Re: [ansible-project] Reading in extra files, as or into dicts?

[Richard Hector]

On 16/04/22 22:13, Richard Hector wrote:

Hi all,

I have created a directory 'users' alongside my inventory. It has a 
directory 'user_vars', intended to be used like host_vars, but for 
users, obviously.


In there, I have files like this:

=
---
name: richard
gecos: 'Richard Hector,,,'
shell: '/bin/bash'
ssh_keys:
   - richard@foo
   - richard@bar
=

Then in host_vars/all, I have this kind of thing:

=
---
users:
   - richard
admins:
   - richard
ansible_users:
   - richard
=

I also have users/public_keys, which has a file for each of 
'richard@foo' etc, containing one key.


Where I'm stuck is reading in the user_vars file(s).

I want to get rid of what I used to have:

=
- name: users
   user:
     name: '{{ item.name }}'
     comment: '{{ item.gecos }}'
     shell: '{{ item.shell }}'
     createhome: yes
     state: present
     groups: '{{ item.groups }}'
     append: yes
   with_items:
   - { name: 'richard', gecos: 'Richard Hector,,,', shell: 
'/bin/bash', groups: [ 'sudo', 'adm' ] }

   tags:
     - users
==

since I want to separate data from the rest of my config.

So I'd like to either read all the user_vars files into a single 
dictionary before I run that loop, or read each file in its own 
iteration of the loop - or something better if that's the answer.


I thought about using set_fact in a loop, but that would give me 
separate facts/variables for each user, making it harder(?) to index 
them (but maybe by text templating the variable name?)


I also thought about doing a lookup in every line of the user loop 
above, but that seems wasteful, and I'm not sure how I'd do it anyway.


I've got this, but it looks horrible:

==
- name: set up user dicts
  set_fact:
"user_{{ item }}": "{{ lookup('file', inventory_dir + 
'/users/user_vars/' + item) |from_yaml }}"

  with_items: "{{ users }}"
  tags:
- users

- name: users
  user:
name: "{{ lookup('vars', 'user_' + item).name }}"
comment: "{{ lookup('vars', 'user_' + item).gecos }}"
shell: "{{ lookup('vars', 'user_' + item).shell }}"
createhome: yes
state: present
append: yes
  with_items: "{{ users }}"
  tags:
- users

- name: admin groups
  user:
name: "{{ item }}"
append: yes
groups:
  - sudo
  - adm
  when: item in admins
  with_items: "{{ users }}"
  tags:
- users

- name: ansible group
  user:
name: "{{ item }}"
append: yes
groups:
  - sudo
  - adm
  when: item in ansible_users
  with_items: "{{ users }}"
  tags:
- users
=

I'm still to do the ssh key stuff - that's going to be pretty ugly too, 
I think.


Are there ways to make this cleaner?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/af4b8c5e-3e6c-b937-48fd-b74ea32d66d0%40walnut.gen.nz.

[ansible-project] Reading in extra files, as or into dicts?

[Richard Hector]

Hi all,

I have created a directory 'users' alongside my inventory. It has a 
directory 'user_vars', intended to be used like host_vars, but for 
users, obviously.


In there, I have files like this:

=
---
name: richard
gecos: 'Richard Hector,,,'
shell: '/bin/bash'
ssh_keys:
  - richard@foo
  - richard@bar
=

Then in host_vars/all, I have this kind of thing:

=
---
users:
  - richard
admins:
  - richard
ansible_users:
  - richard
=

I also have users/public_keys, which has a file for each of 
'richard@foo' etc, containing one key.


Where I'm stuck is reading in the user_vars file(s).

I want to get rid of what I used to have:

=
- name: users
  user:
name: '{{ item.name }}'
comment: '{{ item.gecos }}'
shell: '{{ item.shell }}'
createhome: yes
state: present
groups: '{{ item.groups }}'
append: yes
  with_items:
  - { name: 'richard', gecos: 'Richard Hector,,,', shell: 
'/bin/bash', groups: [ 'sudo', 'adm' ] }

  tags:
- users
==

since I want to separate data from the rest of my config.

