[ansible-project] Failed to connect to the host via ssh: Connection timed out during banner exchange

[Justin Seiser]

We have 2 environments, both showing the same problem.

ENV 1. Jenkins worker is in a Docker Container, running on a linux server
ENV 2. Jenkins worker is a K8s pod.

The `container` the work is being ran from is the same in each env.  This 
is the same container I am using locally to test.

We have tons of jobs that all use this same `ssh through a bastion` setup, 
but for some reason, just this one is having problem, even though other 
jobs, targeting the same servers are working fine.


We generate a ssh.cfg, which specifies the bastion and its configurations.  
The exact commands below, run just fine on everyone laptops, fail in the 
Jenkins pipeline.

```
[defaults]
stdout_callback = debug
ansible_connection = ssh
ansible_port = 22
retry_files_enabled = False
callbacks_enabled = timer, profile_tasks
gathering = smart
timeout = 60
forks = 1
serial = 1
[ssh_connection]
ssh_args = '-F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30m -o 
StrictHostKeyChecking=no -o ForwardAgent=yes -o ServerAliveInterval=30 -o 
UserKnownHostsFile=/dev/null'
pipelining = True
```

no_proxy=’*’ ANSIBLE_CONFIG=ansible-private.cfg ansible -i 
inventory/private_linux_aws_ec2.yaml 
'tag_DeploymentID_${DEPLOYMENT_ID}:!tag_Role_SSH_Bastion_Host' -m ping -e 
'ansible_python_interpreter=/usr/bin/python2'
no_proxy=’*’ ANSIBLE_CONFIG=ansible-private.cfg ansible-playbook -i 
inventory/private_linux_aws_ec2.yaml playbooks/single_private_linux.yml -e 
"deployment_id=${DEPLOYMENT_ID} env=${ENV}"
no_proxy=’*’ ANSIBLE_CONFIG=ansible-private.cfg ansible -i 
inventory/private_windows_aws_ec2.yaml 
'tag_DeploymentID_${DEPLOYMENT_ID}:!tag_Role_RDP_Bastion_Host' -m win_ping
no_proxy=’*’ ANSIBLE_CONFIG=ansible-private.cfg ansible-playbook -i 
inventory/private_windows_aws_ec2.yaml playbooks/single_windows.yml -e 
"deployment_id=${DEPLOYMENT_ID} env=${ENV}"

When running `-vvv` you can copy/paste the SSH command it connects just 
fine.

Errors look like this, someones its all servers, sometime a few.


TASK [Set Fact - Public key] 
***
Tuesday 07 December 2021 19:56:53 + (0:00:00.018) 0:00:04.729 ** 
ok: [ip-172-16-0-10.us-gov-west-1.compute.internal]
ok: [ip-172-16-1-5.us-gov-west-1.compute.internal]
ok: [ip-172-16-1-10.us-gov-west-1.compute.internal]
ok: [ip-172-16-0-5.us-gov-west-1.compute.internal]

TASK [Remove New Authorized Keys file if exists] 
**
Tuesday 07 December 2021 19:56:54 + (0:00:00.054) 0:00:04.784 ** 

changed: [ip-172-16-0-10.us-gov-west-1.compute.internal]

fatal: [ip-172-16-1-5.us-gov-west-1.compute.internal]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}

MSG:

Data could not be sent to remote host "172.16.1.5". Make sure this host can 
be reached over ssh: Connection timed out during banner exchange

ok: [ip-172-16-1-10.us-gov-west-1.compute.internal]

fatal: [ip-172-16-0-5.us-gov-west-1.compute.internal]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}TASK [Set Fact - Public key] 
***
Tuesday 07 December 2021 19:56:53 + (0:00:00.018) 0:00:04.729 ** 
ok: [ip-172-16-0-10.us-gov-west-1.compute.internal]
ok: [ip-172-16-1-5.us-gov-west-1.compute.internal]
ok: [ip-172-16-1-10.us-gov-west-1.compute.internal]
ok: [ip-172-16-0-5.us-gov-west-1.compute.internal]

TASK [Remove New Authorized Keys file if exists] 
**
Tuesday 07 December 2021 19:56:54 + (0:00:00.054) 0:00:04.784 ** 

changed: [ip-172-16-0-10.us-gov-west-1.compute.internal]

fatal: [ip-172-16-1-5.us-gov-west-1.compute.internal]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}

MSG:

Data could not be sent to remote host "172.16.1.5". Make sure this host can 
be reached over ssh: Connection timed out during banner exchange

ok: [ip-172-16-1-10.us-gov-west-1.compute.internal]

fatal: [ip-172-16-0-5.us-gov-west-1.compute.internal]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d37ef691-0aa9-4afb-85e6-a7f3bf19ededn%40googlegroups.com.

