[ansible-project] Attach/Remove IAM role
Is there a way to attach or remove an IAM role from an existing EC2 instance at present? If not, would there be interest in having this role? I'd be willing to make it if so. Thanks for any insights. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3db04d21-f10c-4531-ae55-d05101609b32%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] mysql_users SHOW VIEW permission not granted.
I am struggling to set the SHOW VIEW permission for a user on a DATABASE. I have tried with the following syntax, to no avail: mysql_user: name: "{{ } }" password: "{{ } }" priv: ".*:SELECT,SHOW VIEW" host: "{{ }}" I am not sure what else to try! Thanks in advance for any help. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/85df6296-f359-4758-9312-f19f54b39f6f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Prevent outdated roles/plays from running
So now that we have a small team working on Ansible at our company, situations have arisen on multiple occasions where a change gets merged to master, run on all the servers, and then someone has a not-up-to-date branch locally and runs the outdated role/play on a some server, overwriting the changes pushed to master. As someone who has never worked in a multi-person Ansible operation, I am interested to know what sort of work flow is used to prevent this situation? Of course we could spin up test servers for every little change we need to make on every feature branch, and never run anything on a server in use by our team, but that is not a particularly efficient, and seems very tedious. We have also used Jenkins/tower to run certain important jobs at regular intervals to enforce master, but those can only be run so frequently. Thanks in advance for any help! Here is an example sequence of the situation: 1. haproxy basic auth password is setup for a server, and the password is stored in ansible. 2. a change to that password is pushed to master, and run on the haproxy server. 3. a developer working locally spins up a test server, and needs to add an entry to the haproxy server to be publicly adressable. This simultaneously overwrites the new password with the old password. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3b08f34b-60f7-452b-93bb-07a8c9425adf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Dynamic Inventory to private VPC instances
I asked this a while back and I did not find a good solution back then... Hopefully something has changed! I am running Ansible outside of multiple VPCs, and have a set of configs in my ~/.ssh/config that get picked up when using a static inventory file. Is there a way to utilize that config when using a dynamic inventory file, or specify proxy commands elsewhere, to enable connections though a bastion to each of those VPC's? Thanks for any help! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2080e635-bb70-4a0b-b442-302e59034a9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Cannot generate diff with shell module
I stripped it down to the most basic diff command and made your suggested change, but nothing! I am using ansible version 2.1.2.0 for what it's worth to anyone. It actually generated the diff on the remote, so I am just going to turn on ignore_errors for now :/ Thanks for the help. On Wednesday, November 30, 2016 at 3:23:52 PM UTC-8, burn...@umn.edu wrote: > > Hello - > > I solved a similar problem before by following a suggestion on the shell > module <http://docs.ansible.com/ansible/shell_module.html> page. > > To sanitize any variables passed to the shell module, you should use “{{ >> var | quote }}” instead of just “{{ var }}” to make sure they don’t include >> evil things like semicolons. > > > Based on the _raw_params in the verbose output, your variables do contain > hyphens, colons, etc. Ansible might be interpreting these as something you > don't want. > > Maybe. Give it a shot. :) > > On Wednesday, November 30, 2016 at 5:08:35 PM UTC-6, colin byrne wrote: >> >> I am trying to use the shell module to generate a diff between two remote >> files, but it is erring out without giving me a warning or error: >> >> - name: create diff of old settings file and new settings file >> shell: diff /home/deploy/{{ application_name >> }}/shared/config/settings.yml /home/deploy/{{ application_name >> }}/shared/config/settings.yml.ansible_old_version >> /home/deploy/{{ >> application_name }}/shared/config/settings.yml_diffs_1 >> when: settings_file.changed >> >> >> It executes totally fine when run directly in a shell on the remote >> machine... >> >> Here is the verbose error output, which doesn't seem to give much of use: >> >> Thanks for any help or workaround! I've spent too much time on this... >> >> fatal: [staging]: FAILED! => {"changed": true, "cmd": "diff >> /home/deploy/app_name/shared/config/settings.yml >> /home/deploy/app_name/shared/config/settings.yml.ansible_old_version >> > >> /home/deploy/coverhound/shared/config/settings.yml_diffs/settings.yml_2016-11-30_14:45:54", >> >> "delta": "0:00:00.002778", "end": "2016-11-30 