[ansible-project] Generate HTML Table from Ansible Inventory File
Hello, I have an inventory file like below: [group1] server1.example.com server2.example.com [group2] server3.example.com server4.example.com [group1:vars] field1=a1 field2=a2 [group2:vars] field1=a3 field2=a4 I need to generate an HTML file like below: Inventory HostField1Field2 server1.example.coma1a2 server2.example.coma1a2 server3.example.coma3a4 server4.example.coma4a4 Basically all the hosts and their values becomes HTML Table. How do I use Ansible playbook to accomplish it? Thank you, Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9d14c705-e0e0-40fa-81dd-3150d376558fo%40googlegroups.com.
Re: [ansible-project] How to structure variables to distinguish different environments
Hello, That construct actually makes sense to me. The fact of Development vs. Production is controlled by their network. We can just create custom fact based on each host IP address, and return customer fact variable. Then we can set nfs_server per that custom fact. Thanks for showing this tip. - Xinhuan On Thursday, July 2, 2020 at 6:23:27 AM UTC-4, Srinivas Naram wrote: > > There could be some distinction between both the environments. Can you use > gather_facts and get the differentiating value ? > > if you are able to get it using gather_facts, you can use set_facts > > Example > > set_facts: >nfs_server: xyx > when: ansible_distribution= 'CentOS' > > set_fact: >nfs_server: abc > when: ansible_distribution ='Ubuntu' > > On Thu, Jul 2, 2020 at 12:26 AM Xinhuan Zheng > wrote: > >> Hello, >> >> I want to define a variable for playbook in *group_vars/server_genre* >> file. However, I don't know if Ansible can support something like >> server_genre@environment syntax notation. Here is the detail: >> >> *In inventory/environment*: >> --- >> [server_genre] >> myserver1.example.com >> >> *In group_vars/server_genre:* >> --- >> nfs_server: mynfsserver1.example.com >> >> *In server_genre.yml playbook:* >> --- >> - name: Playbook for server_genre >> hosts: server_genre >> gather_facts: yes >> >> tasks: >> >> - name: Install Nfs client >> package: >> name: nfs-utils >> state: present >> - name: mount nfs >> mount: >> path: /mymount >> src: "{{ nfs_server }}" >> fstype: nfs >> opts: ro >> state: mounted >> >> In a different environment, the variable {{ nfs_server }} will have >> different value, however, I can't separate the different values using one >> single group_var/server_genre file, unless Ansible supports something like >> group_vars/server_genre@enviornment. >> >> How do I accomplish the variable value distinction in my case? >> >> Thanks, >> >> - Xinhuan >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/96edc459-2fec-4626-b7ac-2dae6d330505o%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/96edc459-2fec-4626-b7ac-2dae6d330505o%40googlegroups.com?utm_medium=email_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9bbe8409-2805-442d-af8c-f092195a8f89o%40googlegroups.com.
[ansible-project] How to structure variables to distinguish different environments
Hello, I want to define a variable for playbook in *group_vars/server_genre* file. However, I don't know if Ansible can support something like server_genre@environment syntax notation. Here is the detail: *In inventory/environment*: --- [server_genre] myserver1.example.com *In group_vars/server_genre:* --- nfs_server: mynfsserver1.example.com *In server_genre.yml playbook:* --- - name: Playbook for server_genre hosts: server_genre gather_facts: yes tasks: - name: Install Nfs client package: name: nfs-utils state: present - name: mount nfs mount: path: /mymount src: "{{ nfs_server }}" fstype: nfs opts: ro state: mounted In a different environment, the variable {{ nfs_server }} will have different value, however, I can't separate the different values using one single group_var/server_genre file, unless Ansible supports something like group_vars/server_genre@enviornment. How do I accomplish the variable value distinction in my case? Thanks, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/96edc459-2fec-4626-b7ac-2dae6d330505o%40googlegroups.com.