So I'd like to either read all the user_vars files into a single 
dictionary before I run that loop, or read each file in its own 
iteration of the loop - or something better if that's the answer.


I thought about using set_fact in a loop, but that would give me 
separate facts/variables for each user, making it harder(?) to index 
them (but maybe by text templating the variable name?)


I also thought about doing a lookup in every line of the user loop 
above, but that seems wasteful, and I'm not sure how I'd do it anyway.


Any suggestions?

Thanks,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bb093b37-e90b-115b-593c-d535b5945f7b%40walnut.gen.nz.

Re: [ansible-project] Keeping inventory and other data separate from code

[Richard Hector]

On 2/04/22 16:07, Nico Kadel-Garcia wrote:

On Fri, Apr 1, 2022 at 10:27 PM Richard Hector  wrote:


Hi all,

Currently my inventory is stored in the same git repo as my play(book)s,
roles etc, which I don't like.


Consider using git submodules if you want a unified workspace.


Hmm. I got thoroughly confused by submodules last time I tried them. And 
didn't Linus say he regretted having devised them in the first place?


Is there an easy way to have a non-unified workspace, so that I can use 
separate repos more easily?


Cheers,
Richard


What are common ways to avoid this? Perhaps keep inventory in a subdir
which is .gitignored, and make that a separate repo?

I also want to keep data which is not strictly inventory - eg lists of
users, ssh keys etc which are specific to my site/business, but shared
across many hosts and groups. I think I need to use lookups to access
this. Perhaps that data and inventory can go together in that other repo?

eg:

/home/richard/ansible/
   .git/
 .gitignore (ansible/data)
   .ansible.cfg
   /data
 .git/
 /inventory
   hosts
   /host_vars
   /group_vars
 users.yml
   /plays
   /roles

Does that seem reasonable?

That way, if (when) I have questions in the future, I can refer you all
to my ansible repo without sharing the private data :-)

Are there better ways to do this?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c0b602a7-b40e-7254-f153-c98a49dd3046%40walnut.gen.nz.




--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1119bcec-83e7-f0f6-5fa3-c40ae074af59%40walnut.gen.nz.

Re: [ansible-project] [OT?] What do you call a container container?

[Richard Hector]

Thanks - I think I'll go with 'ship', for the time being :-)

Cheers,
Richard

On 2/04/22 12:23, Nico Kadel-Garcia wrote:

"Container ship" is pretty clear. Others include:

"Tupperware".

"Mixing bowls"

"Measuringcups"

"Russian Dolls"

"Turtles All The Way Down".

"The inevitable product of people taught only recursion as a valid way
to do anything"

"Pay no attention to that server behind the layer of abstraction"

The list could go on and on, much like what you're describing.

On Fri, Apr 1, 2022 at 5:46 PM Richard Hector  wrote:


Hi all,

I have several leased VPS in which I run LXC containers.

At the moment, the group I use for those is "lxc_hosts", but that has a
few problems:

- Everything in inventory is a host, so lxc_host could just as well be a
   container as the machine it lives on.

- Separators in general are a pain - ansible doesn't like '-' in many
   places; '_' is invalid in hostnames; '.' and '/' are special in loads
   of places, and I suspect everything else is even riskier

'host' seems the most natural thing for hosting containers but is
problematic as above. 'container' would be worse, in this context.

This problem gets worse as I do more complex stuff - eg I'm looking into
using the lxc_ssh module, to manage containers on remote hosts before
direct ssh is available.

I've been wondering about 'ship' - as in a container ship contains
shipping containers - but it's not particularly intuitive, if I was eg
to share my config here to ask for assistance, or (dreaming) if I get to
the point of having employees or contractors.

Any other suggestions?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/68a20941-f60a-bc5b-6843-8b9c3436b54b%40walnut.gen.nz.




--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3ae53de8-a952-1872-171e-db9c1084226b%40walnut.gen.nz.

[ansible-project] Keeping inventory and other data separate from code

[Richard Hector]

Hi all,

Currently my inventory is stored in the same git repo as my play(book)s, 
roles etc, which I don't like.