[ansible-project] How to Deal with WinRM/PSRP CredSSP Read timed out

[Justin Seiser]

TASK [roles/ansible-role-dc : Copy Schema File 2] 
** fatal: [10.254.64.5]: UNREACHABLE! => {
"changed": false, "msg": "credssp: HTTPSConnectionPool(host='10.254.64.5', 
port=5986): Read timed out. (read timeout=200)", "unreachable": true} to 
retry, use: --limit @/home/ubuntu/workspace/sales-demo/demo-idauto-salesdemo
-prd-inf/ansible_dc.retry





I have 2 environments in AWS, each environment contains 2 Windows servers 
that I am running a playbook against.  Ansible itself is running in a 
docker container and connecting to the instances over VPC Peering.  So The 
Docker Server and Ansible Container are in 1 VPC, using winrm/credssp to 
connect to windows servers in another VPC.

The playbook keeps randomly failing with the above errors.  It will happen 
at different places in the playbook, so I cant narrow it down to any one 
specific section.  That file copy above is for a 1.8K file, so its not like 
it was too large.

I run this same setup, for thousands of linux servers and have no issue, so 
I assume its something with winrm, and VPC peering that it just doesnt like.

Here is winrm confg.

ansible_port: 5986
ansible_connection: winrm 
ansible_winrm_server_cert_validation: ignore 
ansible_winrm_transport: credssp 
ansible_winrm_operation_timeout_sec: 150 
ansible_winrm_read_timeout_sec: 200



I know the best solution would be to run ansible inside the same VPC but 
its not an option, so is there anything that can be done?  These ansible 
failures are putting a halt to the project, and my fear is that winrm is 
not going to allow this to work.

Same issue happens If I move to Ansible 2.8, and uses PSRP


ansible_connection: psrp
ansible_psrp_auth: credssp
ansible_psrp_cert_validation: ignore
ansible_psrp_connection_timeout: 120
ansible_psrp_operation_timeout: 80
ansible_psrp_reconnection_retries: 10


TASK [roles/ansible-role-dc : configure AD CS certification authority] 
*
An exception occurred during task execution. To see the full traceback, use 
-vvv. The error was: ReadTimeout: HTTPSConnectionPool(host='10.254.64.5', 
port=5986): Read timed out. (read timeout=30)
fatal: [10.254.64.5]: FAILED! => {"msg": "Unexpected failure during module 
execution.", "stdout": ""}

 to retry, use: --limit @/home/ubuntu/workspace/sales-demo/demo-idauto-
salesdemo-prd-inf/ansible_dc.retry


As you can see it failed at a completely different point in the role. 

- name: configure AD CS certification authority
  win_shell: Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -
CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 
2048 -HashAlgorithmName SHA256 -ValidityPeriod Years-ValidityPeriodUnits 99 
-Force
  async: 1000
  poll: 5
  register: pri_adcs_enrollment_config
  changed_when: pri_adcs_enrollment_config.rc == 0
  failed_when:
  - pri_adcs_enrollment_config.rc != 0
  - '"The Certification Authority is already installed" not in 
(pri_adcs_enrollment_config.stderr|regex_replace("\r\n", ""))'
  become: yes
  become_user: SYSTEM
  become_method: runas



I also see using PSRP it falls back to a read timeout of 30 seconds, there 
is no way to increase it that I can see.  It also appears with a read 
failure, it doesn't attempt to try the connection again. 


It fails at a random point more often than not.  If i run it 10 times back 
to back, 7-8 will fail at some point.  Im able to maintain a ping and a RDP 
session to the servers while these failures happen, and I do not notice any 
other issues.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8011490d-496c-4e31-9721-a9d414d73512%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Galaxy: Unable to Clone Private Git Repo

[Justin Seiser]

I have my ansible role in a git repo, in AWS Code Commit.  I have an SSH 
Key that allows me to clone the repo.

