of virt events: 0",
> > "Number of keys: 0",
> > "Number of process IDs: 0",
> > "Number of events: 0"
>
> This is NOT the output of the task you posted above, because that
> command with the piped grep cannot return all those lines.
> Can you post accurate playbooks and output?
>
> > Directly on the server I get this:
> >
> >
> > Summary Report
> > ==
> > Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
> > Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
> > Number of changes in configuration: 0
> > Number of changes to accounts, groups, or roles: 0
> > Number of logins: 15
> > Number of failed logins: 705
> > Number of authentications: 3
> > Number of failed authentications: 0
> > Number of users: 3
> > Number of terminals: 6
> > Number of host names: 5
> > Number of executables: 21
> > Number of commands: 31
> > Number of files: 1401
> > Number of AVC's: 15184
> > Number of MAC events: 1124
> > Number of failed syscalls: 544
> > Number of anomaly events: 0
> > Number of responses to anomaly events: 0
> > Number of crypto events: 4990
> > Number of integrity events: 0
> > Number of virt events: 0
> > Number of keys: 0
> > Number of process IDs: 10864
> > Number of events: 70010
>
>
> I would suspect some environment variables are off, or the become logic is 
> off.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZFB-YstTHGBUBHY1uCdtf5B9_eSGhY%3DmEQmEO09pwGeg%40mail.gmail.com.

Re: [ansible-project] Ansible and aureport

2024-05-09 Thread Dick Visser

On Thu, 9 May 2024 at 00:12, John Harmon  wrote:
>
> I am running this in my task file (tried shell, command, and raw).  Any idea 
> why and how to work around the issue?:
>
> - name: Check number of AVCs
>   ansible.builtin.raw: "aureport | grep -i avc"
>   register: avcreport
>
> - debug:
> var: avcreport
>
> It returns a report with all zero values, but if I run this directly on a 
> server I get non-zero values.  Can't seem to figure out why:
>
> "aureport_output.stdout_lines": [
> "",
> "Summary Report",
> "==",
> "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 
> 00:00:00.000",
> "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 
> 00:00:00.000",
> "Number of changes in configuration: 0",
> "Number of changes to accounts, groups, or roles: 0",
> "Number of logins: 0",
> "Number of failed logins: 0",
> "Number of authentications: 0",
> "Number of failed authentications: 0",
> "Number of users: 0",
> "Number of terminals: 0",
> "Number of host names: 0",
> "Number of executables: 0",
> "Number of commands: 0",
> "Number of files: 0",
> "Number of AVC's: 0",
> "Number of MAC events: 0",
> "Number of failed syscalls: 0",
> "Number of anomaly events: 0",
> "Number of responses to anomaly events: 0",
> "Number of crypto events: 0",
> "Number of integrity events: 0",
> "Number of virt events: 0",
> "Number of keys: 0",
> "Number of process IDs: 0",
> "Number of events: 0"

This is NOT the output of the task you posted above, because that
command with the piped grep cannot return all those lines.
Can you post accurate playbooks and output?

> Directly on the server I get this:
>
>
> Summary Report
> ==
> Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
> Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
> Number of changes in configuration: 0
> Number of changes to accounts, groups, or roles: 0
> Number of logins: 15
> Number of failed logins: 705
> Number of authentications: 3
> Number of failed authentications: 0
> Number of users: 3
> Number of terminals: 6
> Number of host names: 5
> Number of executables: 21
> Number of commands: 31
> Number of files: 1401
> Number of AVC's: 15184
> Number of MAC events: 1124
> Number of failed syscalls: 544
> Number of anomaly events: 0
> Number of responses to anomaly events: 0
> Number of crypto events: 4990
> Number of integrity events: 0
> Number of virt events: 0
> Number of keys: 0
> Number of process IDs: 10864
> Number of events: 70010


I would suspect some environment variables are off, or the become logic is off.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLajbej%3D-GZqkY%3D%2BYDfvO7KwyGdigXfhp3royyqNsKZq%2BQ%40mail.gmail.com.

[ansible-project] Re: ansible Loop help

2024-05-08 Thread John Harmon

You mean something like this?

- name: Run status check 
  pps_check:
vm_ip: "{{ item }}"
url: 
"https://bldrapp.sys.comcast.net/api/v3/hosts/status?host-list=;
  register: status_check
  with_items: "{{ available_ips }}"
  async: 900  # Adjust the timeout based on the expected maximum time 
to complete the task (15 minutes)
  poll: 0
  tags:
- pps-status

- name: Wait for all tasks to complete
  async_status:
jid: "{{ item.ansible_job_id }}"
  register: job_result
  until: job_result.finished
  retries: 30  # Adjust as needed
  delay: 60# Adjust as needed
  with_items: "{{ status_check.results }}"
  tags:
- pps-status

- name: Gather results
  set_fact:
all_results: "{{ all_results | default([]) + [item] }}"
  loop: "{{ job_result.results }}"
  tags:
- pps-status

On Thursday, May 2, 2024 at 5:36:48 AM UTC-6 Thirumalai Raja A wrote:

> HI TEAM,
>
> below is my task to check the job completed status for the set of ips, and 
> for an ip approximately taking 15 mins to get the status. if i am having 5 
> number of ips its taking too long to complete my task.
>
> so i am looking for parallel options to check for this particular task. is 
> is passible to do that?
> if yes can anyone guide me pls.
>
>
> - name: PPS Playbook Status
>   pps_check:
> vm_ip: "{{ item }}"
> url: "
> https://bldrapp.sys.comcast.net/api/v3/hosts/status?host-list=;
>   register: status_check
>   with_items: "{{available_ips}}"
>   tags:
> - pps-status
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6cca0856-c720-4f98-a5f2-63e5b2ee9083n%40googlegroups.com.

[ansible-project] Re: Create a variable based on a variable

2024-05-08 Thread John Harmon

Just off the top of my head you can use set_fact.
- name: Set datacenter variable based on hostname
  set_fact:
datacenter: "datacenter{{ ansible_hostname[-1] }}"
  when: ansible_hostname | regex_search('^[a-zA-Z0-9]*[1-2]')

You can then just use {{ datacenter }} and it should populate correctly.  I 
haven't tested the above, but if it doesn't work it should at least put you 
in the ball park.
On Wednesday, May 8, 2024 at 11:52:26 AM UTC-6 andregr...@gmail.com wrote:

> i am quite a newbee with ansible, but i would suggest to 
> a) use host-variables with e.g. "datacenter" set to the matching 
> datacenter value or
> b) use a regex on the host variable to create the datacenter on it
>
> regards,
> andre
>
> Dimitri Yioulos schrieb am Mittwoch, 8. Mai 2024 um 18:34:36 UTC+2:
>
>> Hello, all.
>>
>> The subject of this post is probably terribly named. That said, here's 
>> what I'm trying to accomplish:
>>
>> I have two VMware vCenter hosts - vcenter1.mycompany.com and 
>> vcenter2.mycompany.com. Within each host is are two datacenters - 
>> datacenter1 and datacenter2. for each host, the datacenter alignments are 
>> vcenter1 -- datacenter1 and vcenter2 -- datacenter2.
>>
>> I have a number of playbooks that do actions against vCenter. For 
>> example, I have one deletes all snapshots. It looks like this:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * hosts: all  become: false  gather_facts: false  vars_prompt:- 
>> name: "vcenter_username"  prompt: "Enter your Vcenter username (without 
>> @vsphere.local)"  private: no- name: "vcenter_password"  
>> prompt: "Enter your VMware password"  private: yes- name: 
>> "vcenter_hostname"  prompt: "Enter your Vcenter host 
>> name:\nvcenter1\nvcenter2\n"  private: no- name: 
>> "vcenter_datacenter"  prompt: "Enter your Vcenter 
>> datacenter:\ndatacenter1\ndatacenter2\n"  private: no  tasks:- 
>> name: Find vm folder name  ~- name: Remove all snapshots of all 
>> VMs  community.vmware.vmware_guest_snapshot:hostname: "{{ 
>> vcenter_hostname }}.fmycompany.com "
>> username: "{{ vcenter_username }}@vsphere.local"password: "{{ 
>> vcenter_password }}"datacenter: "{{ vcenter_datacenter }} 
>> Datacenter"folder: "{{ vm_folder.folders | 
>> regex_replace(\"([\\[\\]'])\",'') }}"name: "{{ inventory_hostname 
>> }}"state: remove_allvalidate_certs: False  delegate_to: 
>> localhost*
>>
>> As you can see, at present, I have to provide the vCenter name, and the 
>> corresponding datacenter name in order for the playbook to work. I would 
>> like to eliminate the need to specify the datacenter name, and have that 
>> populate datacenter ("{{ vcenter_datacenter }} Datacenter") based on the 
>> vCenter host that I choose (hostname: "{{ vcenter_hostname }}.
>> fmycompany.com"). I'm not clever enough to suss that out, and would 
>> appreciate your help.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f649b281-ed50-46e0-963a-c477b65bd930n%40googlegroups.com.

[ansible-project] Ansible and aureport

2024-05-08 Thread John Harmon

I am running this in my task file (tried shell, command, and raw).  Any 
idea why and how to work around the issue?:

- name: Check number of AVCs
  ansible.builtin.raw: "aureport | grep -i avc"
  register: avcreport

- debug:
var: avcreport

It returns a report with all zero values, but if I run this directly on a 
server I get non-zero values.  Can't seem to figure out why:

"aureport_output.stdout_lines": [
"",
"Summary Report",
"==",
"Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 
00:00:00.000",
"Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 
00:00:00.000",
"Number of changes in configuration: 0",
"Number of changes to accounts, groups, or roles: 0",
"Number of logins: 0",
"Number of failed logins: 0",
"Number of authentications: 0",
"Number of failed authentications: 0",
"Number of users: 0",
"Number of terminals: 0",
"Number of host names: 0",
"Number of executables: 0",
"Number of commands: 0",
"Number of files: 0",
"Number of AVC's: 0",
"Number of MAC events: 0",
"Number of failed syscalls: 0",
"Number of anomaly events: 0",
"Number of responses to anomaly events: 0",
"Number of crypto events: 0",
"Number of integrity events: 0",
"Number of virt events: 0",
"Number of keys: 0",
"Number of process IDs: 0",
"Number of events: 0"

*Directly on the server I get this:*


Summary Report
==
Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 15
Number of failed logins: 705
Number of authentications: 3
Number of failed authentications: 0
Number of users: 3
Number of terminals: 6
Number of host names: 5
Number of executables: 21
Number of commands: 31
Number of files: 1401
Number of AVC's: 15184
Number of MAC events: 1124
Number of failed syscalls: 544
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 4990
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 10864
Number of events: 70010

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1d4727fa-01e6-4179-9e59-6bc17b49ca8fn%40googlegroups.com.