What are common ways to avoid this? Perhaps keep inventory in a subdir 
which is .gitignored, and make that a separate repo?


I also want to keep data which is not strictly inventory - eg lists of 
users, ssh keys etc which are specific to my site/business, but shared 
across many hosts and groups. I think I need to use lookups to access 
this. Perhaps that data and inventory can go together in that other repo?


eg:

/home/richard/ansible/
  .git/
.gitignore (ansible/data)
  .ansible.cfg
  /data
.git/
/inventory
  hosts
  /host_vars
  /group_vars
users.yml
  /plays
  /roles

Does that seem reasonable?

That way, if (when) I have questions in the future, I can refer you all 
to my ansible repo without sharing the private data :-)


Are there better ways to do this?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c0b602a7-b40e-7254-f153-c98a49dd3046%40walnut.gen.nz.

[ansible-project] [OT?] What do you call a container container?

[Richard Hector]

Hi all,

I have several leased VPS in which I run LXC containers.

At the moment, the group I use for those is "lxc_hosts", but that has a 
few problems:


- Everything in inventory is a host, so lxc_host could just as well be a
  container as the machine it lives on.

- Separators in general are a pain - ansible doesn't like '-' in many
  places; '_' is invalid in hostnames; '.' and '/' are special in loads
  of places, and I suspect everything else is even riskier

'host' seems the most natural thing for hosting containers but is 
problematic as above. 'container' would be worse, in this context.


This problem gets worse as I do more complex stuff - eg I'm looking into 
using the lxc_ssh module, to manage containers on remote hosts before 
direct ssh is available.


I've been wondering about 'ship' - as in a container ship contains 
shipping containers - but it's not particularly intuitive, if I was eg 
to share my config here to ask for assistance, or (dreaming) if I get to 
the point of having employees or contractors.


Any other suggestions?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/68a20941-f60a-bc5b-6843-8b9c3436b54b%40walnut.gen.nz.

[ansible-project] lineinfile in lxc_container?

[Richard Hector]

Hi all,

I'm using ansible to set up lxc containers, using delegation to the 
container host.


One task looks like this:

- name: add ansible user to sudoers
  lineinfile:
dest: "/var/lib/lxc/{{ inventory_hostname }}/rootfs/etc/sudoers"
state: present
regexp: "^ansible"
line: 'ansible ALL=(ALL) NOPASSWD: ALL'
insertafter: '^root'
validate: '/usr/sbin/visudo -cf %s'
  delegate_to: "{{ container_host }}"
  when: start_container|bool

That has been working fine, until I tried to create a debian bullseye 
container on a buster host. Unfortunately, the sudoers format has 
changed slightly, so the buster visudo won't accept the bullseye sudoers 
file (#includedir is now @includedir).


I tried giving the path to the bullseye visudo, but it's dynamically 
linked and doesn't work on the buster system.


I could potentially use the lxc_container module to run a command in the 
container, but that means I lose lineinfile, and have to do more stuff 
manually.


Or I could use my temporary workaround, and just assume my sudoers file 
is ok, and skip validation.


Another option is to add an extra lineinfile task (before that one) to 
replace @includedir with #includedir, since it's backwards compatible, 
but that seems too hackish.


Any other suggestions?

Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/39771264-b079-ff6e-15a6-e018d95dd6fd%40walnut.gen.nz.

Re: [ansible-project] Complex process to generate template/lineinfile data?

[Richard Hector]

On 18/05/21 2:24 am, Brian Coca wrote:


For data manipulation you want to create a filter plugin, you still
need to be explicit about the data you feed it.


Thanks for that - this is what I've ended up with. There's probably some 
copy/paste boilerplate that's not needed in my case.


Does it look reasonable?
I've had a suggestion that I should avoid lineinfile, but I'm not sure 
what a good substitute is (other than rearranging my setup so I can 
template out individual files, rather than editing the existing one).