I have an ~/.ssh/config file that configures the key/user for code commit.

Host git-codecommit.us-east-1.amazonaws.com
 User AKIAJKJVTT7KGQ3WKG6A
 IdentityFile ~/.ssh/codecommit_rsa

This works when I attempt a regular git clone.

git clone ssh:
//apkaiiej5qazs35e5...@git-codecommit.us-east-1.amazonaws.com/v1/repos/ansible-role-openvpn


I can not figure out how to dupe this with ansible galaxy. 

I have tried the following.


- src: akiajkjvtt7kgq3wk...@git-codecommit.us-east-1.amazonaws.com/v1/repos/
ansible-role-openvpn.git
  scm: git
  

- src: ssh:
//akiajkjvtt7kgq3wk...@git-codecommit.us-east-1.amazonaws.com/v1/repos/ansible-role-openvpn.git
  scm: git

  
- src: git+ssh:
//akiajkjvtt7kgq3wk...@git-codecommit.us-east-1.amazonaws.com/v1/repos/ansible-role-openvpn.git
  scm: git



They all result in the same error.

Processing role ansible-role-openvpn [WARNING]: - ansible-role-openvpn was NOT 
installed successfully: - command git clone 
ssh://akiajkjvtt7kgq3wk...@git-codecommit.us- 
east-1.amazonaws.com/v1/repos/ansible-role-openvpn.git ansible-role-openvpn 
failed in directory /tmp/tmpK_lRx2 (rc=128)



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2068f000-5b74-48cb-aff6-66c762891b7f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] win_domain_membership - Setting Hostname when No Domain Is Present

[Justin Seiser]

I have a windows ec2 instance, that I would like to set the hostname on.  
Issue being, the module wants Domain Admin credentials which do not exist 
so I am not sure what is really needed here.

ansible 2.4.3.0
  config file = /home/justin/Documents/projects/ansible_mfa/ansible.cfg
  configured module search path = ['/home/justin/.ansible/plugins/modules', 
'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.4 (default, Jan  5 2018, 02:35:40) [GCC 7.2.1 
20171224]

- win_domain_membership:
 workgroup_name: WORKGROUP
 hostname: '{{ hostname }}'
 state: workgroup





The above indicates it needs the 'domain_admin_user' attribute, which I dont 
have.  I attempted just putting in a bogus one.  It in turn indicates it needed 
the 'domain_admin_password'.  Is this supposed to be the
the Administrator on the local box?  If so, Im not sure why I need it, when the 
playbook is already connected to the instance using Administrator and the 
proper password.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bfa2423c-cfb4-48f9-8405-1f3808c6755b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Role to Create/Tear Down EC2 Instances

[Justin Seiser]

I have a few questions on handling the creation/tear down of an ec2 
instance. 

I have a role ( its a task atm, but Ill be migrating it over')

- name: dallascowboys | Deployments
  include_tasks:
tasks/customer-instance.yml
  vars:
customer_name: dallascowboys
customer_ip: '10.99.100.10'
customer_instance_count: 1
customer_eip_state: present
customer_eni_state: present
  tags:
- dallascowboys

- name: Customer | Configure ENI
  ec2_eni:
state: "{{ customer_eni_state }}"
description: '{{ customer_name }} ENI'
private_ip_address: '{{ customer_ip }}'
region: "{{ vpc_region }}"
security_groups: "{{ secgrp_appliance_id }}"
subnet_id: "{{ public_subnet_id }}"
  register: customer_eni


- name: Customer | Configure EIP
  ec2_eip:
state: "{{ customer_eip_state }}"
region: "{{ vpc_region }}"
in_vpc: true
device_id: "{{ customer_eni.interface.id }}"


- name: Customer | Configure EC2 Instance
  ec2:
key_name: "{{ aws_mfacloud_key }}"
instance_type: t2.medium
image: "{{ mfa_ami }}"
region: "{{ vpc_region }}"
instance_profile_name: '{{ role_appliance_name }}'
network_interfaces: "{{ customer_eni.interface.id }}"
user_data: "{{ lookup('file','windows-remoting') }}"
instance_tags:
  Name: ec2-cloudmfa-{{ customer_name }}-prd
  Customer: "{{ customer_name }}"
  Environment: prd
  Patch Group: cloudmfa
  Ansible: true
  AMI: True
count_tag:
  Name: ec2-cloudmfa-{{ customer_name }}-prd
exact_count: "{{ customer_instance_count }}"
  register: instance