[ansible-project] Re: Create a variable based on a variable

2024-05-08 Thread andregr...@gmail.com

i am quite a newbee with ansible, but i would suggest to 
a) use host-variables with e.g. "datacenter" set to the matching datacenter 
value or
b) use a regex on the host variable to create the datacenter on it

regards,
andre

Dimitri Yioulos schrieb am Mittwoch, 8. Mai 2024 um 18:34:36 UTC+2:

> Hello, all.
>
> The subject of this post is probably terribly named. That said, here's 
> what I'm trying to accomplish:
>
> I have two VMware vCenter hosts - vcenter1.mycompany.com and 
> vcenter2.mycompany.com. Within each host is are two datacenters - 
> datacenter1 and datacenter2. for each host, the datacenter alignments are 
> vcenter1 -- datacenter1 and vcenter2 -- datacenter2.
>
> I have a number of playbooks that do actions against vCenter. For example, 
> I have one deletes all snapshots. It looks like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> * hosts: all  become: false  gather_facts: false  vars_prompt:- 
> name: "vcenter_username"  prompt: "Enter your Vcenter username (without 
> @vsphere.local)"  private: no- name: "vcenter_password"  
> prompt: "Enter your VMware password"  private: yes- name: 
> "vcenter_hostname"  prompt: "Enter your Vcenter host 
> name:\nvcenter1\nvcenter2\n"  private: no- name: 
> "vcenter_datacenter"  prompt: "Enter your Vcenter 
> datacenter:\ndatacenter1\ndatacenter2\n"  private: no  tasks:- 
> name: Find vm folder name  ~- name: Remove all snapshots of all 
> VMs  community.vmware.vmware_guest_snapshot:hostname: "{{ 
> vcenter_hostname }}.fmycompany.com "
> username: "{{ vcenter_username }}@vsphere.local"password: "{{ 
> vcenter_password }}"datacenter: "{{ vcenter_datacenter }} 
> Datacenter"folder: "{{ vm_folder.folders | 
> regex_replace(\"([\\[\\]'])\",'') }}"name: "{{ inventory_hostname 
> }}"state: remove_allvalidate_certs: False  delegate_to: 
> localhost*
>
> As you can see, at present, I have to provide the vCenter name, and the 
> corresponding datacenter name in order for the playbook to work. I would 
> like to eliminate the need to specify the datacenter name, and have that 
> populate datacenter ("{{ vcenter_datacenter }} Datacenter") based on the 
> vCenter host that I choose (hostname: "{{ vcenter_hostname }}.
> fmycompany.com"). I'm not clever enough to suss that out, and would 
> appreciate your help.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b9cdb162-a502-4637-9931-f4e79b45ab57n%40googlegroups.com.

[ansible-project] Create a variable based on a variable

2024-05-08 Thread Dimitri Yioulos

Hello, all.

The subject of this post is probably terribly named. That said, here's what 
I'm trying to accomplish:

I have two VMware vCenter hosts - vcenter1.mycompany.com and 
vcenter2.mycompany.com. Within each host is are two datacenters - 
datacenter1 and datacenter2. for each host, the datacenter alignments are 
vcenter1 -- datacenter1 and vcenter2 -- datacenter2.

I have a number of playbooks that do actions against vCenter. For example, 
I have one deletes all snapshots. It looks like this:





































* hosts: all  become: false  gather_facts: false  vars_prompt:- 
name: "vcenter_username"  prompt: "Enter your Vcenter username (without 
@vsphere.local)"  private: no- name: "vcenter_password"  
prompt: "Enter your VMware password"  private: yes- name: 
"vcenter_hostname"  prompt: "Enter your Vcenter host 
name:\nvcenter1\nvcenter2\n"  private: no- name: 
"vcenter_datacenter"  prompt: "Enter your Vcenter 
datacenter:\ndatacenter1\ndatacenter2\n"  private: no  tasks:- 
name: Find vm folder name  ~- name: Remove all snapshots of all 
VMs  community.vmware.vmware_guest_snapshot:hostname: "{{ 
vcenter_hostname }}.fmycompany.com"username: "{{ vcenter_username 
}}@vsphere.local"password: "{{ vcenter_password }}"
datacenter: "{{ vcenter_datacenter }} Datacenter"folder: "{{ 
vm_folder.folders | regex_replace(\"([\\[\\]'])\",'') }}"name: "{{ 
inventory_hostname }}"state: remove_allvalidate_certs: 
False  delegate_to: localhost*

As you can see, at present, I have to provide the vCenter name, and the 
corresponding datacenter name in order for the playbook to work. I would 
like to eliminate the need to specify the datacenter name, and have that 
populate datacenter ("{{ vcenter_datacenter }} Datacenter") based on the 
vCenter host that I choose (hostname: "{{ vcenter_hostname 
}}.fmycompany.com"). I'm not clever enough to suss that out, and would 
appreciate your help.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/424d790e-e657-405b-b720-8ce0448df4f4n%40googlegroups.com.

[ansible-project] ansible Loop help

2024-05-02 Thread Thirumalai Raja A

HI TEAM,

below is my task to check the job completed status for the set of ips, and
for an ip approximately taking 15 mins to get the status. if i am having 5
number of ips its taking too long to complete my task.

so i am looking for parallel options to check for this particular task. is
is passible to do that?
if yes can anyone guide me pls.


- name: PPS Playbook Status
  pps_check:
vm_ip: "{{ item }}"
url: "https://bldrapp.sys.comcast.net/api/v3/hosts/status?host-list=
"
  register: status_check
  with_items: "{{available_ips}}"
  tags:
- pps-status

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CALyK%3Dg_4hbNRwjeq0dbJYcJNi9_VmO%2Bd%2Bs6Ur%2B7Q2VrfCKZ40w%40mail.gmail.com.

Re: [ansible-project] Ansible hangs on gathering facts

2024-05-01 Thread Lnx Gnome

Hi Sven,
I don't have any ansible oriented solution for you, other than making the
ansible output - very verbose, but would offer that you look for more
traditional host based answers.
If it used to work, then when did it stop? What changes happened on the
host around that time? package updates and config changes are prime
candidates.
Look into your security tooling (selinux, apparmor, or even anti-virus
tools), particularly their log files, to see if they interact with the
ansible run, or those three services you mentioned.
Fall back to systems logs, and look for any other odd behavior. Since it's
a physical host, does it have ECC or Registered memory? A failing power
supply can introduce odd errors, particularly on a stressed system.
Regards,

On Fri, Apr 26, 2024 at 7:48 PM Sven Feyerabend 
wrote:

> Hi,
> thanks for the advice.
>
> Since the affected hosts are physical devices, that are remotely managed,
> I can't simply destroy them and spin up new ones.
> Therefore, I would be very interested in finding (at least) the cause of
> this if not a solution, so we can avoid it in the future.
>
> Do you have any ideas on how to further debug this?
>
> Kind regards,
> Sven
>
> Dick Visser schrieb am Donnerstag, 25. April 2024 um 13:36:06 UTC+2:
>
>> I would terminate the host and spin up a fresh one.
>> This means your host will be in a known clean state again.
>>
>> On Thu, 25 Apr 2024 at 12:45, Sven Feyerabend 
>> wrote:
>> >
>> > Hi everyone,
>> >
>> > I have a host where Ansible used to run correctly.
>> > A while ago, all runs of Ansible on this host started to hang on
>> Gathering Facts.
>> > I've searched on the internet for a solution, and found some tips on
>> how to debug this.
>> > So I ran Ansible with ANSIBLE_KEEP_REMOTE_FILES=1 and used
>> > python3 AnsiballZ_setup.py explode
>> > to look into this further.
>> > Running the module with strace did not yield any useful results, so I
>> used the gather_subset option with !all,!min and enabled the collectors one
>> by one.
>> > Using this method for all collectors in the min set, I found three
>> collectors which did not terminate: env, service_mgr, ssh_pub_keys
>> >
>> > I don't know how to proceed from here. My search on the internet
>> suggests stale network mounts as the main reason for such behavior, but we
>> don't have any on the affected host.
>> > I tried rebooting as well as upgrading all packages but the problem
>> persists.
>> > Is there a way to debug this further?
>> > Simply turning the gathering of facts off is not an option, as we rely
>> heavily on host dependent facts in some of our roles.
>> >
>> > Thanks in advance!
>> > Regards,
>> > Sven
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to ansible-proje...@googlegroups.com.
>> > To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/72a0a26d-efe6-4860-81a4-0be2e99d91dbn%40googlegroups.com.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fd91eb13-b3c9-4e2b-aab2-ae9a7401874fn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BrdrUGHM17h7JYEw9baO-3HA6ddJ1UcebGrFVoT5NsQaSDEzw%40mail.gmail.com.

[ansible-project] Re: Use docker_login and docker_compose_v2

2024-05-01 Thread Emilio Botero

@felixfontein any pointers?

On Tuesday, April 30, 2024 at 3:13:37 PM UTC-4 Emilio Botero wrote:

> Hi,
> I'm trying to authenticate to my private registry (AWS ECR) and use docker 
> compose to start my container. I have something like this:
>
> - name: Create AWS credentials file
>   ansible.builtin.copy:
> dest: "{{ user_details.home }}/.aws/credentials"
> content: |
>   [default]
>   aws_access_key_id = {{ aws_access_key_id }}
>   aws_secret_access_key = {{ aws_secret_access_key }}
> mode: "0600"
> force: true
>   register: aws_credentials_created
>
> - name: Authenticate to AWS
>   ansible.builtin.command: "aws ecr get-login-password --region {{ 
> aws_region }} --profile default"
>   register: ecr_login_password
>   changed_when: true
>
> - name: Docker login to AWS ECR
>   community.docker.docker_login:
> state: present
> username: "AWS"
> password: "{{ ecr_login_password.stdout }}"
> reauthorize: true  # what does this do?
> registry_url: "{{ registry_url }}"
>   changed_when: true
>
> - name: Docker compose container
>   community.docker.docker_compose_v2:
> project_src: "{{ user_details.home }}/{{ path_to_repos 
> }}/container"
> state: "present"
>
> I can't get the compose task to correctly pull the image from my private 
> registry given that I authenticated in the task before.  Is it even 
> possible to do this? Setting aside security best practices for the moment, 
> how do I get the compose task to pull the image? The compose file has a 
> pull policy of "always", so when the task tries to do like "docker compose 
> up", it will try to pull the image.
>
> See the error here:
> fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image", 
> "status": "Pulling", "what": "service"}], "changed": false, "cmd": 
> "/snap/bin/docker compose --ansi never --progress plain --project-directory 
> /home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --", 
> "containers": [], "images": [], "msg": "Error when processing my-image: 
> Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>  
> no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n 
> my-image Error \nError response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>  
> no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", " 
> my-image Error ", "Error response from daemon: Head \"
> https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
>  
> no basic auth credentials"], "stdout": "", "stdout_lines": []}
>
> Thanks,
>
> Emilio
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8a6e8a2b-dc7b-4910-84ab-09f4c8875153n%40googlegroups.com.