Cheers,
Richard

--task
- name: update dirvish-forced-command list
  lineinfile:
dest: "/usr/local/etc/dirvish-forced-command/default.list"
regexp: "^{{ item }}$"
line: "{{ item }}"
insertafter: EOF
  delegate_to: "{{ container_host }}"
  with_items: "{{ backup_paths | gen_dfc_lines(inventory_hostname, 
filesystems) }}"

  tags:
- backup

--plugin

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

from ansible.errors import AnsibleError, AnsibleFilterError, 
AnsibleFilterTypeError
from ansible.module_utils.six import string_types, integer_types, 
reraise, text_type


def gen_dfc_lines(backup_paths, container_name, filesystems):
'''Generate a list of lines for dirvish_forced_command'''
if not isinstance(filesystems, list):
raise AnsibleFilterTypeError('filesystems should be a list')
if not isinstance(backup_paths, list):
raise AnsibleFilterTypeError('backup_paths should be a list')

fixed_backup_paths = []
for path_entry in backup_paths:
found = False
for fs_entry in filesystems:
path = path_entry['path']
fs = fs_entry['container_mountpoint']
if path.startswith(fs):
# remove prefix from path
path = '/' + path[len(fs):]
# use guestfs path
fixed_path = "/guestfs/{cname}-{suffix}{bpath}".format(
cname = container_name,
suffix = fs_entry['suffix'],
bpath = path
)
found = True
if not found:
# use rootfs path
fixed_path = "/var/lib/lxc/{cname}/rootfs{bpath}".format(
cname = container_name,
bpath = path
)
fixed_backup_paths.append(fixed_path)
return fixed_backup_paths

class FilterModule(object):
''' backup helper filters '''

def filters(self):
return {
'gen_dfc_lines': gen_dfc_lines
}

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/11476de0-de71-5542-2501-45b268aee55e%40walnut.gen.nz.

Re: [ansible-project] Complex process to generate template/lineinfile data?

[Richard Hector]

On 15/05/21 6:39 pm, Richard Hector wrote:

Do I need to write a custom plugin of some kind?


I'm experimenting with writing a vars plugin, referring to these:

https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html
https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/vars/host_group_vars.py

I've put it in the vars_plugins directory in my role.

So far, I can create variables, and access them from my role, which is good.

What I can't do, as far as I can see, is access existing facts/vars. Do 
they exist at this point? Or is my plugin running at a lower level?


I was hoping they would be returned by the call to:

super(VarsModule, self).get_vars(loader, path, entities)

... but that returns None.

Is there a different kind of plugin that could do the job?

Thanks,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/300f5f57-fcce-abcd-7854-b4db6fbad655%40walnut.gen.nz.

Re: [ansible-project] Complex process to generate template/lineinfile data?

[Richard Hector]

On 15/05/21 6:39 pm, Richard Hector wrote:


Any suggestions?

Is this stuff reasonable to do with ansible, and a templating language?

Do I need to write a custom plugin of some kind?

If I had a dynamic inventory, then I could probably generate extra 
variables at that stage, but that's further away too.


I should give lots of credit to the nice people on irc who helped me get 
as far as I have.


I've also thought that if I could pass data (as json perhaps?) to stdin 
of a local script, and capture the output (a list of strings, as json 
again?), that would probably work ok - I could then write the script in 
a language I'm more familiar with, such as perl.


Is that doable?

Thanks,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d72c0e64-5912-3369-0be6-69aea22a75d0%40walnut.gen.nz.

[ansible-project] Complex process to generate template/lineinfile data?

[Richard Hector]

Hi all,

Well, it's not really that complex, but seems complex to do within the 
constraints of ansible/jinja.


My scenario is that I run dirvish to back up multiple containers on 
multiple hosts. The containers are backed up via the filesystems on the 
hosts.


The root filesystem of the container lives under 
/var/lib/lxc//rootfs.


Sometimes, extra filesystems are also used; they live under 
/guestfs/-, where 'name' is a possibly shortened 
version of the mountpoint.


Relevant sections of host_vars files look like this:

filesystems:
  - { index: 1, suffix: srv, size: 2, container_mountpoint: '/srv/' }
backup_paths:
  - { shortname: 'ROOT', path: '/'  }
  - { shortname: 'var',  path: '/var/'  }
  - { shortname: 'home', path: '/home/' }
  - { shortname: 'srv',  path: '/srv/'  }

So when I'm setting up backups, I need to treat any backup path for this 
container starting with '/srv/' differently, in that I need to backup 
something under /guestfs/ rather than under /var/lib/lxc.