- name: debug instance 
  debug:
var: instance


- name: Customer | Grab Password
  ec2_win_password:
instance_id: "{{ instance.tagged_instances[0].id }}"
region: "{{ vpc_region }}"
key_file: "~/.ssh/{{ aws_mfacloud_key }}.pem"
wait: yes
wait_timeout: 300
  register: winpass


This works OK to spin an instance up, my issue is when I want to destroy 
the instance for some reason.  I first set count to 0, which causes the job 
to fail because the ec2_win_password module.  So I run it again, with eip 
absent and this works, but again fails on the ec2_win_password.  I then run 
it a third time with eni absent, and it fails with the following error.

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": 
> "state is absent but all of the following are missing: eni_id"}



My issues are.  Is there a better way to create these instances?  Its going 
to be ~20 or so instances, that are configured the same, but will end up 
with different software on them.  So I cant just say "spin up 20 
instances".  Is there a better way to have ec2_win_password only execute 
when I have created, or started an instance?  As opposed to turned 
off/terminated an instance?  I assume im missing something obvious about 
the tear down of the EIP and ENI as well.

Sorry for the vagueness here, I know im probably missing some info that 
would be helpful so please just ask.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a3f01b40-0086-494e-93f6-f9343a1a29c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Any tips on working with SQL Express on Windows

[Justin Seiser]

Thanks, this is actually working out fine for me.  I still have 2 'changed' 
each run, but they are just scripts checking if my setting is already 
configured, and if not, we register that and then run a second script to 
actually do the change. 

- name: Run Check SQL TCP Script
  win_shell: C:\Script\check_sql_tcp.ps1
  register: check_sql_tcp


- name: Run Set SQL TCP Script
  win_shell: C:\Script\set_sql_tcp.ps1
  register: check_sql_tcp
  when:
- check_sql_tcp.stdout_lines[0] != "True"
  notify: Restart MSSQL

Thanks for your assistance on these.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1a726845-74bb-4bb6-b9e9-fcf3ab8cfa7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Any tips on working with SQL Express on Windows

[Justin Seiser]

I think i can work from that, so thanks.  My real issue is how to get the 
return of those powershell commands.  Im sure im missing it in the ansible 
documentation but I dont know how to register and access the output of the 
script itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6fd019ad-a9c5-4ed2-8ccd-1bc19d8761af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Any tips on working with SQL Express on Windows

[Justin Seiser]

I'm looking to start a project working against an Amazon image with SQL Express 
preinstalled. I know that it comes with windows auth. I know I can also 
configure the authentication mode to use a SA account. My real issue is that 
this will have to be done with powershell, and I can't not find a powershell 
command to return the current auth mode. I would really like some tips for 
doing things like this, so it's not going to flag itself as a change each run.

Has anyone already dealt with this? Things like enable sa user, enable tcp 
pipes etc.

Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/44945541-56db-4086-9c98-02247082a325%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Migrating to Ansible

[Justin Seiser]

I wanted to see if anyone had some tips on how to migrate a current 
production environment to ansible?  Currently ~30 servers are running in 
AWS.  A few autoscaling groups that come up from golden ami's.  Ive been 
playing with ansible, used it to deploy a graylog cluster easy enough.  Now 
that Ive seen what it can do, I would really like to start using it to 
manage my current servers but Im not quite sure how to start.  Has anyone 
else had to introduce ansible into an existing setup, and if so, how did 
you go about managing your folder structure?  How did you start figuring 
out what needed added to your playbook in a way that didnt interfere with 
what was already existing?  I know 30 servers is not too large, but there 
are a few that I can not just trash/recreate because their are domain 
controllers, or Atlassian boxes.

Thank,s

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4ec7193e-937b-4a17-ae9b-86d9b83cc503%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Trying to duplicate a Bash script into ansible -- Not sure how to best handle alternatives with Slaves

[Justin Seiser]

I would prefer to not use the shell module, thats why Im asking if anyone 
has any other way around it.