[ansible-project] Release announcement: Ansible community package 10.0.0a2 (Pre-Release)

2024-04-30 Thread 'Felix Fontein' via Ansible Project

Hello everyone,

We're happy to announce the release of the Ansible 10.0.0a2 package pre-release!

Ansible 10.0.0a2 depends on ansible-core 2.17.0rc1 and includes a curated set 
of Ansible collections that provide a vast number of modules, plugins, and 
roles. This is a pre-release of Ansible 10.

How to get it
-

This pre-release is available on PyPI and can be installed with pip:

```console
python3 -m pip install ansible==10.0.0a2 --user
```

The sources for this release can be found here:

Release tarball:

https://files.pythonhosted.org/packages/9c/ee/2f763bcfa2d184b29de1a1c1fdce83ee8b7f3a665292ac3237a9d7a3/ansible-10.0.0a2.tar.gz

SHA256:

52ea6280197d8232cefe6490d6d92db34ffd62059b8b12029033ccfbfb893c38

Wheel package:

https://files.pythonhosted.org/packages/1d/fa/a1e3e0db815e66fc6ef95a67e3f8787ec7e66a26a3f0ee1acbd3b88ac024/ansible-10.0.0a2-py3-none-any.whl

SHA256:

848fba58180590dd1efb7089cd735c191f06cc58871e19a379305e4bcd8395a4


Some important details
--

ansible-core is a separate package on which ansible depends. `pip install 
ansible` installs `ansible-core`, but it can also be installed independently of 
the ansible package.

Collections that have opted to join the Ansible 10 unified changelog will have 
an entry on this page:

https://github.com/ansible-community/ansible-build-data/blob/10.0.0a2/10/CHANGELOG-v10.md

For collections which have not opted-in to the unified changelog, you may find 
more information on

https://docs.ansible.com/ansible/latest/collections

or on the collection source repository. For example, the community.crypto 
collection is available at

https://docs.ansible.com/ansible/latest/collections/community/crypto/index.html

and you can find a link to the source repository under the “Repository 
(Sources)” button.

The changelog for ansible-core 2.17 installed by this release of Ansible 10 can 
be found here:

https://github.com/ansible/ansible/blob/v2.17/changelogs/CHANGELOG-v2.17.rst

What's the schedule for new Ansible releases after 10.0.0a2?


The next release roadmap can be found at

https://docs.ansible.com/ansible/devel/roadmap/ansible_roadmap_index.html

The Ansible community package release schedule follows the Ansible Core release 
schedule, including, for example, delays for holidays. This means Ansible 
releases happen every four weeks through most of the year, but release dates 
may be delayed when Ansible Core releases are.

Subscribe to the Bullhorn for all future release dates, announcements, and 
Ansible contributor community news.

Visit this link to subscribe: https://bit.ly/subscribe-bullhorn

You can find all past Bullhorn issues on the Ansible Community Forum at:

https://forum.ansible.com/c/news/bullhorn/17

Join the new Ansible Community Forum to follow along and participate in all the 
project and release related discussions and announcements. Feel free to share 
your thoughts, feedback, ideas and concerns there.

Register here to join the Ansible Forum:

https://forum.ansible.com

Porting Help


A unified porting guide for collections that have opted in is available here:

https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_10.html

Getting collection updates from Ansible 10 with older releases of ansible-core
--

Ansible 10 depends on ansible-core 2.17. Depending on your needs, you can get 
collection updates as they ship in the Ansible “batteries included” package 
while continuing to use older versions of ansible-core.

See the ansible-galaxy requirements file based on the collections from Ansible 
10 for this use case:

https://github.com/ansible-community/ansible-build-data/blob/10.0.0a2/10/galaxy-requirements.yaml

After you download the requirements file, you can install the collections by 
running the following command:

```console
ansible-galaxy collection install -r galaxy-requirements.yaml
```

On behalf of the Ansible community, thank you and happy automating!

Cheers,
Ansible Release Management Working Group


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20240430221415.425c3c40%40rovaniemi.

[ansible-project] Use docker_login and docker_compose_v2

2024-04-30 Thread Emilio Botero

Hi,
I'm trying to authenticate to my private registry (AWS ECR) and use docker 
compose to start my container. I have something like this:

- name: Create AWS credentials file
  ansible.builtin.copy:
dest: "{{ user_details.home }}/.aws/credentials"
content: |
  [default]
  aws_access_key_id = {{ aws_access_key_id }}
  aws_secret_access_key = {{ aws_secret_access_key }}
mode: "0600"
force: true
  register: aws_credentials_created

- name: Authenticate to AWS
  ansible.builtin.command: "aws ecr get-login-password --region {{ 
aws_region }} --profile default"
  register: ecr_login_password
  changed_when: true

- name: Docker login to AWS ECR
  community.docker.docker_login:
state: present
username: "AWS"
password: "{{ ecr_login_password.stdout }}"
reauthorize: true  # what does this do?
registry_url: "{{ registry_url }}"
  changed_when: true

- name: Docker compose container
  community.docker.docker_compose_v2:
project_src: "{{ user_details.home }}/{{ path_to_repos }}/container"
state: "present"

I can't get the compose task to correctly pull the image from my private 
registry given that I authenticated in the task before.  Is it even 
possible to do this? Setting aside security best practices for the moment, 
how do I get the compose task to pull the image? The compose file has a 
pull policy of "always", so when the task tries to do like "docker compose 
up", it will try to pull the image.

See the error here:
fatal: [18.208.187.13]: FAILED! => {"actions": [{"id": "my-image", 
"status": "Pulling", "what": "service"}], "changed": false, "cmd": 
"/snap/bin/docker compose --ansi never --progress plain --project-directory 
/home/ubuntu/docker/my-image up --detach --no-color --quiet-pull --", 
"containers": [], "images": [], "msg": "Error when processing my-image: 
Error response from daemon: Head 
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
 
no basic auth credentials", "rc": 18, "stderr": " my-image Pulling \n 
my-image Error \nError response from daemon: Head 
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
 
no basic auth credentials\n", "stderr_lines": [" my-image Pulling ", " 
my-image Error ", "Error response from daemon: Head 
\"https://account-id.dkr.ecr.region.amazonaws.com/v2/my-image/manifests/latest\":
 
no basic auth credentials"], "stdout": "", "stdout_lines": []}

Thanks,

Emilio

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4e958157-4c76-4e32-a6f6-069675318259n%40googlegroups.com.

[ansible-project] Getting error "Invalid operation" for VERSA SDWAN router in Ansible Automation

2024-04-29 Thread vishal lad



I am facing issue while connecting to VERSA FLEXVNF router via SSH through 
Bastion host with LDAP user where are everything working file with local 
user.

The main difference in the manual ssh login is that when I login with local 
user I get in to the linux shell whereas when I login with LDAP user is 
directly going to router CLI.

Note: LDAP user has all sudo rights

Local user uses default shell /bin/bash Ldap user uses default shell as 
/opt/versa/scripts/aaa_scripts/vshell

` bash-4.4# ansible --version ansible 2.9.18 config file = 
/etc/ansible/ansible.cfg configured module search path = 
['/var/lib/awx/.ansible/plugins/modules', 
'/usr/share/ansible/plugins/modules'] ansible python module location = 
/usr/lib/python3.6/site-packages/ansible executable location = 
/usr/bin/ansible python version = 3.6.8 (default, Aug 24 2020, 17:57:11) 
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

`
**Login with Local user:** [jumphostuser@JUMPHOST ~]$ ssh 
admin@TargetRouter 
*-* *  
Company assets, including this system, should be used only for* 
*  Company communications management approved purposes.  * 
* * *  
You should be aware that it may be a criminal offence to secure* *
unauthorised access to any program or data in the system or  * *  
to make any unauthorised modification to its contents. * 
* * *  
If you are not authorised by Company management to access this* 
* system, please LOGOFF now.  * 
* * * 
Company internal systems business authorised management audit any time * 
*-* 
admin@TargetRouter's password: .---., ( ``. _ \ ) __  _ _ ( 
`. \ / \ \ / / | __ \ / | /\ \ `. ) / \ \ / /| |__ | |__) | (___ / 
\ \ | / \ \/ / | __| | _ / \___ \ / /\ \ \ | / \ / | || | \ \ ) / 
 \ \ | / \/ |__|_| \_\_/_/ \_\ \ | / \_|/ ___ _ _ ___ ___ _ 
___ | __| | | __\ \/ | \ / / \| | __| | _|| |__| _| > < \ V /| .` | _| |_| 
||___/_/\_\ \_/ |_|\_|_| Versa FlexVNF software Release : 21.2.3 (GA) 
Release date: 20230909 Package ID : 9397b39 Last login: Fri Mar 15 13:52:14 
2024 from XX.XX.XX.XX [admin@TargetRouter: ~] $ [admin@TargetRouter: ~] $ 
[admin@TargetRouter: ~] $ **Login with LDAP user:** [jumphostuser@JUMPHOST 
~]$ ssh jumphostuser@TargetIP 
*-* *  
Company assets, including this system, should be used only for* 
*  Company communications management approved purposes.  * 
* * *  
You should be aware that it may be a criminal offence to secure* *
unauthorised access to any program or data in the system or  * *  
to make any unauthorised modification to its contents. * 
* * *  
If you are not authorised by Company management to access this* 
* system, please LOGOFF now.  * 
* * * 
Company internal systems business authorised management audit any time * 
*-* 
jumphostuser@TargetIP's password: .---., ( ``. _ \ ) __  _ 
_ ( `. \ / \ \ / / | __ \ / | /\ \ `. ) / \ \ / /| |__ | |__) | 
(___ / \ \ | / \ \/ / | __| | _ / \___ \ / /\ \ \ | / \ / | || | \ \ 
) /  \ \ | / \/ |__|_| \_\_/_/ \_\ \ | / \_|/ ___ _ _ 
___ ___ _ ___ | __| | | __\ \/ | \ / / \| | __| | _|| |__| _| > < \ V /| .` 
| _| |_| ||___/_/\_\ \_/ |_|\_|_| Versa FlexVNF software Release : 
21.2.3 (GA) Release date: 20230909 Package ID : 9397b39 Last login: Mon Mar 
18 13:13:13 2024 from XX.XX.XX.XX .---., ( ``. _ \ ) __  _ 
_ ( `. \ / \ \ / / | __ \ / | /\ \ `. ) / \ \ / /| |__ | |__) | 
(___ / \ \ | / \ \/ / | __| | _ / \___ \ / /\ \ \ | / \ / | || | \ \ 
) /  \ \ | / \/ |__|_| \_\_/_/ \_\ \ | / \_|/ _ _ ___ 
___ _ ___ _ _ | \| | __|_ _\ \ / / _ \| _ \ |/ / __| | .` | _| 
| | \ \/\/ / (_) | / ' <\__ \ |_|\_|___| |_| \_/\_/ \___/|_|_\_|\_\___/ 
jumphostuser connected from XX.XX.XX.XX using ssh on TargetRouter 
jumphostuser@TargetRouter-cli> = * 
As I am directly going into CLI with LDAP user so trying send raw command 
"show system uptime". Below is my yaml === --- - 
name: ssh connection test hosts: all become: false gather_facts: no tasks: 
- name: Get current Spack version raw: 'show

Re: [ansible-project] Ansible hangs on gathering facts

2024-04-26 Thread Sven Feyerabend

Hi,
thanks for the advice.