Re: [ansible-project] Ansible URI and GET_URL does not work for downloading
This morning I just found my URL is missing .0 in /Redhat_Enterprise_7.0 <https://www.google.com/url?q=https%3A%2F%2Fcdn.zmanda.com%2Fdownloads%2Fcommunity%2FAmanda%2F3.5.1%2FRedhat_Enterprise_7.0%2Famanda-backup_server-3.5.1-1.rhel7.x86_64.rpm=D=1=AFQjCNEjZAEdUVdeYQJfNAkXZpvhNF_lew> part. Now it is working for me too. Thanks! - Xinhuan On Thursday, April 2, 2020 at 5:56:16 PM UTC-4, Kai Stian Olstad wrote: > > On Thu, Apr 02, 2020 at 02:21:35PM -0700, Xinhuan Zheng wrote: > > Hello, > > > > I need to use Ansible URI and GET_URL to download a piece of software > > called amanda backup server. I'm getting trouble with downloading. This > is > > my playbook: > > > > - name: Create cookie for later request > > uri: > > url: > > " > https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7.0/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm; > > > > follow_redirects: all > > register: stuff_list > > > > - name: Debug > > debug: > > msg: "{{ stuff_list }}" > > > > - name: Download amanda software > > get_url: > > url: > > " > https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7.0/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm > > <https://www.google.com/url?q=https%3A%2F%2Fcdn.zmanda.com%2Fdownloads%2Fcommunity%2FAmanda%2F3.5.1%2FRedhat_Enterprise_7.0%2Famanda-backup_server-3.5.1-1.rhel7.x86_64.rpm=D=1=AFQjCNEjZAEdUVdeYQJfNAkXZpvhNF_lew>" > > > > headers: > > Cookie: "{{ stuff_list.cookies }}" > > dest: /mytest > > > > > > > Has anyone used URI and GET_URL to successfully download any software > from > > CloudFront? > > get_url without the headers work for me. > > $ cat test.yml > --- > - hosts: localhost > tasks: > - get_url: > url: " > https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7.0/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm; > > > dest: /tmp > > $ ansible-playbook test.yml > > PLAY [localhost] > > > TASK [get_url] > ** > changed: [localhost] > > PLAY RECAP > ** > > > localhost : ok=1changed=1unreachable=0 > failed=0skipped=0 > > $ file /tmp/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm > /tmp/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm: RPM v3.0 bin > i386/x86_64 > > > -- > Kai Stian Olstad > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6d883d5f-fa98-4fe6-903d-9fa336123746%40googlegroups.com.
[ansible-project] Ansible URI and GET_URL does not work for downloading
Hello, I need to use Ansible URI and GET_URL to download a piece of software called amanda backup server. I'm getting trouble with downloading. This is my playbook: - name: Create cookie for later request uri: url: "https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7.0/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm; follow_redirects: all register: stuff_list - name: Debug debug: msg: "{{ stuff_list }}" - name: Download amanda software get_url: url: "https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7.0/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm; headers: Cookie: "{{ stuff_list.cookies }}" dest: /mytest I'm getting below errors: TASK [amanda : Create cookie for later request] ** fatal: [myserver]: FAILED! => {"changed": false, "connection": "close", "content": "\nAccessDeniedAccess Denied13AAEE01DDC4B1B6nc/VbplLWPwS8Z43nTSicEBc+0I7cZcdnSC7XZHUp9zV1bV6ivJhN56nqtTGNOPG95iV5yKnO1Q=", "content_type": "application/xml", "date": "Thu, 02 Apr 2020 21:18:00 GMT", "elapsed": 0, "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "server": "AmazonS3", "status": 403, "transfer_encoding": "chunked", "url": "https://cdn.zmanda.com/downloads/community/Amanda/3.5.1/Redhat_Enterprise_7/amanda-backup_server-3.5.1-1.rhel7.x86_64.rpm;, "via": "1.1 b7d10369ae737ec35cf8d7faced56ef0.cloudfront.net (CloudFront)", "x_amz_cf_id": "iOQFt0a3nEBiQp23AZEtTJVDF1WYWqCHSqxPQJjihj02ccKxvlhUNQ==", "x_amz_cf_pop": "EWR53-C2", "x_cache": "Error from cloudfront"} Has anyone used URI and GET_URL to successfully download any software from CloudFront? Thanks, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5de96697-c389-4a4b-8751-b356c3f1ec3d%40googlegroups.com.