I have a template that does this for the dirvish config:

client: {{ hostvars[container_host].fqdn }}
{% set ns = namespace(extra_fs='') %}
{% for mountpoint in filesystems %}
{% if item['path'] | regex_search(mountpoint['container_mountpoint']) %}
{% set ns.extra_fs = mountpoint %}
{% endif %}
{% endfor %}
{% if ns.extra_fs %}
tree: /guestfs/{{ inventory_hostname + '-' + ns.extra_fs['suffix'] + '/' 
+ item['path'] |regex_replace(ns.extra_fs['container_mountpoint'], '') }}

{% else %}
tree: /var/lib/lxc/{{ inventory_hostname }}/rootfs{{ item['path'] }}
{% endif %}
rsh: ssh -i /root/.ssh/id_rsa_dirvish {{ hostvars[container_host].fqdn }}

{% for backup_path in (backup_paths | select('search', item['path'] + 
'.*')) if not (backup_path['shortname'] == item['shortname']) %}

{% if loop.index == 1 %}
excludes:
{% endif %}
  {{ backup_path['path'] }}*
{% endfor %}


As you can see, that's quite complicated.

Then in addition, I need to add to a list of acceptable paths on the 
host (for my ssh forced command script to read).


That looks like this (for the same container described in the host_vars 
above):


...
/var/lib/lxc/example-web1/rootfs/
/var/lib/lxc/example-web1/rootfs/var/
/var/lib/lxc/example-web1/rootfs/home/
/guestfs/example-web1-srv/
...

That isn't a template, because the file contains paths for all the 
containers. I suppose I could modify my script to read any files in a 
directory instead of a single file, but that would be a separate 
project, and the template would be just as nasty as the one above.


I'm not even sure where to start with generating lines to add to the file.

Any suggestions?

Is this stuff reasonable to do with ansible, and a templating language?

Do I need to write a custom plugin of some kind?

If I had a dynamic inventory, then I could probably generate extra 
variables at that stage, but that's further away too.


Cheers,
Richard

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/75a77a08-b175-d165-8bc9-a2f0656cd834%40walnut.gen.nz.

Re: [ansible-project] best way to go about dhcp

[Richard Hector]

On 16/05/18 04:56, lpescatore via Ansible Project wrote:
> Hi, Posting a hypothetical. 
> Since my windows environment relies on a hosts file with addresses in
> said file, 
> what do you do when your environment is dhcp? Like if the IPs keep
> changing, whats to be done in the hosts file?

So the requirement is to be able to resolve a name to an IP address, to
connect to the host, right?

If you want dynamic, changing ip addresses, you probably want to have
the dhcp server update DNS (which means using DNS rather than hosts files)

Alternatively, make sure the ip addresses don't change - either set them
statically on the machine (outside the dhcp dynamic range), or configure
the dhcp server to allocate fixed addresses.

I don't use Windows, but I believe all those things are possible.

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/59050fa8-5fba-5580-8e2c-b2e0e9bb7699%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Need help in updating /etc/grub.conf file to disable THP in linux server using Ansible

[Richard Hector]

On 15/05/18 18:23, Padmesh Singh wrote:
> I need help in updating /etc/grub.conf file to disable THP in Linux servers. 
> I used below Ansible lineinfile module but it updates the kernel line 
> everytime when I run it, I need which runs and updates every line of kernel 
> in /etc/fstab file. Please suggest.
> 
> name: disable THP (RedHat)
>   lineinfile: dest=/boot/grub/grub.conf
>   backup=True
>   backrefs=True
>   state=present
>   regexp='(^\s+kernel(\s+(?!transparent_hugepage=never)[\w=/\-\.\,\_]+)*)\s*$'
>   line='\1 transparent_hugepage=never'
> 
> Each time I run the play it will add "transparent_hugepage=never" to a single 
> line where it is not found, instead of every line that starts with kernel. 
> Please suggest how to update this string in all the line that starts with 
> Kernel. 