Since the affected hosts are physical devices, that are remotely managed, I 
can't simply destroy them and spin up new ones.
Therefore, I would be very interested in finding (at least) the cause of 
this if not a solution, so we can avoid it in the future.

Do you have any ideas on how to further debug this?

Kind regards,
Sven

Dick Visser schrieb am Donnerstag, 25. April 2024 um 13:36:06 UTC+2:

> I would terminate the host and spin up a fresh one.
> This means your host will be in a known clean state again.
>
> On Thu, 25 Apr 2024 at 12:45, Sven Feyerabend  
> wrote:
> >
> > Hi everyone,
> >
> > I have a host where Ansible used to run correctly.
> > A while ago, all runs of Ansible on this host started to hang on 
> Gathering Facts.
> > I've searched on the internet for a solution, and found some tips on how 
> to debug this.
> > So I ran Ansible with ANSIBLE_KEEP_REMOTE_FILES=1 and used
> > python3 AnsiballZ_setup.py explode
> > to look into this further.
> > Running the module with strace did not yield any useful results, so I 
> used the gather_subset option with !all,!min and enabled the collectors one 
> by one.
> > Using this method for all collectors in the min set, I found three 
> collectors which did not terminate: env, service_mgr, ssh_pub_keys
> >
> > I don't know how to proceed from here. My search on the internet 
> suggests stale network mounts as the main reason for such behavior, but we 
> don't have any on the affected host.
> > I tried rebooting as well as upgrading all packages but the problem 
> persists.
> > Is there a way to debug this further?
> > Simply turning the gathering of facts off is not an option, as we rely 
> heavily on host dependent facts in some of our roles.
> >
> > Thanks in advance!
> > Regards,
> > Sven
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/72a0a26d-efe6-4860-81a4-0be2e99d91dbn%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fd91eb13-b3c9-4e2b-aab2-ae9a7401874fn%40googlegroups.com.

[ansible-project] Re: Can't Use Standard become_method As Have To Use rootsh. Options?

2024-04-26 Thread Nirjas Jakilim

Hi, I have used the wrapper method. but it's giving me the privilege 
escalation time out error.
Ansible Timeout (12s) waiting for privilege escalation prompt
Can you please tell me what you have used on the playbook after setting the 
wrapper? Thanks.

On Tuesday, October 24, 2017 at 7:11:15 PM UTC+6 Holger Foerster wrote:

> here my solution:
>
> ansible_host:
> egrep "^sudo_exe|^sudo_flags" /etc/ansible/ansible.cfg
> sudo_exe = /tmp/ansible_wrapper
> sudo_flags =
>
> target_host:
> cat /tmp/ansible_wrapper
> shift
> shift
> sudo /usr/bin/rootsh -u root -- $@
>
> playbook to create ansible_wrapper:
> ---
> - hosts: target_host
>   gather_facts: False
>   become: no
>
>   tasks:
>   - name: create ansible_wrapper file ...
> copy: dest="/tmp/ansible_wrapper" content="shift\nshift\nsudo 
> /usr/bin/rootsh -u root -- $@\n\n" force=no
>
>   - name: modify ansible_wrapper file ...
> file: path="/tmp/ansible_wrapper" mode="777"
>
> - using of the wrapper:
> ansible target_host -a "id -a" -b --become-method=sudo
> target_host | SUCCESS | rc=0 >>
> uid=0(root) gid=0(root) groups=0(root)
>
>
>
>
> Am Donnerstag, 10. März 2016 09:03:48 UTC+1 schrieb Colin Anderson:
>>
>> Hi,
>>
>> The central IT function at my company allows developers root access to a 
>> server for a short period of time to allow us to install any required 
>> middelware and application software when we are commissioning a server. 
>> I've been looking at using Ansible to automate this process to prevent user 
>> errors and make the process more efficient. The problem that I've run into 
>> is that they only allow root access using the following sudo call:
>>
>> sudo rootsh -i -u root
>>
>> This uses a logging shell wrapper, rootsh (man page 
>> ), to log all terminal input and 
>> output for audit purposes. We can't change this and it means we can't use 
>> any of the standard become_methods that Ansible uses.
>>
>> Is there any way of adding a become_method to Ansible that would call the 
>> above command instead of just sudo? Alternatively, is there anyway of 
>> getting Ansible to run rootsh when it requests elevated privileges?
>>
>> I did try the following in the vain hope that it might work, but as I 
>> feared, it failed:
>>
>> site.yml:
>> ---
>>   - hosts: vagrant-servers
>> become: yes
>> become_user: root
>> become_method: sudo rootsh -i -u root
>>
>> roles:
>>   - ansible-oracle-java-master
>>
>>
>> Play output:
>> vagrant@ansible-master:~$ ansible-playbook -i hosts site.yml
>>
>> PLAY 
>> ***
>>
>> TASK [setup] 
>> ***
>> fatal: [10.10.1.4]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
>> escalation method not found: sudo rootsh -i -u root"}
>> fatal: [10.10.1.5]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
>> escalation method not found: sudo rootsh -i -u root"}
>> fatal: [10.10.1.6]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
>> escalation method not found: sudo rootsh -i -u root"}
>> fatal: [10.10.1.3]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
>> escalation method not found: sudo rootsh -i -u root"}
>>
>> NO MORE HOSTS LEFT 
>> *
>>
>> PLAY RECAP 
>> *
>> 10.10.1.3  : ok=0changed=0unreachable=0failed
>> =1
>> 10.10.1.4  : ok=0changed=0unreachable=0failed
>> =1
>> 10.10.1.5  : ok=0changed=0unreachable=0failed
>> =1
>> 10.10.1.6  : ok=0changed=0unreachable=0failed
>> =1
>>
>> vagrant@ansible-master:~$
>>
>> Thanks,
>> Colin.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/894e1e1f-f90c-42be-8eef-3d2b7d516240n%40googlegroups.com.

Re: [ansible-project] how to run play for subgroup when children has same name

2024-04-25 Thread Todd Lewis

Brian said what to do, but left /how to do it/ as a (very worthwhile) 
exercise for the reader.

It could look something like

when: group_names | select('search', '_broker' ) | length > 0  # matches 
all the broker groups
when: group_names | select('search', kenv ~ '_app_zoo') | length > 0 # 
app_zoo hosts in {{ kenv }} environment
when: "'kafka_dev' in group_names"  # matches all your dev environment hosts
when: "'kafka_dev_app_zoo' in group_names"  # matches all your dev app zoo 
hosts

In jinja templates, those become if conditionals:

{% if group_names | select('search', '_broker' ) | length > 0 %}
{% if group_names | select('search', kenv ~ '_app_zoo') | length > 0 %}
{% if 'kafka_dev' in group_names" %}
{% if 'kafka_dev_app_zoo' in group_names" %}

Sorry to be slow to respond. It's been crazy busy at work.
—
Todd

On 4/22/24 2:12 PM, Sameer Modak wrote:
That was useful. But  i still  did not quite get how do we pass 
*kafka_dev* in j2 or during runtime like we dont know before hand what 
group we will be running against.*

*
*
*so in when condition can we pass something like this when group is 
**kafka_dev***

*
On Friday, April 19, 2024 at 8:37:51 PM UTC+5:30 Todd Lewis wrote:

Oops. That second "children:" under "kafka:" shouldn't be there.
Otherwise, it's pretty close.

On Friday, April 19, 2024 at 10:58:32 AM UTC-4 Todd Lewis wrote:

It appears you are trying to define two different "*broker*"
groups: one as a child of the "*dev_kafka_cluster*" and
another as a child of "*qa_kafka_cluster*".

That isn't how groups work. There is only one "*broker*"
group. You have added hosts to the "*broker*" group in two places.

(Also, "*App*" as a group name should be lower-case letters.)

Let me suggest an alternative inventory/group arrangement that
implements this naming scheme:
*kafka[_{$env}[_{app,web,db}[_{zoo,broker,schema}]]]
*In this scheme, there isn't a "*broker*" group. Instead there
are groups named "*kafka_dev_app_broker*" and
"*kafka_qa_app_broker*" (and eventually a "*kafka_prd**" set I
imagine).

I call this type of group naming scheme "fully articulated" —
any group you care to specify is completely unambiguous. It's
a set of strict hierarchies (in this case there's only one
hierarchy: "*kafka*"), and hosts appear in a particular
hierarchy exactly once. (If you find yourself trying to inject
a host in two different places, you either need to rethink
your hierarchy's structure, or maybe you need two hierarchies.)

We have on occasion included an "*all*" environment (like
"*dev*" and "*qa*"). If you did that, there would be a
corresponding "*kafka_all**" group for any "*kafka_dev**" or
"*kafka_qa**" groups. Then you could target all the brokers
with "*kafka_all_app_broker*" instead of
"*kafka_dev_app_broker**,**kafka_qa_app_broker*". You would
have to decide if the benefit is worth the extra text you have
to maintain in your inventory.

Your inventory would look like this:

kafka:
   children:
 kafka_dev:
   children:
 kafka_dev_app:
   children:
 kafka_dev_app_zoo:
   hosts:
 dev1-main-zookpr[01:05].dev
 kafka_dev_app_broker:
   hosts:
 dev1-main-kafka[01:06].dev
 kafka_dev_app_schema:
   hosts:
 dev1-main-kafka[01:06].dev
 kafka_dev_web: […] # omitted for brevity,
 kafka_dev_db: […]  # but you get the idea.
   children:
 kafka_qa:
   children:
 kafka_qa_app:
   children:
 kafka_qa_app_zoo:
   hosts:
 qa1-main-zookpr[01:03].qa
 kafka_qa_app_broker:
   hosts:
 qa1-main-kafka[01:06].qa
 kafka_qa_app_schema:
   hosts:
 qa1-main-kafka[04:06].qa
 kafka_qa_web: […] # omitted for brevity,
 kafka_qa_db: […]  # but you get the idea.


On 4/19/24 8:40 AM, Sameer Modak wrote:

I have an inventory something like this , each main cluster
has children like broker.
Now how do i run any tasks against perticular group.broker.
When we pass the group with --limit it does not work it runs
on all broker.  Also  main playbook has hosts:all in it

annsible/grafana-agent-play.yaml -i kafka_inventory.yaml
--limit qa_kafka_cluster -u sam -k -b

dev_kafka:

      children:

        App:

Re: [ansible-project] Unusal behaviour with set_fact and add_host

2024-04-25 Thread Todd Lewis

I've been staring at this for quite a while. I was able to reproduce 
your issue, and I now understand what's going on.