Re: [ansible-project] "ONE" inventory question
Hi Dick, So how do we construct inventory files depending on the factors of deployment process and people/teams, right? I once heard DevOps has people over process, process over automation wisdom, but I never understand what people means in DevOps. So we need first consider what teams/people are responsible first, then what is the process for those teams/people, right? As people, we basically are divided into system people and development people. System people responsible for building, administering, operating, monitoring, incl, but not limited to computing resources, storage, network; while development people responsible for writing custom code. If the custom code depends on any 3rd party modules, system people typically responsible for installing/configuring/patching that 3rd party modules. Some times system people have to deal with testing in the case of changing one version from another version, like database. The development team is using Gitlab as their versioning control system. Gitlab provides AutoDevOps, but we can't use. Our custom code isn't in those AutoDevOps areas. The infrastructure code is also versioning controlled in Gitlab. Gitlab has project repository. We try to keep infrastructure code in one repository. But it appears one repository is corresponding one pipeline. Per system perspective, all is infrastructure, until at the application level. So different applications may have different repository, and different set of infrastructure instances to serve them. I don't know how people handle inventory file version controlling like us. Are you willing to share some of your insights? Thanks, - Xinhuan On Wednesday, February 26, 2020 at 11:29:12 PM UTC-5, Dick Visser wrote: > > Hi > Hard to tell without knowing what and how things are deployed, and by what > people/teams. If you provide that context we can give it a try. > > On Wed, 26 Feb 2020 at 21:01, Xinhuan Zheng > wrote: > >> Hello, >> >> We have ansible code that are in version control repository. This makes >> how to maintaining "ONE" inventory file difficult. If we need to create >> multiple repositories, for different purpose of Ansible playbook running, >> it breaks "ONE" inventory file assumption. In practice, does everyone >> maintain their inventory file in one single version control repository, or >> in multiple version control repositories? Would multiple inventory files in >> multiple version control repositories create inconsistency issue? >> >> Thanks, >> >> - Xinhuan Zheng >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/570ae61f-90e9-4143-99ee-d33c1622cbbc%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/570ae61f-90e9-4143-99ee-d33c1622cbbc%40googlegroups.com?utm_medium=email_source=footer> >> . >> > -- > Sent from a mobile device - please excuse the brevity, spelling and > punctuation. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/05da447b-75c8-4325-9bf6-ac1c47c6b367%40googlegroups.com.
[ansible-project] Re: How to build Ansible inventory file
Hello All, I'm still patiently waiting for someone to give me some hint on below questions. Thanks - Xinhuan Zheng On Thursday, February 13, 2020 at 4:46:35 PM UTC-5, Xinhuan Zheng wrote: > > Hello, > > I need to build Ansible inventory files, but somehow got stuck. Typically > for a service, there is development, staging and production. Initially, I > thought I can create 3 inventory files with those names. Later I feel it > may not be the case. As I look at this Ansible document: > https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#example-group-by-function, > > it actually lists (3) grouping methods, by environment, by functions, and > by locations. Can I have a inventory file that is both grouped by > environment and by functions? It seems not possible. For example, consider > the following inventory file named as myservices: > > [development] > testwebserver1 > testwebserver2 > testloadbalancer1 > > [production] > webserver1 > webserver2 > loadbalancer1 > > [myservices:children] > development > production > > If the inventory file is development or production, that means it would > include all other services and it will become a big inventory file, and > playbook will be hard to write to manage all kinds services, for example, > development inventory file: > > [myservice1] > testwebserver1 > testwebserver2 > > [myservice2] > testwebserver3 > testwebserver4 > > [load_balancers] > loadbalancer1 > > [development:children] > myservice1 > myservice2 > load_balancers > > Is it a good practice to break down one big inventory file containing a > lot of services into inventory files just for that service like the first > one? > > Thank you, > > - Xinhuan Zheng > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d958113c-e9d9-467e-b937-34b2f0a1fb75%40googlegroups.com.