14:45:57.198400", "failed": >> true, "invocation": {"module_args": {"_raw_params": "diff >> /home/deploy/coverhound/shared/config/settings.yml >> /home/deploy/app_name/shared/config/settings.yml.ansible_old_version > >> /home/deploy/app_name/shared/config/settings.yml_diffs/settings.yml_2016-11-30_14:45:54", >> >> "_uses_shell": true, "chdir": null, "creates": null, "executable": >> "/bin/bash", "removes": null, "warn": true}, "module_name": "command"}, >> "rc": 1, "start": "2016-11-30 14:45:57.195622", "stderr": "", "stdout": "", >> "stdout_lines": [], "warnings": []} >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/509d2eb7-7e80-4737-a26b-d08aa094f851%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Cannot generate diff with shell module
I am trying to use the shell module to generate a diff between two remote files, but it is erring out without giving me a warning or error: - name: create diff of old settings file and new settings file shell: diff /home/deploy/{{ application_name }}/shared/config/settings.yml /home/deploy/{{ application_name }}/shared/config/settings.yml.ansible_old_version >> /home/deploy/{{ application_name }}/shared/config/settings.yml_diffs_1 when: settings_file.changed It executes totally fine when run directly in a shell on the remote machine... Here is the verbose error output, which doesn't seem to give much of use: Thanks for any help or workaround! I've spent too much time on this... fatal: [staging]: FAILED! => {"changed": true, "cmd": "diff /home/deploy/app_name/shared/config/settings.yml /home/deploy/app_name/shared/config/settings.yml.ansible_old_version > /home/deploy/coverhound/shared/config/settings.yml_diffs/settings.yml_2016-11-30_14:45:54", "delta": "0:00:00.002778", "end": "2016-11-30 14:45:57.198400", "failed": true, "invocation": {"module_args": {"_raw_params": "diff /home/deploy/coverhound/shared/config/settings.yml /home/deploy/app_name/shared/config/settings.yml.ansible_old_version > /home/deploy/app_name/shared/config/settings.yml_diffs/settings.yml_2016-11-30_14:45:54", "_uses_shell": true, "chdir": null, "creates": null, "executable": "/bin/bash", "removes": null, "warn": true}, "module_name": "command"}, "rc": 1, "start": "2016-11-30 14:45:57.195622", "stderr": "", "stdout": "", "stdout_lines": [], "warnings": []} -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/018e7071-2246-445f-be20-19361442f291%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] ec2_vpc module not idempotent
this module does not seem to be idempotent. Here is the documentation: http://docs.ansible.com/ansible/ec2_vpc_module.html, which seems to indicate that VPC's will NOT be created if a VPC already exists with equivalent resource_tags and cidr_block values. Unfortunately, as many times as I run this role, it will create a new VPC. Here is my usage: - name: create vpcs ec2_vpc: state: '{{ item.state }}' region: '{{ item.region }}' vpc_id: '{{ item.vpc_id }}' cidr_block: '{{ item.cidr_block }}' resource_tags: { "Name": "{{item.name}}" } subnets: '{{ item.subnets }}' internet_gateway: '{{ item.internet_gateway }}' route_tables: - subnets: '{{ item.route_tables.private_subnets.subnets }}' routes: - dest: '{{ item.route_tables.private_subnets.routes.dest }}' gw: '{{ item.route_tables.private_subnets.routes.gw }}' - subnets: '{{ item.route_tables.public_subnets.subnets }}' routes: - dest: '{{ item.route_tables.public_subnets.routes.dest }}' gw: '{{ item.route_tables.private_subnets.routes.gw }}' with_items: vpcs register: vpc Thanks for any help/guidance. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/22c55a76-099c-45a6-9faf-3556b647ea4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Use ec2_remote_facts in another playbook
So the ec2_remote_facts has been great at getting the facts, but because it has to run against localhost, I have to run it as a separate play and can't use the registered information in a play run against other hosts. How can I transfer that registered variable to the new play/different hosts? The module seems fairly useless if you can't access that information anywhere other than localhost... But I suspect I have overlooked a way to do this. --- - name: find running instances hosts: localhost gather_facts: no tasks: - ec2_remote_facts: region: "{{ environment_settings['production'].region }}" filters: "tag:Environment": production register: production_server_facts - debug: var=production_server_facts - name: configure bastion servers hosts: production_bastion_servers become: yes become_method: sudo roles: - hostname - common - ufw #- sudoers - users_and_groups - hosts_file - ssh Thanks for any help, it is greatly appreciated! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/474c5533-a368-44b8-9b89-ca0b91930593%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: get ec2 instance id after ec2 creation