Rather than trying to duplicate the "single vs. multiple ips on an 
interface", I just ran a playbook against two hosts (tango and 
cloister), and did


- name: Set is_leader for tango and cloister
  ansible.builtin.set_fact:
is_leader: '{{ true if inventory_hostname == "tango" else false }}'

After that, I could play with ansible.builtin.add_host. And that's where 
the confusion starts. Everything works "as expected" except for theses 
add_host tasks. So I went back and read the document on add_host very 
closely. I had not appreciated this bit about the bypass_host_loop 
property 
:


   *Forces a ‘global’ task* that *does not execute per host*, this
   *bypasses per host templating and serial, throttle and other loop
   considerations*

   Conditionals will work *as if |run_once| is being used*, variables
   used will be from the *first available host*

   This action will not work normally outside of lockstep strategies

So you can't run ansible.builtin.add_host on all your hosts the same way 
you would, well, almost everything else. *If you want to loop over all 
your hosts* (which is the default behavior for most other modules), 
*then you have to do it explicitly*, like this:


- name: Display is_leader for all hosts
  ansible.builtin.debug:
var: is_leader

- name: Show groups BEFORE add_host
  ansible.builtin.debug:
msg: "{{ groups }}"

- name: Add hosts to either the nodes_prim or nodes_stby group
  *ansible.builtin.add_host*:
name: "*{{ item }}*"
groups:
  - "{{ 'nodes_prim' if*hostvars[item].is_leader*  else 'notes_stby' }}"
  *loop: "{{ ansible_play_hosts }}"*

- name: Show groups AFTER add_host
  ansible.builtin.debug:
msg: "{{ groups }}"


On 4/23/24 6:28 PM, Todd Lewis wrote:
All that said, I don't see why this one task wouldn't work for your 
purposes:

 - name: Add hosts to groups
   ansible.builtin.add_host:
 name: "{{ inventory_hostname }}"
 groups:
   - nodes
   - "{{ 'nodes_prim' if is_active | d(false) else 'nodes_stby' }}"

On 4/23/24 5:40 PM, Todd Lewis wrote:
Hard to say. The job log you show doesn't match the tasks in the 
playbook you posted. They seem to be the same down to the "Debug 
is_leader value" task, but after that the task names in the log don't 
match those in the playbook.


In the playbook you posted, task "Add standby host" an task "Add 
primary host" both add the hosts to the same group. That may be a 
source of your problem. But as we don't see the output for those 
tasks …, hmm.

—
Todd

On 4/23/24 4:03 PM, 'deewon' via Ansible Project wrote:

ansible version: 2:11.2
jinja version: 3.0.3
python version: 3.6.8

Hello all

I have a peculiar problem with a relatively simple playbook I have 
written. It basically checks 2 servers to determine which one has 
more than 1 IP and uses that to set a simp;e fact called "is_leader" 
for each node.


This fact is then to be used  to build an in-memory inventory using 
module add_host to iterate through the servers based on the value of 
that fact. See below:


- name: Get Server Recycling Order
  hosts: "{{ my_servers | default ('localhost') }}"
  become: yes
  become_method: sudo
  become_user: root

  tasks:

    - name: Set Patching Sequence
      tags: always
      block:

         - name: Get IP addresses of eth0 using nmcli command
           command: nmcli -g ip4.address conn show "System eth0"
           register: nmcli_output
           changed_when: false


         - name: Get nmcli output
           debug:
             var: nmcli_output


         - name: Set is_leader variable based on number of IPs
           set_fact:
             is_leader: "{{ (nmcli_output.stdout.split('|') | 
length) > 1 }}"



         - name: Display if server is ACTIVE (1) or PASSIVE (0)
           debug:
             var: is_leader


         - name: Debug is_leader value
           debug:
              msg: "is_leader value for {{ inventory_hostname }} is 
{{ is_leader }}"



         - name: Add standby host
           add_host:
              name: "{{ inventory_hostname }}"
              groups: nodes
           when: not is_leader

         - name: Add primary host
           add_host:
              name: "{{ inventory_hostname }}"
              groups: nodes
           when: is_leader

#- name: Execute tasks on servers in a specified order
#  hosts: nodes
#  gather_facts: no
#  serial: 1
#  tasks:
#    - name: Run a command in a specified order
#      command: echo "Running on {{ inventory_hostname }}"
#      tags: always

The problem is that when this runs, the  "is_leader" fact is  
ignored for when the condition is false and the standby node is  not

Re: [ansible-project] how to run play for subgroup when children has same name

2024-04-25 Thread Brian Coca

See `select` (or `reject`) filter with `match` test, you can use it to
go over group_names.

-- 
--
Brian Coca (he/him/yo)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7ewK9Ywj7B--eBP2UsWCXuYfzvKWpWBzChoUvt-Yv0nGQ%40mail.gmail.com.

Re: [ansible-project] Unusal behaviour with set_fact and add_host

Thanks Todd. My messages kept getting deleted so I thought to try again

I probably over-redacted the output of the playbook to only show the 
relevant bits. The full playbook is below:

== playbook ==

- name: Get Server Recycling Order
  hosts: "{{ my_servers | default ('localhost') }}"
  become: yes
  become_method: sudo
  become_user: root

  tasks:

- name: Set Patching Sequence
  tags: always
  block:

 - name: Get IP addresses of eth0 using nmcli command
   command: nmcli -g ip4.address conn show "System eth0"
   register: nmcli_output
   changed_when: false


 - name: Get nmcli output
   debug:
 var: nmcli_output


 - name: Set is_leader variable based on number of IPs
   set_fact:
 is_leader: "{{ (nmcli_output.stdout.split('|') | length) > 1 
}}"


 - name: Display if server is ACTIVE (1) or PASSIVE (0)
   debug:
 var: is_leader


 - name: Debug is_leader value
   debug:
  msg: "is_leader value for {{ inventory_hostname }} is {{ 
is_leader }}"
 

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to stby group 
based on is_leader = {{ is_leader }}"
   when: is_leader is false

 - name: Add standby proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_stby
   when: is_leader == False

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to prim group 
based on is_leader = {{ is_leader }}"
   when: is_leader == True

 - name: Add primary proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_prim
   when: is_leader == True

== output ==

PLAY [Get Server Recycling Order] 
**

TASK [Gathering Facts] 
*

ok: [node-2]
ok: [node-1]

TASK [Get IP addresses of eth0 using nmcli command] 


ok: [node-2] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],

}

STDOUT:

x.x.x.x/x
ok: [node-1] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],

}

STDOUT:

x.x.x.x/x | y.y.y.y/y

TASK [Get nmcli output] 

ok: [node-1] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"stderr": "",
"stderr_lines": [],
"stdout": "x.x.x.x/x | y.y.y.y/y",
"stdout_lines": [
"x.x.x.x/x | y.y.y.y/y"
]
}
}
ok: [node-2] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"stderr": "",
"stderr_lines": [],
"stdout": "x.x.x.x/x",
"stdout_lines": [
"x.x.x.x/x"
]
}
}

TASK [Set is_leader variable based on number of IPs] 
**
ok: [node-1] => {
"ansible_facts": {
"is_leader": true
},
"changed": false
}
ok: [node-2] => {
"ansible_facts": {
"is_leader": false
},
"changed": false
}

TASK [Display if server is ACTIVE (1) or PASSIVE (0)] 
**
ok: [node-1] => {
"is_leader": true
}
ok: [node-2] => {
"is_leader": false
}

TASK [Debug is_leader value] 
**
ok: [node-1] => {}

MSG:

is_leader value for node-1 is True
ok: [node-2] => {}

MSG:

is_leader value for node-2 is False

TASK [Re-confirm is_leader before adding to group] 

skipping:

Re: [ansible-project] Unusal behaviour with set_fact and add_host

Thanks Todd. My messages kept getting deleted so I thought to try again

I probably over-redacted the output of the playbook to only show the 
relevant bits. The full playbook is below:

== playbook ==

- name: Get Server Recycling Order
  hosts: "{{ my_servers | default ('localhost') }}"
  become: yes
  become_method: sudo
  become_user: root

  tasks:

- name: Set Patching Sequence
  tags: always
  block:

 - name: Get IP addresses of eth0 using nmcli command
   command: nmcli -g ip4.address conn show "System eth0"
   register: nmcli_output
   changed_when: false


 - name: Get nmcli output
   debug:
 var: nmcli_output


 - name: Set is_leader variable based on number of IPs
   set_fact:
 is_leader: "{{ (nmcli_output.stdout.split('|') | length) > 1 
}}"


 - name: Display if server is ACTIVE (1) or PASSIVE (0)
   debug:
 var: is_leader


 - name: Debug is_leader value
   debug:
  msg: "is_leader value for {{ inventory_hostname }} is {{ 
is_leader }}"
 

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to stby group 
based on is_leader = {{ is_leader }}"
   when: is_leader is false

 - name: Add standby proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_stby
   when: is_leader == False

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to prim group 
based on is_leader = {{ is_leader }}"
   when: is_leader == True

 - name: Add primary proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_prim
   when: is_leader == True

== output ==

PLAY [Get Server Recycling Order] 
**

TASK [Gathering Facts] 
*
Tuesday 23 April 2024  19:46:14 + (0:00:00.084)   0:00:00.109 
*
ok: [node-2]
ok: [node-1]

TASK [Get IP addresses of eth0 using nmcli command] 

Tuesday 23 April 2024  19:46:29 + (0:00:15.167)   0:00:15.277 
*
ok: [node-2] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.026130",
"end": "2024-04-23 15:46:30.828281",
"rc": 0,
"start": "2024-04-23 15:46:30.802151"
}

STDOUT:

192.168.10.11/24
ok: [node-1] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.038040",
"end": "2024-04-23 15:46:30.893109",
"rc": 0,
"start": "2024-04-23 15:46:30.855069"
}

STDOUT:

192.168.10.10/24 | 192.168.4.1/32

TASK [Get nmcli output] 

Tuesday 23 April 2024  19:46:31 + (0:00:01.458)   0:00:16.736 
*
ok: [node-1] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.038040",
"end": "2024-04-23 15:46:30.893109",
"failed": false,
"msg": "",
"rc": 0,
"start": "2024-04-23 15:46:30.855069",
"stderr": "",
"stderr_lines": [],
"stdout": "192.168.10.10/24 | 192.168.4.1/32",
"stdout_lines": [
"192.168.10.10/24 | 192.168.4.1/32"
]
}
}
ok: [node-2] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.026130",
"end": "2024-04-23 15:46:30.828281",
"failed": false,
"msg": "",
"rc": 0,
"start": "2024-04-23 15:46:30.802151",
"stderr": "",
"stderr_lines": [],
"stdout": "192.168.10.11/24",
"stdout_lines": [
"192.168.10.11/24"
]
}
}

TASK [Set is_leader variable based on number of IPs] 
**
Tuesday 23 April 2024

Re: [ansible-project] Unusal behaviour with set_fact and add_host

Thanks Todd. My messages kept getting deleted so I thought to try again

I probably over-redacted the output of the playbook to only show the 
relevant bits. The full playbook is below:

== playbook ==

- name: Get Server Recycling Order
  hosts: "{{ my_servers | default ('localhost') }}"
  become: yes
  become_method: sudo
  become_user: root

  tasks:

- name: Set Patching Sequence
  tags: always
  block:

 - name: Get IP addresses of eth0 using nmcli command
   command: nmcli -g ip4.address conn show "System eth0"
   register: nmcli_output
   changed_when: false


 - name: Get nmcli output
   debug:
 var: nmcli_output


 - name: Set is_leader variable based on number of IPs
   set_fact:
 is_leader: "{{ (nmcli_output.stdout.split('|') | length) > 1 
}}"


 - name: Display if server is ACTIVE (1) or PASSIVE (0)
   debug:
 var: is_leader


 - name: Debug is_leader value
   debug:
  msg: "is_leader value for {{ inventory_hostname }} is {{ 
is_leader }}"
 

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to stby group 
based on is_leader = {{ is_leader }}"
   when: is_leader is false

 - name: Add standby proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_stby
   when: is_leader == False

 - name: Re-confirm is_leader before adding to group
   debug:
  msg: "Preparing to add {{ inventory_hostname }} to prim group 
based on is_leader = {{ is_leader }}"
   when: is_leader == True

 - name: Add primary proxysql node
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes_prim
   when: is_leader == True

== output ==

PLAY [Get Server Recycling Order] 
**

TASK [Gathering Facts] 
*
Tuesday 23 April 2024  19:46:14 + (0:00:00.084)   0:00:00.109 
*
ok: [node-2]
ok: [node-1]

TASK [Get IP addresses of eth0 using nmcli command] 

Tuesday 23 April 2024  19:46:29 + (0:00:15.167)   0:00:15.277 
*
ok: [node-2] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.026130",
"end": "2024-04-23 15:46:30.828281",
"rc": 0,
"start": "2024-04-23 15:46:30.802151"
}

STDOUT:

192.168.10.11/24
ok: [node-1] => {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.038040",
"end": "2024-04-23 15:46:30.893109",
"rc": 0,
"start": "2024-04-23 15:46:30.855069"
}

STDOUT:

192.168.10.10/24 | 192.168.4.1/32

TASK [Get nmcli output] 

Tuesday 23 April 2024  19:46:31 + (0:00:01.458)   0:00:16.736 
*
ok: [node-1] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.038040",
"end": "2024-04-23 15:46:30.893109",
"failed": false,
"msg": "",
"rc": 0,
"start": "2024-04-23 15:46:30.855069",
"stderr": "",
"stderr_lines": [],
"stdout": "192.168.10.10/24 | 192.168.4.1/32",
"stdout_lines": [
"192.168.10.10/24 | 192.168.4.1/32"
]
}
}
ok: [node-2] => {
"nmcli_output": {
"changed": false,
"cmd": [
"nmcli",
"-g",
"ip4.address",
"conn",
"show",
"System eth0"
],
"delta": "0:00:00.026130",
"end": "2024-04-23 15:46:30.828281",
"failed": false,
"msg": "",
"rc": 0,
"start": "2024-04-23 15:46:30.802151",
"stderr": "",
"stderr_lines": [],
"stdout": "192.168.10.11/24",
"stdout_lines": [
"192.168.10.11/24"
]
}
}

TASK [Set is_leader variable based on number of IPs] 
**
Tuesday 23 April 2024

Re: [ansible-project] Getting hostnames from a fact

2024-04-25 Thread lift...@gmail.com

I used the stat module as suggested by Todd and it worked perfectly.  I 
appreciate the suggestion and for setting me straight.

Thanks,
Harry

On Thursday, April 25, 2024 at 4:09:28 AM UTC-4 Stuart Lowe wrote:

> Something like this should work?
>
> ---
>
> - hosts: my_hosts
>
>   become: true
>
>   become_method: sudo
>
>   gather_facts: false
>
>  
>
>   tasks:
>
>  
>
>   - name: Determine if /var/log/messages is zero-length
>
> ansible.builtin.find:
>
>   paths: /var/log
>
>   patterns: messages
>
> register: messages_files
>
>  
>
>   - name: Check if /var/log/messages is zero length
>
> ansible.builtin.stat:
>
>   path: "{{ item.path }}"
>
> register: file_details
>
> with_items: "{{ messages_files.files }}"
>
> when: messages_files.matched > 0
>
>  
>
>   - name: Restart rsyslog service if /var/log/messages is zero length
>
> ansible.builtin.systemd:
>
>   name: rsyslog
>
>   state: restarted
>
> when: item.stat.exists and item.stat.size == 0
>
> with_items: "{{ file_details.results }}"
>
>  
>
> *From:* ansible...@googlegroups.com  *On 
> Behalf Of *lift...@gmail.com
> *Sent:* Wednesday, April 24, 2024 8:27 PM
> *To:* Ansible Project 
> *Subject:* [ansible-project] Getting hostnames from a fact
>
>  
>
> You don't often get email from lift...@gmail.com. Learn why this is 
> important 
>
>  
>
> *Caution:* This email originated from outside of the organisation. Do not 
> click links or open attachments unless you recognise the sender and know 
> the content is safe 
>
>  
>
> I have a playbook I'm developing where I'm trying to find any server that 
> has a 0 length /var/log/messages files.  When I find those, I want to 
> restart the rsyslog service on those.  So right now I'm setting this fact 
> as follows: 
>
>  
>
> ---
> - hosts: my_hosts
>   become: true
>   become_method: sudo
>   gather_facts: false
>
>   tasks:
>
>   - name: Determine if /var/log/messages is zero-length
> ansible.builtin.find:
>   paths: /var/log
>   patterns: messages
> register: messages_files
>
>   - name: Set fact for all servers that have zero-length /var/log/messages
> ansible.builtin.set_fact:
>   zero: "{{ messages_files.files | selectattr('size', '==', 0) }}"
>
>   - name: Print results
> ansible.builtin.debug:
>   msg: "{{ zero }}"
>
>  
>
> When the debug print happens, I get all servers printing out either the 
> file attributes, or an empty string:
>
>  
>
> ok: [server1] => {
> "msg": [
> {
> "atime": 1713683723.242925,
> "ctime": 1713683723.242925,
> "dev": 64777,
> "gid": 10,
> "gr_name": "wheel",
> "inode": 8212,
> "isblk": false,
> "ischr": false,
> "isdir": false,
> "isfifo": false,
> "isgid": false,
> "islnk": false,
> "isreg": true,
> "issock": false,
> "isuid": false,
> "mode": "0640",
> "mtime": 1713683723.242925,
> "nlink": 1,
> "path": "/var/log/messages",
> "pw_name": "root",
> "rgrp": true,
> "roth": false,
> "rusr": true,
> "size": 0,
> "uid": 0,
> "wgrp": false,
> "woth": false,
> "wusr": true,
> "xgrp": false,
> "xoth": false,
> "xusr": false
> }
> ]
> }
> ok: [server2] => {
> "msg": []
> }
>
>  
>
> So, 2 questions:
>
> 1) How can I NOT print what server2 is printing/showing?
>
> 2) Once I fix #1, how can I get just the hostnames of those servers where 
> the size of the file is 0, then start another play to restart rsyslog on 
> only those?
>
>  
>
> Thanks,
>
> Harry
>
> -- 
>
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/5617fb1f-3aa7-45a3-ba84-656b7b786c86n%40googlegroups.com
>  
> 
> .
>
> ---
>
> *Stuart Lowe* He/Him
> Zen Cloud Engineering - Team Leader
> *Zen Internet*
> www.zen.co.uk 
>
> Proud to be a certified B Corporation
>
> This message is private and confidential. If you have received this 
> message in error, please notify us and remove it from your system.
>
> Zen Internet Limited may monitor email traffic data to manage billing, to 
> handle customer enquiries, and for the prevention and detection of fraud. 
> We may also monitor the content of emails sent to and/or from Zen Internet 
> Limited for the purposes of security,

Re: [ansible-project] Unusal behaviour with set_fact and add_host

Testing if my email is still deleted without any code

On Tuesday, April 23, 2024 at 11:28:59 PM UTC+1 Todd Lewis wrote:

> All that said, I don't see why this one task wouldn't work for your 
> purposes:
>
> - name: Add hosts to groups
>   ansible.builtin.add_host:
> name: "{{ inventory_hostname }}"
> groups:
>   - nodes
>   - "{{ 'nodes_prim' if is_active | d(false) else 'nodes_stby' }}"
>
>
> On 4/23/24 5:40 PM, Todd Lewis wrote:
>
> Hard to say. The job log you show doesn't match the tasks in the playbook 
> you posted. They seem to be the same down to the "Debug is_leader value" 
> task, but after that the task names in the log don't match those in the 
> playbook.
>
> In the playbook you posted, task "Add standby host" an task "Add primary 
> host" both add the hosts to the same group. That may be a source of your 
> problem. But as we don't see the output for those tasks …, hmm.
> —
> Todd
>
> On 4/23/24 4:03 PM, 'deewon' via Ansible Project wrote:
>
> ansible version: 2:11.2 
> jinja version: 3.0.3
> python version: 3.6.8
>
> Hello all
>
> I have a peculiar problem with a relatively simple playbook I have 
> written. It basically checks 2 servers to determine which one has more than 
> 1 IP and uses that to set a simp;e fact called "is_leader" for each node. 
>
> This fact is then to be used  to build an in-memory inventory using module 
> add_host to iterate through the servers based on the value of that fact. 
> See below:
>
> - name: Get Server Recycling Order
>   hosts: "{{ my_servers | default ('localhost') }}"
>   become: yes
>   become_method: sudo
>   become_user: root
>
>   tasks:
>
> - name: Set Patching Sequence
>   tags: always
>   block:
>
>  - name: Get IP addresses of eth0 using nmcli command
>command: nmcli -g ip4.address conn show "System eth0"
>register: nmcli_output
>changed_when: false
>
>
>  - name: Get nmcli output
>debug:
>  var: nmcli_output
>
>
>  - name: Set is_leader variable based on number of IPs
>set_fact:
>  is_leader: "{{ (nmcli_output.stdout.split('|') | length) > 1 
> }}"
>
>
>  - name: Display if server is ACTIVE (1) or PASSIVE (0)
>debug:
>  var: is_leader
>
>
>  - name: Debug is_leader value
>debug:
>   msg: "is_leader value for {{ inventory_hostname }} is {{ 
> is_leader }}"
>
>
>  - name: Add standby host
>add_host:
>   name: "{{ inventory_hostname }}"
>   groups: nodes
>when: not is_leader 
>
>  - name: Add primary host
>add_host:
>   name: "{{ inventory_hostname }}"
>   groups: nodes
>when: is_leader
>
> #- name: Execute tasks on servers in a specified order
> #  hosts: nodes
> #  gather_facts: no
> #  serial: 1
> #  tasks:
> #- name: Run a command in a specified order
> #  command: echo "Running on {{ inventory_hostname }}"
> #  tags: always
>
> The problem is that when this runs, the  "is_leader" fact is  ignored for 
> when the condition is false and the standby node is  not added to the 
> inventory. The relevant extract from the execution is below:
>
>  TASK [Set is_leader variable based on number of IPs] 
> **
> Tuesday 23 April 2024  19:46:31 + (0:00:00.079)   0:00:16.815 
> *
> ok: [node-1] => {
> "ansible_facts": {
> "is_leader": true
> },
> "changed": false
> }
> ok: [node-2] => {
> "ansible_facts": {
> "is_leader": false
> },
> "changed": false
> }
>
> TASK [Display if server is ACTIVE (1) or PASSIVE (0)] 
> **
> Tuesday 23 April 2024  19:46:31 + (0:00:00.083)   0:00:16.898 
> *
> ok: [node-1] => {
> "is_leader": true
> }
> ok: [node-2] => {
> "is_leader": false
> }
>
> TASK [Debug is_leader value] 
> **
> Tuesday 23 April 2024  19:46:31 + (0:00:00.072)   0:00:16.971 
> *
> ok: [node-1] => {}
>
> MSG:
>
> is_leader value for node-1 is True
> ok: [node-2] => {}
>
> MSG:
>
> is_leader value for node-2 is False
>
> TASK [Re-confirm is_leader before adding to group] 
> 
> Tuesday 23 April 2024  19:46:31 + (0:00:00.074)   0:00:17.045 
> *
> skipping: [node-1] => {}
> ok: [node-2] => {}
>
> MSG:
>
> Preparing to add node-2 to stby group based on is_leader = False
>
> TASK [Add standby proxysql node] 
>