[ansible-project] Netscaler Ansible question
Hello, In my Netscaler Ansible module, I encountered a problem with netscaler_lb_vserver. I'm trying to use a list of servicebindings to create a single lb vserver with two services, but instead it only creates "test2-service" for that lb vserver, "test1-service" isn't there. Is there a way to use loop variable in netscaler servicebindings? - hosts: netscaler gather_facts: no vars: servicebindings: - servicename: "test1-service" weight: "50" - servicename: "test2-service" weight: "50" tasks: - name: Create netscaler endpoint lbvservers delegate_to: localhost netscaler_lb_vserver: nsip: "{{ nsip }}" nitro_user: "{{ nitro_user }}" nitro_pass: "{{ nitro_pass }}" state: present name: "test-lbvserver" servicetype: "HTTP" ipv46: "10.10.10.10" port: "80" lbmethod: "ROUNDROBIN" servicebindings: - servicename: "{{ item.servicename }}" weight: "{{ item.weight }}" with_items: "{{ servicebindings }}" Thank you, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9bb1a439-3ad1-48bd-800c-2b9b19dff62e%40googlegroups.com.
[ansible-project] "ONE" inventory question
Hello, We have ansible code that are in version control repository. This makes how to maintaining "ONE" inventory file difficult. If we need to create multiple repositories, for different purpose of Ansible playbook running, it breaks "ONE" inventory file assumption. In practice, does everyone maintain their inventory file in one single version control repository, or in multiple version control repositories? Would multiple inventory files in multiple version control repositories create inconsistency issue? Thanks, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/570ae61f-90e9-4143-99ee-d33c1622cbbc%40googlegroups.com.
[ansible-project] How to build Ansible inventory file
Hello, I need to build Ansible inventory files, but somehow got stuck. Typically for a service, there is development, staging and production. Initially, I thought I can create 3 inventory files with those names. Later I feel it may not be the case. As I look at this Ansible document: https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#example-group-by-function, it actually lists (3) grouping methods, by environment, by functions, and by locations. Can I have a inventory file that is both grouped by environment and by functions? It seems not possible. For example, consider the following inventory file named as myservices: [development] testwebserver1 testwebserver2 testloadbalancer1 [production] webserver1 webserver2 loadbalancer1 [myservices:children] development production If the inventory file is development or production, that means it would include all other services and it will become a big inventory file, and playbook will be hard to write to manage all kinds services, for example, development inventory file: [myservice1] testwebserver1 testwebserver2 [myservice2] testwebserver3 testwebserver4 [load_balancers] loadbalancer1 [development:children] myservice1 myservice2 load_balancers Is it a good practice to break down one big inventory file containing a lot of services into inventory files just for that service like the first one? Thank you, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1517c5c1-31e0-4eaa-b793-1d7fd3846cd3%40googlegroups.com.
Re: [ansible-project] How do I include another playbook in current playbook?