I just confirmed that having only a private ip is NOT the reason for the failure here. I haven't yet tested wether being under a vpc subnet is the reason, which I would doubt... On Thursday, February 18, 2016 at 4:05:24 PM UTC-8, Colin Byrne wrote: > > Hey, so I feel like I am following all the tutorials but I can't seem > to get the instance id after I create and instance with the ec2 module, to > use for other modules, like the ec2_vol module, which depends on the ec2 > instance id to attach it to the correct instance. I am not sure if I am > missing some underlying concept, or missing a variable or missing something > else. Here are my ec2 and ec2_vol modules: > > --- > - name: Launch instances based on server list > ec2: > key_name: "{{ environment_settings[item.0.environment].key_name }}" > group_id: "{{ > environment_settings[item.0.environment].security_groups[item.1.type] }}" > instance_type: "{{ > environment_settings[item.0.environment].instance_type[item.1.type] }}" > image: "{{ environment_settings[item.0.environment].image }}" > termination_protection: "{{ > environment_settings[item.0.environment].termination_protection }}" > wait: true > region: "{{ environment_settings[item.0.environment].region }}" > instance_tags: > Type: "{{ item.0.environment }}" > Name: "{{ item.1.name }}" > exact_count: 1 > count_tag: > Name: "{{ item.1.name }}" > vpc_subnet_id: "{{ environment_settings[item.0.environment].subnet_id > }}" > assign_public_ip: "{{ > environment_settings[item.0.environment].assign_public_ip[item.1.type] }}" > private_ip: "{{ item.1.private_ip }}" > register: ec2 > with_subelements: > - server_environments > - servers > > - name: Attach volumes to created instances > ec2_vol: > instance: "{{ item.id }}" > device_name: /dev/xvdb > volume_size: 200 > volume_type: gp2 > iops: 600 > with_items: ec2.instances > register: ec2_vol > > The output I get from the second task is : > > [DEPRECATION WARNING]: Skipping task due to undefined attribute, in the > future this will be a fatal error.. This feature will be removed in a > future release. Deprecation warnings can > > be disabled by setting deprecation_warnings=False in ansible.cfg. > > I know this error is thrown by the 'ec2.instances' not being properly > defined. I am using ansible 2.1.0. > > As a secondary issue, is there a way to define a variable for reuse so I > can clean up my super-messy traversing of the nested dictionary? > > Thanks for any help, C > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4a1d52cc-2aeb-47c6-a370-0afc0b816873%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: get ec2 instance id after ec2 creation
uot;default" }, "hypervisor": "xen", "id": "i-11eeg8a3", "image_id": "ami-06116566", "instance_type": "t2.medium", "kernel": null, "key_name": "ansible_provisioning", "launch_time": "2016-02-03T22:47:37.000Z", "placement": "us-west-1a", "private_dns_name": "ip-10-101-1-33.us-west-1.compute.internal", "private_ip": "10.101.1.33", "public_dns_name": "", "public_ip": null, "ramdisk": null, "region": "us-west-1", "root_device_name": "/dev/sda1", "root_device_type": "ebs", "state": "running", "state_code": 16, "tags": { "Name": "s-colin", "Type": "integ" }, "tenancy": "default", "virtualization_type": "hvm" } ] } ] } } On Friday, February 19, 2016 at 1:04:41 AM UTC-8, Alexey Vazhnov wrote: > > It is strange, look like all must to work. I don't understand why you > received "undefined attribute". > Try to add after first task: > > - debug: var=ec2 > > On Friday, February 19, 2016 at 5:05:24 AM UTC+5, Colin Byrne wrote: >> >> Hey, so I feel like I am following all the tutorials but I can't seem >> to get the instance id after I create and instance with the ec2 module, to >> use for other modules, like the ec2_vol module, which depends on the ec2 >> instance id to attach it to the correct instance. I am not sure if I am >> missing some underlying concept, or missing a variable or missing something >> else. Here are my ec2 and ec2_vol modules: >> >> --- >> - name: Launch instances based on server list >> ec2: >> key_name: "{{ environment_settings[item.0.environment].key_name }}" >> group_id: "{{ >> environment_settings[item.0.environment].security_groups[item.1.type] }}" >> instance_type: "{{ >> environment_settings[item.0.environment].instance_type[item.1.type] }}" >> image: "{{ environment_settings[item.0.environment].image }}" >> termination_protection: "{{ >> environment_settings[item.0.environment].termination_protection }}" >> wait: true >> region: "{{ environment_settings[item.0.environment].region }}" >> instance_tags: >> Type: "{{ item.0.environment }}" >> Name: "{{ item.1.name }}" >> exact_count: 1 >> count_tag: >> Name: "{{ item.1.name }}" >> vpc_subnet_id: "{{ environment_settings[item.0.environment].subnet_id >> }}" >> assign_public_ip: "{{ >> environment_settings[item.0.environment].assign_public_ip[item.1.type] }}" >> private_ip: "{{ item.1.private_ip }}" >> register: ec2 >> with_subelements: >> - server_environments >> - servers >> >> - name: Attach volumes to created instances >> ec2_vol: >> instance: "{{ item.id }}" >> device_name: /dev/xvdb >> volume_size: 200 >> volume_type: gp2 >> iops: 600 >> with_items: ec2.instances >> register: ec2_vol >> >> The output I get from the second task is : >> >> [DEPRECATION WARNING]: Skipping task due to undefined attribute, in the >> future this will be a fatal error.. This feature will be removed in a >> future release. Deprecation warnings can >> >> be disabled by setting deprecation_warnings=False in ansible.cfg. >> >> I know this error is thrown by the 'ec2.instances' not being properly >> defined. I am using ansible 2.1.0. >> >> As a secondary issue, is there a way to define a variable for reuse so I >> can clean up my super-messy traversing of the nested dictionary? >> >> Thanks for any help, C >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4ef15365-33b0-4799-bd4f-69e1536e54c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] get ec2 instance id after ec2 creation
Hey, so I feel like I am following all the tutorials but I can't seem to get the instance id after I create and instance with the ec2 module, to use for other modules, like the ec2_vol module, which depends on the ec2 instance id to attach it to the correct instance. I am not sure if I am missing some underlying concept, or missing a variable or missing something else. Here are my ec2 and ec2_vol modules: --- - name: Launch instances based on server list ec2: key_name: "{{ environment_settings[item.0.environment].key_name }}" group_id: "{{ environment_settings[item.0.environment].security_groups[item.1.type] }}" instance_type: "{{ environment_settings[item.0.environment].instance_type[item.1.type] }}" image: "{{ environment_settings[item.0.environment].image }}" termination_protection: "{{ environment_settings[item.0.environment].termination_protection }}" wait: true region: "{{ environment_settings[item.0.environment].region }}" instance_tags: Type: "{{ item.0.environment }}" Name: "{{ item.1.name }}" exact_count: 1 count_tag: Name: "{{ item.1.name }}" vpc_subnet_id: "{{ environment_settings[item.0.environment].subnet_id }}" assign_public_ip: "{{ environment_settings[item.0.environment].assign_public_ip[item.1.type] }}" private_ip: "{{ item.1.private_ip }}" register: ec2 with_subelements: - server_environments - servers - name: Attach volumes to created instances ec2_vol: instance: "{{ item.id }}" device_name: /dev/xvdb volume_size: 200 volume_type: gp2 iops: 600 with_items: ec2.instances register: ec2_vol The output I get from the second task is : [DEPRECATION WARNING]: Skipping task due to undefined attribute, in the future this will be a fatal error.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. I know this error is thrown by the 'ec2.instances' not being properly defined. I am using ansible 2.1.0. As a secondary issue, is there a way to define a variable for reuse so I can clean up my super-messy traversing of the nested dictionary? Thanks for any help, C -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2d7f0718-4e8a-4c62-a81c-28d8bde5421c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Evaluate variable immediately, save for later
Thanks! For some reason I was stuck on using exclusively handlers or registered variables. Using them in combination is definitely the way to go. -C On Monday, February 1, 2016 at 7:04:25 PM UTC-8, Colin Byrne wrote: > > Hey, so I have the following sequence where I first register a variable, > then want to evaluate stats from it later but I want the stats from when > the variable was first created. What is the best way to do this? > > I could see registering a second variable immedeatly that evaulates > properties of the variable that was just registered, but it doesn't seem > too 'clean' of a method. > > What I am trying to do here is register a variable about a directory path, > and only 'mysql_install_db' if that directory doesn't exist. However, I > have to create that directory at some point, so by the time I run > 'mysql_install_db' that 'p.stat.isdir' will evaluate to true every time, > even if it didn't exist a second ago. So I somehow need to define and cache > a variable one step ahead. > > > - stat: path=/mnt/mysql > register: p > > > - name: Create /mnt/mysql directory for database > file: > path: /mnt/mysql > state: directory > mode: 0750 > owner: mysql > group: mysql > > > - name: Install mysql database in atypical datadir > > command: mysql_install_db --user=mysql --datadir=/mnt/mysql > when: p.stat.isdir is defined and p.stat.isdir == False > > Thanks for any help. It is greatly appriciated! > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/25a2730e-3f55-4218-b47c-5f153b9ad640%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Evaluate variable immediately, save for later