Perhaps you want 'replace' rather than 'lineinfile'? Being careful that
your regexp doesn't match the line if it's already correct.

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e014edd-9fe0-bd8b-70f4-59e200699850%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Unable to install through dpkg in Ansible

[Richard Hector]

On 06/05/18 05:22, Bishwajit Samanta wrote:
> Hi, 
> 
> I am trying to install a .deb Package through Ansible, it is not getting
> installed. 
> 
> Error:-
> --
> 
> TASK [recon_app : Install the Deb Package of ReconApp]
> ***
> Saturday 05 May 2018  18:34:02 +0530 (0:00:00.034)       0:00:00.034
> **
> fatal: [192.168.56.124]: FAILED! => {"changed": false, "msg": "No
> package matching
> '/home/bishwajit/RECONAPP_1.0.0-26719-g5defc4d/reconapp_config_1.0.0-26719-g5defc4d_amd64.deb'
> is available"}
> 
> But the Package is there ::-
> --
> 
> -rw-r--r--  1 bishwajit bishwajit        39 Mar 14 00:44 product-build.info
> -rw-r--r--  1 bishwajit bishwajit    253750 Mar 14 00:45
> reconapp_config_1.0.0-26719-g5defc4d_amd64.deb
> -rw-rw-r--  1 bishwajit bishwajit 216942631 Mar 14 00:46
> reconcapp_karaf_1.0.0-26719-g5defc4d.tar.gz
> -rw-rw-r--  1 bishwajit bishwajit   1733969 Mar 14 00:46
> scripts_1.0.0-26719-g5defc4d.zip
> 
> bishwajit@Ansible-deploy-04:~/RECONAPP_1.0.0-26719-g5defc4d$ dpkg -i
> reconapp_config_1.0.0-26719-g5defc4d_amd64.deb
> dpkg: error: requested operation requires superuser privilege
> 
> What i found is it is asking for sudo priviledge so i changed the
> parameters to become, but still it is not getting resolved.
> 
> 
> - name: Install the Deb Package of ReconApp
>   apt:
>     name:
> "'/home/bishwajit/RECONAPP_1.0.0-26719-g5defc4d/reconapp_config_1.0.0-26719-g5defc4d_amd64.deb"
>     install_recommends: yes
>     state: present
>   become: yes
>   
> Can anyone help me ?

I think that 'name' expects just a package name, to install from a repo.
try 'deb' for installing from a file on the remote machine.

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6104360c-4551-6715-2fd5-05ed66444dc8%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Unable to run playbook (Syntax Error)

[Richard Hector]

On 01/05/18 09:26, Joshua Hill wrote:
> Can someone show me where my mistakes are with the below playbook? When i 
> try to run this playbook it tells me it fails at 
> 
> - name: run multiple commands on remote nodes
>   ^ here
> 
> ---
> - name: get version
>  hosts: all
>  gather_facts: false
>  connection: local
> 
>   tasks:
>- name: run multiple commands on remote nodes
>  ios_command:
>commands:
>  - show version
>  - show ip int brief
> 
>   register: print_output
> 
> -  debug: var=print_output.stdout_lines

I think the 3 lines under "- name" need to be indented level with the 'n'.

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/70097954-2504-cf53-434e-62a6da0d41d3%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Hosts behind ssh-proxy

[Richard Hector]

On 29/04/18 03:28, Sosys wrote:
> try this:
> https://groups.google.com/forum/?utm_medium=email_source=footer#!msg/ansible-project/-AFEyk69T8k/0X9skiOXCQAJ

Or if you have a recent enough OpenSSH (7.3), you can use ProxyJump,
which is much simpler:

# from
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts

# .ssh/config
Host server2
HostName 192.168.5.38
ProxyJump us...@jumphost1.example.org:22
User fred

Richard

> 
> On Sat, Apr 28, 2018 at 7:19 PM,  > wrote:
> 
> there was a mistake in the ssh command example. The right one is:
> 
> ssh %%@
> 
> Am Freitag, 27. April 2018 21:08:29 UTC+2 schrieb stefa...@gmail.com
> :
> 
> Hi, 
> i am new to using ansible but i am excited about it.
> Ansible is so powerful but one thing would make implementation
> easier for me.
> I have some servers I need to connect to via an ssh-proxy. 
> So far I have not managed to make this possible with ansible. 
> 
> The connection is done by ssh/scp according to the following
> pattern:
> 
> ssh
> 
> %%@
> 
> Anybody have any idea how to do this with ansible?
> 
> 
> Cheers,
> Stefan
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to ansible-project+unsubscr...@googlegroups.com
> .
> To post to this group, send email to
> ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> 
> https://groups.google.com/d/msgid/ansible-project/9bfe8541-1a76-4559-8709-1ae0baf59e57%40googlegroups.com
> 
> .
> 
> For more options, visit https://groups.google.com/d/optout
> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAE4sVJczi8Ti8ar7LvfVbOrtdcnMhuCkQ_tmN_eNt1qEwqOM7Q%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/009a2702-284d-7931-7cc2-6ba48624327f%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] lxc connection plugin - does anyone use it?

[Richard Hector]

On 10/04/18 21:57, Kai Stian Olstad wrote:
> On 10.04.2018 11:47, Richard Hector wrote:
>> I can't see how to use this at all without being root.
> 
> Add your user to the lxd group (your distro might use another group name
> for access)

I have no lxd group; I'm not using lxd. Lxc only. Perhaps this plugin
actually requires lxd? I suspect not, though; there's also an lxd plugin.

>> On 08/04/18 00:28, Richard Hector wrote:
>>> Hi all,
>>>
>>> I'm trying to use the lxc connection plugin, but it says that my
>>> container isn't running. Presumably that's because ansible isn't running
>>> as root. Is there a way to tell it to sudo before connecting?
> 
> You can run sudo ansible-playbook and/or sudo ansible.

Yes. I'd kind of rather not use root for the whole of
ansible(-playbook), but maybe it's necessary.

Thanks,
Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f883437e-b4df-0fbf-de82-28e1d8154033%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] lxc connection plugin - does anyone use it?

[Richard Hector]

I can't see how to use this at all without being root.

Is it considered acceptable to email the plugin author directly?

Thanks,
Richard

On 08/04/18 00:28, Richard Hector wrote:
> Hi all,
> 
> I'm trying to use the lxc connection plugin, but it says that my
> container isn't running. Presumably that's because ansible isn't running
> as root. Is there a way to tell it to sudo before connecting?
> 
> I'm aware of course of how to sudo _afterwards_, ie on the target
> system, to do anything useful, but I need to connect first.
> 
> I need to do this to set up the container for ssh, so I can continue
> with that later.
> 
> Thanks,
> 
> Richard
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4434435d-d721-feca-a3cb-a5da0f9bcd63%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible handling stdin input

[Richard Hector]

On 09/04/18 21:57, Benny Kusman wrote:
> Hi 
> 
> Hopefully someone has encountered and resolved this issue.
> 
> supposedly my playbook:
> *- main: execute script*
> *  shell: "/home/settingip"*
> 
> when executing the program, it will run and require stdin/keyboard
> input, such as IP, hostname, etc.
> 
> can i pre-fill this in ansible ? knowing that the prompt will have the
> same question everytime the command runs

Have a look at the expect module:

https://docs.ansible.com/ansible/latest/modules/expect_module.html

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8f27c340-1e8b-cb43-3be1-f34f49ce8b5e%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] lxc connection plugin - sudo first?

[Richard Hector]

Hi all,

I'm trying to use the lxc connection plugin, but it says that my
container isn't running. Presumably that's because ansible isn't running
as root. Is there a way to tell it to sudo before connecting?

I'm aware of course of how to sudo _afterwards_, ie on the target
system, to do anything useful, but I need to connect first.

I need to do this to set up the container for ssh, so I can continue
with that later.

Thanks,

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a08bce9b-f454-12d8-7c44-cb40a4ccbebe%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.