Thanks,


On Wednesday, 13 December 2017 20:27:16 UTC-5, Toshio Kuratomi wrote:
>
> If you don't need idempotence (I assume you don't since the shell module 
> doesn't have idempotence either) I'd use the script module with your 
> existing bash script.
>
> -toshio
>
> On Dec 13, 2017 7:39 AM, "Justin Seiser" <justin...@gmail.com 
> > wrote:
>
>> I see there was a feature 
>> <https://github.com/ansible/ansible/issues/24278> request for this, but 
>> they do not note how they actually worked around it. In a nutshell, we 
>> download a groovy archive, unzip it, and create slaves for every file in 
>> the archive that is not the groovy executable, and doesnt end with .bat. We 
>> then do a update-alternatives for groovy.
>>
>>
>>
>> GROOVY_ALT_SLAVES=""
>> for f in $(ls /opt/groovy-${GROOVY_VERSION}/bin | fgrep -v .bat | 
>> grep -v '^groovy$'); do
>> GROOVY_ALT_SLAVES=" ${GROOVY_ALT_SLAVES}  --slave /usr/bin/${f} 
>> ${f} /opt/groovy-${GROOVY_VERSION}/bin/${f}"
>> done
>>
>> update-alternatives --install /usr/bin/groovy groovy 
>> /opt/groovy-${GROOVY_VERSION}/bin/groovy 2000 ${GROOVY_ALT_SLAVES}
>> update-alternatives --set groovy 
>> /opt/groovy-${GROOVY_VERSION}/bin/groovy
>>
>> I cant really wrap my head around the best way to dupe this, that isnt 
>> just running the shell module.  Once I resigned myself to using the shell 
>> module, I then read that doing something like
>>
>>
>>  - shell: GROOVY_ALT_SLAVES=" ${GROOVY_ALT_SLAVES}  --slave /usr/bin/{{ item 
>> }} {{ item }} /opt/groovy-{{ groovy_version }}/bin/{{ item }}"
>> with_items: ['file1', 'file2']
>>
>>
>>
>>
>> Wouldn't work, since each shell run is a separate connection, so Im not 
>> really building up a long string to then append to the update-alternatives 
>> command.  There is also the fact I have to manually specify a list of 
>> items, since I cant use glob because i need to match files that do not 
>> match a certain set of expressions.
>>
>>
>> Im sure Im missing something obvious, but I haven't made any progress on 
>> this one and any help would be great.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/155465dd-7461-486c-9351-5a386c6c5f15%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/155465dd-7461-486c-9351-5a386c6c5f15%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3d36cfcd-1621-4755-8d7c-12220992070f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Trying to duplicate a Bash script into ansible -- Not sure how to best handle alternatives with Slaves

[Justin Seiser]

I see there was a feature  
request for this, but they do not note how they actually worked around it. 
In a nutshell, we download a groovy archive, unzip it, and create slaves 
for every file in the archive that is not the groovy executable, and doesnt 
end with .bat. We then do a update-alternatives for groovy.



GROOVY_ALT_SLAVES=""
for f in $(ls /opt/groovy-${GROOVY_VERSION}/bin | fgrep -v .bat | grep 
-v '^groovy$'); do
GROOVY_ALT_SLAVES=" ${GROOVY_ALT_SLAVES}  --slave /usr/bin/${f} 
${f} /opt/groovy-${GROOVY_VERSION}/bin/${f}"
done

update-alternatives --install /usr/bin/groovy groovy 
/opt/groovy-${GROOVY_VERSION}/bin/groovy 2000 ${GROOVY_ALT_SLAVES}
update-alternatives --set groovy 
/opt/groovy-${GROOVY_VERSION}/bin/groovy

I cant really wrap my head around the best way to dupe this, that isnt just 
running the shell module.  Once I resigned myself to using the shell 
module, I then read that doing something like


 - shell: GROOVY_ALT_SLAVES=" ${GROOVY_ALT_SLAVES}  --slave /usr/bin/{{ item }} 
{{ item }} /opt/groovy-{{ groovy_version }}/bin/{{ item }}"
with_items: ['file1', 'file2']




Wouldn't work, since each shell run is a separate connection, so Im not 
really building up a long string to then append to the update-alternatives 
command.  There is also the fact I have to manually specify a list of 
items, since I cant use glob because i need to match files that do not 
match a certain set of expressions.


Im sure Im missing something obvious, but I haven't made any progress on 
this one and any help would be great.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/155465dd-7461-486c-9351-5a386c6c5f15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.