Hey, so I have the following sequence where I first register a variable, then want to evaluate stats from it later but I want the stats from when the variable was first created. What is the best way to do this? I could see registering a second variable immedeatly that evaulates properties of the variable that was just registered, but it doesn't seem too 'clean' of a method. What I am trying to do here is register a variable about a directory path, and only 'mysql_install_db' if that directory doesn't exist. However, I have to create that directory at some point, so by the time I run 'mysql_install_db' that 'p.stat.isdir' will evaluate to true every time, even if it didn't exist a second ago. So I somehow need to define and cache a variable one step ahead. - stat: path=/mnt/mysql register: p - name: Create /mnt/mysql directory for database file: path: /mnt/mysql state: directory mode: 0750 owner: mysql group: mysql - name: Install mysql database in atypical datadir command: mysql_install_db --user=mysql --datadir=/mnt/mysql when: p.stat.isdir is defined and p.stat.isdir == False Thanks for any help. It is greatly appriciated! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/51f9f6d4-bf57-471b-bfdc-c414bcfa310e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] gather tag name about instance
Hey, So I want to access the tag name I set at initial ec2 creation to use it as my hostname throughout the server. To set the tag_name, I use a dictionary / sub_list as such: server_group_settings: integ: security_groups: ['sg-81398ee4', 'sg-a6398ec3'] image: ami-06116566 instance_type: t2.medium #needs to match the base image size region: us-west-1 key_name: ansible_provisioning termination_protection: yes subnet_id: subnet-819f7cd8 server_groups: - type: integ servers: - { name: integ-bob, private_ip: 10.101.1.182 } - { name: staging-steve, private_ip: 10.101.1.30 } - { name: staging-mike, private_ip: 10.101.1.31 } prod: - { name: staging-joey, private_ip: 10.101.1.34 } Once the server has been created, I want to be able to access the tag_name by gathering facts about the remote sever and pulling down the tag name. Unfortunately, I cannot connect with the hosts through a dynamic inventory, due to them being with a VPC. They do show up in the ec2.py --list, so if I were able to somehow register the results of 'ec2.py --list' as a variable, I would be able to find the tag_name by using the ip, which I can get through ec2_facts (or a couple other modules, I believe). Unfortunately with the way I nest the server_groups dictionary (which is the only way i could get nesting so deep to work), the server name is not nested below the private ip. What is the best way to do this? should I keep a second list (very redundant) with the server name nested below? Here is my ec2 playbook: --- - name: Launch instances based on server list ec2: key_name: "{{ server_group_settings[item.0.type].key_name }}" group_id: "{{ server_group_settings[item.0.type].security_groups }}" instance_type: "{{ server_group_settings[item.0.type].instance_type }}" image: "{{ server_group_settings[item.0.type].image }}" termination_protection: "{{ server_group_settings[item.0.type].termination_protection }}" wait: true region: "{{ server_group_settings[item.0.type].region }}" instance_tags: Type: "{{ item.0.type}}" Name: "{{ item.1.name }}" exact_count: 1 ## !! CAREFUL. Increasing this will likely create duplicates of all instances. count_tag: Name: "{{ item.1.name }}" vpc_subnet_id: "{{ server_group_settings[item.0.type].subnet_id}}" assign_public_ip: no private_ip: "{{ item.1.private_ip }}" register: ec2 with_subelements: - server_groups - servers Sincere thanks for any help. It is greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e6df78b1-558e-4647-820c-c43febf96108%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] AWS VPC inventory no public
Hey Mitch, that would be greatly appreciated! I was thinking one of the anisble pro's would just be able to make it an option on the present ec2.ini script but I would definitely love to give yours a try. I will try to help out with any functionality... Thanks a bunch, Colin On Tuesday, January 12, 2016 at 12:59:40 PM UTC-8, Mitch Anderson wrote: > > That was the reason I wrote my one AWS inventory script. Its far from > complete on some of the things I would like, but I've been using it for a > few months now. > > I'd be willing to share the script and minor configs required if you'd > like. > > -MItch > > On Tue, Jan 12, 2016 at 12:37 PM, Colin Byrne <coby...@gmail.com > > wrote: > >> Hey, >> >> So I would love to get the aws ec2 inventory working, but I cant seem to >> find a way to connect to my instances within a VPC subnet. >> >> I changed the ec2.ini configuration to: >> >> destination_variable = private_dns_name >> >> so that now the command 'ec2.py --list' now finds the instances, but I >> still cant figure out a way to route the ansible ssh requests through my >> aliases/gateway configuration. If I just keep my aliases in my >> ~/.ssh/config and my hosts in the static ansible hosts file, it of course >> finds them ok. The servers' names are the same as their alias in my ssh >> config and in the gateway forwarding, so if I could somehow modify the >> ec2.py script to use their 'Name' tag instead of their private ip, I think >> it would work. >> >> Assuming there is no easy way to do this, does anyone know which script / >> function or line in the ec2.py I should modify to try to make it work? >> >> Thanks for any help! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-proje...@googlegroups.com . >> To post to this group, send email to ansible...@googlegroups.com >> . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/7cf307fa-4a91-4279-a63f-159a164eaa01%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/7cf307fa-4a91-4279-a63f-159a164eaa01%40googlegroups.com?utm_medium=email_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c2a33791-c8f2-4658-9368-1094e978c952%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] concatenate variables and strings in file lookup
Ha, awesome. Thanks a lot Brian, you are the man... On Thursday, January 7, 2016 at 1:27:29 PM UTC-8, Brian Coca wrote: > > moustaches don't stack and concatenation (+) does not work outside > moustaches: > > authorized_key: user=root key="{{ lookup('file', role_path + > '/files/public_keys/' + item.1) }}" > > On Thu, Jan 7, 2016 at 3:16 PM, Colin Byrne <coby...@gmail.com > > wrote: > > Hey so I have a list of developer names in a dictionary and I am trying > to > > do a file lookup on their ssh key, > > > > I want to dynamically build the file path for each key as opposed to > > specifying it the full path for each developer. > > > > Here is my task: > > > > --- > > - name: Set up authorized_keys for the root user > > authorized_key: user=root key="{{ lookup('file', {{ role_path }} + > > '/files/public_keys/' + {{ item.1 }} ) }}" > > with_subelements: > > - ssh_users > > - names > > > > > > > > I haven't been able to get those variables to evaluate within the file > > lookup (I have tried many other syntaxes to try to achieve this). I > know I > > am importing them properly as I can get them to evaluate outside of the > file > > lookup with something like the following, but then they whole string is > not > > evaluated as a file. > > > > > > --- > > > > - name: Set up authorized_keys for the root user > > > >authorized_key: user=root key={{ role_path }} + '/files/public_keys/' > + > > {{ item.1 }} > > > >with_subelements: > > > > - ssh_users > > > > - names > > > > > > > > Here is my dictionary with the embedded lists: > > > > --- > > ssh_users: > > - group: admin > > names: > >- bob > >- dave > > - group: developers > > names: > >- tim > >- susan > > - group: analysts > > names: > >- mike > >- steve > > > > > > > > I am open to changing the task in an way shape or form to achieve this. > > > > Thanks for any help! > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ansible-proje...@googlegroups.com . > > To post to this group, send email to ansible...@googlegroups.com > . > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/605d42f9-0caa-46b1-929b-cd0d662e4ad4%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7a5b4b1e-6a9c-4311-9bf5-bce7d5ee3227%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] nesting dictionary vars in vars
Hey so I am trying to loop through a dictionary list of servers I want to create, and want to evaluate some variables based on the iteration I am on. I am not sure if I has a syntax error or I am trying something not supported by ansible, or if it's caused by the dictionary not being evaluated at that point yet: --- - name: Launch instances based on server list ec2: key_name: "{{ server_type[item.key].key_name }}" group_id: "{{ server_type[item.key].security_group }}" instance_type: "{{ server_type[item.key].instance_type }}" image: "{{ server_type[item.key].image }}" wait: false region: "{{ server_type[item.key].region }}" instance_tags: Type: "{{ item.key }}" Name: integ-{{ item.value.name }} exact_count: 1 #dont change! count_tag: Name: integ-{{ item.value.name }} vpc_subnet_id: subnet=blah assign_public_ip: no register: ec2 with_dict: "{{ servers }}" Then I have a dictionary and another list in my /role/vars/main.yml --- server_type: integ: security_groups: ['sg-81398ee4', 'sg-a6398ec3'] image: ami-xx instance_type: t2.medium #needs to match the base image size region: us-west-1 key_name: joeypeters production: mysql: servers: integ: name: joey # name: bob production: mysql: ... I get the following error: fatal: [localhost] => One or more undefined variables: 'None' has no attribute 'instance_type' FATAL: all hosts have already failed -- aborting I am up for structuring it entirely different if necessary. Thanks a lot for the help. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/caa082cf-608a-41fb-a91b-fc77c7d48216%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Best way to Include Roles in tasks