Re: [ansible-project] Ansible hangs on gathering facts

2024-04-25 Thread Dick Visser

I would terminate the host and spin up a fresh one.
This means your host will be in a known clean state again.

On Thu, 25 Apr 2024 at 12:45, Sven Feyerabend  wrote:
>
> Hi everyone,
>
> I have a host where Ansible used to run correctly.
> A while ago, all runs of Ansible on this host started to hang on Gathering 
> Facts.
> I've searched on the internet for a solution, and found some tips on how to 
> debug this.
> So I ran Ansible with ANSIBLE_KEEP_REMOTE_FILES=1 and used
> python3 AnsiballZ_setup.py explode
> to look into this further.
> Running the module with strace did not yield any useful results, so I used 
> the gather_subset option with !all,!min and enabled the collectors one by one.
> Using this method for all collectors in the min set, I found three collectors 
> which did not terminate: env, service_mgr, ssh_pub_keys
>
> I don't know how to proceed from here. My search on the internet suggests 
> stale network mounts as the main reason for such behavior, but we don't have 
> any on the affected host.
> I tried rebooting as well as upgrading all packages but the problem persists.
> Is there a way to debug this further?
> Simply turning the gathering of facts off is not an option, as we rely 
> heavily on host dependent facts in some of our roles.
>
> Thanks in advance!
> Regards,
> Sven
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/72a0a26d-efe6-4860-81a4-0be2e99d91dbn%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZYf80qehznbsk2YBESa8n6r7oJfER94VndsJseOisEOQ%40mail.gmail.com.

[ansible-project] Ansible hangs on gathering facts

2024-04-25 Thread Sven Feyerabend

Hi everyone,

I have a host where Ansible used to run correctly.
A while ago, all runs of Ansible on this host started to hang on Gathering 
Facts.
I've searched on the internet for a solution, and found some tips on how to 
debug this.
So I ran Ansible with ANSIBLE_KEEP_REMOTE_FILES=1 and used
python3 AnsiballZ_setup.py explode
to look into this further.
Running the module with strace did not yield any useful results, so I used 
the gather_subset option with !all,!min and enabled the collectors one by 
one.
Using this method for all collectors in the min set, I found three 
collectors which did not terminate: env, service_mgr, ssh_pub_keys

I don't know how to proceed from here. My search on the internet suggests 
stale network mounts as the main reason for such behavior, but we don't 
have any on the affected host.
I tried rebooting as well as upgrading all packages but the problem 
persists.
Is there a way to debug this further?
Simply turning the gathering of facts off is not an option, as we rely 
heavily on host dependent facts in some of our roles.

Thanks in advance!
Regards,
Sven

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/72a0a26d-efe6-4860-81a4-0be2e99d91dbn%40googlegroups.com.

Re: [ansible-project] how to run play for subgroup when children has same name

2024-04-25 Thread Sameer Modak

First of all thanks for solution. I tried this but how do we pass wildcard 
as group *kafka_qa* in when condition or in j2*

On Friday, April 19, 2024 at 8:37:51 PM UTC+5:30 Todd Lewis wrote:

> Oops. That second "children:" under "kafka:" shouldn't be there. 
> Otherwise, it's pretty close.
>
> On Friday, April 19, 2024 at 10:58:32 AM UTC-4 Todd Lewis wrote:
>
>> It appears you are trying to define two different "*broker*" groups: one 
>> as a child of the "*dev_kafka_cluster*" and another as a child of "
>> *qa_kafka_cluster*".
>>
>> That isn't how groups work. There is only one "*broker*" group. You have 
>> added hosts to the "*broker*" group in two places.
>>
>> (Also, "*App*" as a group name should be lower-case letters.)
>>
>> Let me suggest an alternative inventory/group arrangement that implements 
>> this naming scheme:
>>
>> *kafka[_{$env}[_{app,web,db}[_{zoo,broker,schema}]]] *In this scheme, 
>> there isn't a "*broker*" group. Instead there are groups named "
>> *kafka_dev_app_broker*" and "*kafka_qa_app_broker*" (and eventually a "
>> *kafka_prd**" set I imagine).
>>
>> I call this type of group naming scheme "fully articulated" — any group 
>> you care to specify is completely unambiguous. It's a set of strict 
>> hierarchies (in this case there's only one hierarchy: "*kafka*"), and 
>> hosts appear in a particular hierarchy exactly once. (If you find yourself 
>> trying to inject a host in two different places, you either need to rethink 
>> your hierarchy's structure, or maybe you need two hierarchies.)
>>
>> We have on occasion included an "*all*" environment (like "*dev*" and "
>> *qa*"). If you did that, there would be a corresponding "*kafka_all**" 
>> group for any "*kafka_dev**" or "*kafka_qa**" groups. Then you could 
>> target all the brokers with "*kafka_all_app_broker*" instead of "
>> *kafka_dev_app_broker**,**kafka_qa_app_broker*". You would have to 
>> decide if the benefit is worth the extra text you have to maintain in your 
>> inventory.
>>
>> Your inventory would look like this:
>>
>> kafka:
>>   children:
>> kafka_dev:
>>   children:
>> kafka_dev_app:
>>   children:
>> kafka_dev_app_zoo:
>>   hosts:
>> dev1-main-zookpr[01:05].dev
>> kafka_dev_app_broker:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_app_schema:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_web: […] # omitted for brevity,
>> kafka_dev_db: […]  # but you get the idea.
>>   children:
>> kafka_qa:
>>   children:
>> kafka_qa_app:
>>   children:
>> kafka_qa_app_zoo:
>>   hosts:
>> qa1-main-zookpr[01:03].qa
>> kafka_qa_app_broker:
>>   hosts:
>> qa1-main-kafka[01:06].qa
>> kafka_qa_app_schema:
>>   hosts:
>> qa1-main-kafka[04:06].qa
>> kafka_qa_web: […] # omitted for brevity,
>> kafka_qa_db: […]  # but you get the idea.
>>
>>
>> On 4/19/24 8:40 AM, Sameer Modak wrote:
>>
>> I have an inventory something like this , each main cluster has children 
>> like broker. 
>> Now how do i run any tasks against perticular group.broker. When we pass 
>> the group with --limit it does not work it runs on all broker.  Also  main 
>> playbook has hosts:all in it
>>
>> annsible/grafana-agent-play.yaml -i kafka_inventory.yaml --limit 
>> qa_kafka_cluster -u sam -k -b 
>>
>> dev_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> dev_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  dev1-main-zookpr[01:05].dev
>>
>>  broker:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>> uc:
>>
>>   children:
>>
>>
>> qa_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> qa_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  qa1-main-zookpr[01:03].qa
>>
>>  broker:
>>
>>hosts:
>>
>>  qa1-main-kafka[01:06].qa
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  qa1-main-kafka[04:06].qa
>>
>>
>>
>> 
>>
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com.
>> To view this discussion on the web visit 
>>

Re: [ansible-project] how to run play for subgroup when children has same name

2024-04-25 Thread Sameer Modak

Hello Team,

is there any way to pass wildcard group in ansible when condition or in j2??

because if try with  *kafka_qa_*_b as a group in j2 because i want to use 
this in j2.*


*if kafka_qa  or any group has zookeeper host then add zookeeper lines else 
add broker lines.*
*it should be common across. *


On Friday, April 19, 2024 at 8:37:51 PM UTC+5:30 Todd Lewis wrote:

> Oops. That second "children:" under "kafka:" shouldn't be there. 
> Otherwise, it's pretty close.
>
> On Friday, April 19, 2024 at 10:58:32 AM UTC-4 Todd Lewis wrote:
>
>> It appears you are trying to define two different "*broker*" groups: one 
>> as a child of the "*dev_kafka_cluster*" and another as a child of "
>> *qa_kafka_cluster*".
>>
>> That isn't how groups work. There is only one "*broker*" group. You have 
>> added hosts to the "*broker*" group in two places.
>>
>> (Also, "*App*" as a group name should be lower-case letters.)
>>
>> Let me suggest an alternative inventory/group arrangement that implements 
>> this naming scheme:
>>
>> *kafka[_{$env}[_{app,web,db}[_{zoo,broker,schema}]]] *In this scheme, 
>> there isn't a "*broker*" group. Instead there are groups named "
>> *kafka_dev_app_broker*" and "*kafka_qa_app_broker*" (and eventually a "
>> *kafka_prd**" set I imagine).
>>
>> I call this type of group naming scheme "fully articulated" — any group 
>> you care to specify is completely unambiguous. It's a set of strict 
>> hierarchies (in this case there's only one hierarchy: "*kafka*"), and 
>> hosts appear in a particular hierarchy exactly once. (If you find yourself 
>> trying to inject a host in two different places, you either need to rethink 
>> your hierarchy's structure, or maybe you need two hierarchies.)
>>
>> We have on occasion included an "*all*" environment (like "*dev*" and "
>> *qa*"). If you did that, there would be a corresponding "*kafka_all**" 
>> group for any "*kafka_dev**" or "*kafka_qa**" groups. Then you could 
>> target all the brokers with "*kafka_all_app_broker*" instead of "
>> *kafka_dev_app_broker**,**kafka_qa_app_broker*". You would have to 
>> decide if the benefit is worth the extra text you have to maintain in your 
>> inventory.
>>
>> Your inventory would look like this:
>>
>> kafka:
>>   children:
>> kafka_dev:
>>   children:
>> kafka_dev_app:
>>   children:
>> kafka_dev_app_zoo:
>>   hosts:
>> dev1-main-zookpr[01:05].dev
>> kafka_dev_app_broker:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_app_schema:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_web: […] # omitted for brevity,
>> kafka_dev_db: […]  # but you get the idea.
>>   children:
>> kafka_qa:
>>   children:
>> kafka_qa_app:
>>   children:
>> kafka_qa_app_zoo:
>>   hosts:
>> qa1-main-zookpr[01:03].qa
>> kafka_qa_app_broker:
>>   hosts:
>> qa1-main-kafka[01:06].qa
>> kafka_qa_app_schema:
>>   hosts:
>> qa1-main-kafka[04:06].qa
>> kafka_qa_web: […] # omitted for brevity,
>> kafka_qa_db: […]  # but you get the idea.
>>
>>
>> On 4/19/24 8:40 AM, Sameer Modak wrote:
>>
>> I have an inventory something like this , each main cluster has children 
>> like broker. 
>> Now how do i run any tasks against perticular group.broker. When we pass 
>> the group with --limit it does not work it runs on all broker.  Also  main 
>> playbook has hosts:all in it
>>
>> annsible/grafana-agent-play.yaml -i kafka_inventory.yaml --limit 
>> qa_kafka_cluster -u sam -k -b 
>>
>> dev_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> dev_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  dev1-main-zookpr[01:05].dev
>>
>>  broker:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>> uc:
>>
>>   children:
>>
>>
>> qa_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> qa_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  qa1-main-zookpr[01:03].qa
>>
>>  broker:
>>
>>hosts:
>>
>>  qa1-main-kafka[01:06].qa
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  qa1-main-kafka[04:06].qa
>>
>>
>>
>> 
>>
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop

Re: [ansible-project] Unusal behaviour with set_fact and add_host

Hi Todd. I believe I responded to you but it seems my response was deleted. 
I can post the full playbook and output if required. A lot of those debug 
steps were just to understand why the condition was being ignored when 
"is_leader" is set to false

I'll incorporate the suggestion above to reduce the number of tasks 
required to do this. The goal was simply to add the tasks into an in-memory 
group and carry out some serial action in the order in which they were 
added. 

Thanks

On Tuesday, April 23, 2024 at 11:28:59 PM UTC+1 Todd Lewis wrote:

All that said, I don't see why this one task wouldn't work for your 
purposes:
- name: Add hosts to groups ansible.builtin.add_host: name: "{{ 
inventory_hostname }}" groups: - nodes - "{{ 'nodes_prim' if is_active | 
d(false) else 'nodes_stby' }}" 

On 4/23/24 5:40 PM, Todd Lewis wrote:

Hard to say. The job log you show doesn't match the tasks in the playbook 
you posted. They seem to be the same down to the "Debug is_leader value" 
task, but after that the task names in the log don't match those in the 
playbook.

In the playbook you posted, task "Add standby host" an task "Add primary 
host" both add the hosts to the same group. That may be a source of your 
problem. But as we don't see the output for those tasks …, hmm.
—
Todd

On 4/23/24 4:03 PM, 'deewon' via Ansible Project wrote:

ansible version: 2:11.2 
jinja version: 3.0.3
python version: 3.6.8

Hello all

I have a peculiar problem with a relatively simple playbook I have written. 
It basically checks 2 servers to determine which one has more than 1 IP and 
uses that to set a simp;e fact called "is_leader" for each node. 

This fact is then to be used  to build an in-memory inventory using module 
add_host to iterate through the servers based on the value of that fact. 
See below:

- name: Get Server Recycling Order
  hosts: "{{ my_servers | default ('localhost') }}"
  become: yes
  become_method: sudo
  become_user: root

  tasks:

- name: Set Patching Sequence
  tags: always
  block:

 - name: Get IP addresses of eth0 using nmcli command
   command: nmcli -g ip4.address conn show "System eth0"
   register: nmcli_output
   changed_when: false


 - name: Get nmcli output
   debug:
 var: nmcli_output


 - name: Set is_leader variable based on number of IPs
   set_fact:
 is_leader: "{{ (nmcli_output.stdout.split('|') | length) > 1 
}}"


 - name: Display if server is ACTIVE (1) or PASSIVE (0)
   debug:
 var: is_leader


 - name: Debug is_leader value
   debug:
  msg: "is_leader value for {{ inventory_hostname }} is {{ 
is_leader }}"


 - name: Add standby host
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes
   when: not is_leader 

 - name: Add primary host
   add_host:
  name: "{{ inventory_hostname }}"
  groups: nodes
   when: is_leader

#- name: Execute tasks on servers in a specified order
#  hosts: nodes
#  gather_facts: no
#  serial: 1
#  tasks:
#- name: Run a command in a specified order
#  command: echo "Running on {{ inventory_hostname }}"
#  tags: always

The problem is that when this runs, the  "is_leader" fact is  ignored for 
when the condition is false and the standby node is  not added to the 
inventory. The relevant extract from the execution is below:

 TASK [Set is_leader variable based on number of IPs] 
**
Tuesday 23 April 2024  19:46:31 + (0:00:00.079)   0:00:16.815 
*
ok: [node-1] => {
"ansible_facts": {
"is_leader": true
},
"changed": false
}
ok: [node-2] => {
"ansible_facts": {
"is_leader": false
},
"changed": false
}

TASK [Display if server is ACTIVE (1) or PASSIVE (0)] 
**
Tuesday 23 April 2024  19:46:31 + (0:00:00.083)   0:00:16.898 
*
ok: [node-1] => {
"is_leader": true
}
ok: [node-2] => {
"is_leader": false
}

TASK [Debug is_leader value] 
**
Tuesday 23 April 2024  19:46:31 + (0:00:00.072)   0:00:16.971 
*
ok: [node-1] => {}

MSG:

is_leader value for node-1 is True
ok: [node-2] => {}

MSG:

is_leader value for node-2 is False

TASK [Re-confirm is_leader before adding to group] 

Tuesday 23 April 2024  19:46:31 + (0:00:00.074)   0:00:17.045 
*
skipping: [node-1] => {}
ok: [node-2] => {}

Re: [ansible-project] how to run play for subgroup when children has same name

2024-04-25 Thread Sameer Modak

That was useful. But  i still  did not quite get how do we pass *kafka_dev* 
in j2 or during runtime like we dont know before hand what group we will be 
running against.*

*so in when condition can we pass something like this when group is *
*kafka_dev**

On Friday, April 19, 2024 at 8:37:51 PM UTC+5:30 Todd Lewis wrote:

> Oops. That second "children:" under "kafka:" shouldn't be there. 
> Otherwise, it's pretty close.
>
> On Friday, April 19, 2024 at 10:58:32 AM UTC-4 Todd Lewis wrote:
>
>> It appears you are trying to define two different "*broker*" groups: one 
>> as a child of the "*dev_kafka_cluster*" and another as a child of "
>> *qa_kafka_cluster*".
>>
>> That isn't how groups work. There is only one "*broker*" group. You have 
>> added hosts to the "*broker*" group in two places.
>>
>> (Also, "*App*" as a group name should be lower-case letters.)
>>
>> Let me suggest an alternative inventory/group arrangement that implements 
>> this naming scheme:
>>
>> *kafka[_{$env}[_{app,web,db}[_{zoo,broker,schema}]]] *In this scheme, 
>> there isn't a "*broker*" group. Instead there are groups named "
>> *kafka_dev_app_broker*" and "*kafka_qa_app_broker*" (and eventually a "
>> *kafka_prd**" set I imagine).
>>
>> I call this type of group naming scheme "fully articulated" — any group 
>> you care to specify is completely unambiguous. It's a set of strict 
>> hierarchies (in this case there's only one hierarchy: "*kafka*"), and 
>> hosts appear in a particular hierarchy exactly once. (If you find yourself 
>> trying to inject a host in two different places, you either need to rethink 
>> your hierarchy's structure, or maybe you need two hierarchies.)
>>
>> We have on occasion included an "*all*" environment (like "*dev*" and "
>> *qa*"). If you did that, there would be a corresponding "*kafka_all**" 
>> group for any "*kafka_dev**" or "*kafka_qa**" groups. Then you could 
>> target all the brokers with "*kafka_all_app_broker*" instead of "
>> *kafka_dev_app_broker**,**kafka_qa_app_broker*". You would have to 
>> decide if the benefit is worth the extra text you have to maintain in your 
>> inventory.
>>
>> Your inventory would look like this:
>>
>> kafka:
>>   children:
>> kafka_dev:
>>   children:
>> kafka_dev_app:
>>   children:
>> kafka_dev_app_zoo:
>>   hosts:
>> dev1-main-zookpr[01:05].dev
>> kafka_dev_app_broker:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_app_schema:
>>   hosts:
>> dev1-main-kafka[01:06].dev
>> kafka_dev_web: […] # omitted for brevity,
>> kafka_dev_db: […]  # but you get the idea.
>>   children:
>> kafka_qa:
>>   children:
>> kafka_qa_app:
>>   children:
>> kafka_qa_app_zoo:
>>   hosts:
>> qa1-main-zookpr[01:03].qa
>> kafka_qa_app_broker:
>>   hosts:
>> qa1-main-kafka[01:06].qa
>> kafka_qa_app_schema:
>>   hosts:
>> qa1-main-kafka[04:06].qa
>> kafka_qa_web: […] # omitted for brevity,
>> kafka_qa_db: […]  # but you get the idea.
>>
>>
>> On 4/19/24 8:40 AM, Sameer Modak wrote:
>>
>> I have an inventory something like this , each main cluster has children 
>> like broker. 
>> Now how do i run any tasks against perticular group.broker. When we pass 
>> the group with --limit it does not work it runs on all broker.  Also  main 
>> playbook has hosts:all in it
>>
>> annsible/grafana-agent-play.yaml -i kafka_inventory.yaml --limit 
>> qa_kafka_cluster -u sam -k -b 
>>
>> dev_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> dev_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  dev1-main-zookpr[01:05].dev
>>
>>  broker:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  dev1-main-kafka[01:06].dev
>>
>> uc:
>>
>>   children:
>>
>>
>> qa_kafka:
>>
>>   children:
>>
>> App:
>>
>>   children:
>>
>> qa_kafka_cluster:
>>
>>children:
>>
>>  zookeeper:
>>
>>hosts: 
>>
>>  qa1-main-zookpr[01:03].qa
>>
>>  broker:
>>
>>hosts:
>>
>>  qa1-main-kafka[01:06].qa
>>
>>  schema_registry:
>>
>>hosts:
>>
>>  qa1-main-kafka[04:06].qa
>>
>>
>>
>> 
>>
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to

Re: [ansible-project] Unusal behaviour with set_fact and add_host