Hey, Thanks for the reply... This is already in a role though, so would calling a role from a role make sense or even work? Thanks, C On Tuesday, December 29, 2015 at 1:03:50 AM UTC-8, Borys Borysenko wrote: > > Hello Colin, > > The most simple way I guess is just to split your playbook with pre_tasks, > roles and tasks sections. Something similar to: > > --- > - hosts: all > vars: [] > pre_tasks: > - name: create group titled deploy > group: name=deploy state=present > - name: update apt-cache > sudo: yes > apt: update_cache=yes > - name: create deploy user > user: name=deploy group=deploy groups=sudo comment="Deployment User" > home="/home/deploy" shell="/bin/bash" > roles: > - external-rbenv-role > tasks: > - name: Install the kitchen sink > action: apt name={{item}} state=present update_cache=true > sudo: yes > with_items: > - libqtwebkit-dev > - node > - lots of other tasks > post_tasks: [] > > Regards, > Borys > > вторник, 29 декабря 2015 г., 2:08:37 UTC+2 пользователь Colin Byrne > написал: >> >> So I used to have one fairly long main.yml playbook that was used to >> perform a number of similar-tasks, one of which was to install rbenv, the >> ruby management tool. >> >> --- >> >> - name: create group titled deploy >> >> group: name=deploy state=present >> >> - name: update apt-cache >> >> sudo: yes >> >> apt: update_cache=yes >> >> - name: create deploy user >> >> user: name=deploy group=deploy groups=sudo comment="Deployment User" >> home="/home/deploy" shell="/bin/bash" >> >> - name: download rbenv >> >> ... >> >> - name: install rbenv >> >> ... >> >> - name: configure rbenv >> >> ... >> >> - name: Install the kitchen sink >> >> action: apt name={{item}} state=present update_cache=true >> >> sudo: yes >> >> with_items: >> >> - libqtwebkit-dev >> >> - node >> - lots of other tasks >> ... >> >> I found a nice galaxy role that better suits my needs for installing >> rbenv, and I now want to include it to run in the same order as previously, >> but I am confused as to how the documentation recommends to do this and the >> syntax (seemingly with dependencies or includes?). It is hard to decipher >> wether I will have to split it into three roles (the pre-rbenv, rbenv, >> post-rbenv) which would really seem inconvenient as the three would always >> be used together. I suspect this is a pretty common dilemma... >> >> Thank you all for the help so far, this forum has really made is a >> pleasure learning ansible. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9c68000c-79ab-4a59-97c5-c24c5751acae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Best way to Include Roles in tasks
So I used to have one fairly long main.yml playbook that was used to perform a number of similar-tasks, one of which was to install rbenv, the ruby management tool. --- - name: create group titled deploy group: name=deploy state=present - name: update apt-cache sudo: yes apt: update_cache=yes - name: create deploy user user: name=deploy group=deploy groups=sudo comment="Deployment User" home="/home/deploy" shell="/bin/bash" - name: download rbenv ... - name: install rbenv ... - name: configure rbenv ... - name: Install the kitchen sink action: apt name={{item}} state=present update_cache=true sudo: yes with_items: - libqtwebkit-dev - node - lots of other tasks ... I found a nice galaxy role that better suits my needs for installing rbenv, and I now want to include it to run in the same order as previously, but I am confused as to how the documentation recommends to do this and the syntax (seemingly with dependencies or includes?). It is hard to decipher wether I will have to split it into three roles (the pre-rbenv, rbenv, post-rbenv) which would really seem inconvenient as the three would always be used together. I suspect this is a pretty common dilemma... Thank you all for the help so far, this forum has really made is a pleasure learning ansible. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3d00027c-f93d-4d01-933a-3ffa5aed422b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Understanding var file placements and autoloads
I have two questions regarding variable behavior, given my file structure My file structure is like so: /roles /common /provision_ec2 /vars /main.yml /developer_list.yml /tasks /main.yml /group_vars /all /settings.yml /production First: Why does a task in /roles/provision_ec2/main.yml not automatically load a dictionary (or any list I presume) from /roles/provision_ec2/vars/developer_list.yml? Obviously vars/main.yml is going to get extremely crowded over time, do I have to load any var file not named 'main.yml' manually? Second: If I have added /group_vars/all/settings.yml to the ansible-vault, and run a playbook which doesn't call any variables from that file, I have realized I need to put in the vault password every time. It of course makes sense to me why this happens (because /all is loaded every time), but is still annoying. Is there a better way to structure my directories to avoid putting the password in every time? Or do I need to just keep it in another directory and manually load it when necessary? Thanks a lot for the help. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/540314d9-79e8-4e91-a1ca-d2561d9c6c1d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Pass vault variables into large config vault file.
But can you encrypt the template somehow? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9efadfd0-1301-4b4a-ac53-b9d6a9cca6c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Passing variables into files for syncing
Hey, so I have a number of essentially identical development servers which have a set of mostly-identical config files. In the config files are small configuration differences for each server, usually a differing API key or a differing host name, which will need to persist for the life of the file. I would love to use ansible to sync the identical portions of the config files, but am looking for a way to also keep the differing portions separate. Is there a way to pass in the server-specific vars as I sync the config files? Any other ideas? Sincere thanks for any help! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c1a71e12-ccb5-4e71-9654-6797c3ccf289%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Pass vault variables into large config vault file.
Hey, So I have a large config file that needs to be encrypted when pushed to a private repository. There are multiple server groups which it would be pushed too, so ideally I would be able to pass vars in to it, depending on the group. These vars would have to be encrypted as well. I feel like I have a pretty good understanding of the vault and its capabilities and limitations, and I am not sure if this would be possible for two reasons: 1. Ansible vault does not seem to be able to encrypt full files, just variable files (although my large config file is natively a .yml files, so It may be possible in this case) 2. I haven't seen anyone else pass a vault variable into another vault-decrypted file I am still just getting started with ansible and am therefore pretty slow, so I just wanted to know your opinions on the feasibility of this before I invest the time. Is there another simple encryption method that I could achieve the same results with? Sincere thanks for any help, C -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/312a07d4-a2df-42c2-a2d8-eeb75173f31d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Concatenated Commands Not Executing
Hey so I am still getting familiar with Ansible so apologies if this is amateur stuff: I have an array of servers which I need to execute a series of commands on. I enter: ansible all -m command -a "sudo apt-get -y update && sudo apt-get -y dist-upgrade && sudo apt-get -y autoclean && sudo apt-get -y autoremove" On all of the (remotely identical) servers I get the output: server-name | FAILED | rc=100 >> E: The update command takes no arguments It of course seems that ansible can't handle the concatated commands. Is this correct? Is there a workaround? Thanks for any help -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/61a6a2d0-aabf-45f3-a2da-532c31b0cbc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Concatenated Commands Not Executing
Thanks! worked great. On Wednesday, December 16, 2015 at 1:25:58 PM UTC-8, Brian Coca wrote: > > Use shell module instead > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b9fd54ad-af28-4117-be7d-f9b973dc9066%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Can't ping remote server(s) from non-root user
Hey, So I am just getting started with Ansible, and have been able to ping a remote server with root access, but I am having trouble doing the same without root access. Running with verbose output I get: ansible all --check -m ping - -i /usr/local/bin/ansible_comp/hosts_next_version ESTABLISH CONNECTION FOR USER: joe REMOTE_MODULE ping CHECKMODE=True EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/joe/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 server-1 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 && echo $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037' PUT /var/folders/pt/ld9k57zd2qz4yf6h_7k3c24mgp/T/tmpSCboHh TO /home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-248428083902840/ping server-1 | FAILED => failed to transfer file to /home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-227828078688673/ping: Connection closed If it was any command other than ping it seems obvious enough how to run as the sudo user, which I assume would fix the issue. With ping, I am not sure where to specify that i'd like to run as sudo. Or maybe the issue has nothing to do with sudo access? Sincere thanks for any help! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/17d24715-43e4-4408-8033-eeb41d91ec46%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.