Hello Alicia, This is great. I got the idea. Thanks for your help! - Xinhuan On Thursday, January 23, 2020 at 12:33:57 PM UTC-5, alicia wrote: > > You cannot import a playbook anywhere inside a play - importing a playbook > is a play of its own. > > If you want to run the imported playbook first, try: > > - name: this play runs ‘another.yml' on the hosts it defines > import_playbook: another.yml > > - name: this play runs two roles on all hosts in the mywebservers group > hosts: mywebservers > gather_facts: yes > > roles: > - role: testrole1 > tags: testrole1 > - role: testrole2 > tags: othertag > > If you want to run the roles first, reverse the order of the two plays. > > You can also review the general documentation on importing and including > at https://docs.ansible.com/ansible/devel/user_guide/playbooks_reuse.html. > You may want to edit “another.yml” to make it a tasks file instead of a > playbook for greater flexibility. > > Hope this helps, > Alicia > > On Jan 22, 2020, at 3:24 PM, Xinhuan Zheng > wrote: > > > Take a look again at the example in >> >> https://docs.ansible.com/ansible/latest/modules/import_playbook_module.html. >> >> To me it does not know where >> >> >> roles: >> - role: testrole1 >> tags: testrole1 >> >> belongs. Should it be >> >> - hosts: mywebservers >> gather_facts: yes >> >> roles: >> - role: testrole1 >> tags: testrole1 >> >> #- import_playbook: another.yml >> >> i.e. those roles are related to mywebservers? Or are they related to >> all hosts as defined in another.yml? >> >> >> > testrole1 belongs to mywebservers. It isn't related to all hosts as > defined in another.yml file. However, another.yml file needs to be called > first. I tried using pre_tasks with import_playbook. It doesn't work > either. I also tried using include, still not working. Since another.yml > file contains a list of roles, it is supposed to be import_playbook, but > I'm not sure how to make import_playbook working in current_playbook.yml > file. > > Thanks again, > > - Xinhuan > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible...@googlegroups.com . > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/ea2a316c-0d8e-4641-9e94-d10e708b3ea5%40googlegroups.com > > <https://groups.google.com/d/msgid/ansible-project/ea2a316c-0d8e-4641-9e94-d10e708b3ea5%40googlegroups.com?utm_medium=email_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0c1fa28a-b8a6-4df2-9d20-1e0efd99789c%40googlegroups.com.
Re: [ansible-project] How do I include another playbook in current playbook?
> Take a look again at the example in > https://docs.ansible.com/ansible/latest/modules/import_playbook_module.html. > > To me it does not know where > > > roles: > - role: testrole1 > tags: testrole1 > > belongs. Should it be > > - hosts: mywebservers > gather_facts: yes > > roles: > - role: testrole1 > tags: testrole1 > > #- import_playbook: another.yml > > i.e. those roles are related to mywebservers? Or are they related to > all hosts as defined in another.yml? > > > testrole1 belongs to mywebservers. It isn't related to all hosts as defined in another.yml file. However, another.yml file needs to be called first. I tried using pre_tasks with import_playbook. It doesn't work either. I also tried using include, still not working. Since another.yml file contains a list of roles, it is supposed to be import_playbook, but I'm not sure how to make import_playbook working in current_playbook.yml file. Thanks again, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ea2a316c-0d8e-4641-9e94-d10e708b3ea5%40googlegroups.com.
[ansible-project] How do I include another playbook in current playbook?
Hello, I created a playbook which needs to call another playbook. This is my current playbook: --- # file: current_playbook.yml - hosts: mywebservers gather_facts: yes #- import_playbook: another.yml roles: - role: testrole1 tags: testrole1 post_tasks: - name: Install configuration file template: src: myconf.j2 dest: /remote-path/myconf tags: testrole1 - name: Install cron cron: name: 'run every day' minute: '0' hour: '0' job: "/remote-path/job" tags: testrole1 I want to run playbook like: ansible-playbook -i myinventory -l mywebservers current_playbook.yml --tags testrole1. But another.yml playbook needs to run first. Here is another.yml playbook: --- # file: another.yml - hosts: all gather_facts: yes roles: - role: myrole1 - role: myrole2 When I comment back in `#- import_playbook: another.yml' line in current_playbook.yml file, I got below error: ERROR! 'roles' is not a valid attribute for a PlaybookInclude - import_playbook: another.yml ^ here How do I call another.yml playbook in my current_playbook.yml file? Thank you, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d725708b-622c-4f93-b25c-89cddc114d38%40googlegroups.com.
[ansible-project] Ansible firewalld module question
Hello, In Ansible firewalld module: https://docs.ansible.com/ansible/latest/modules/firewalld_module.html?highlight=firewalld, in the examples like below: - firewalld: service: https permanent: yes state: enabled We want to make it more descriptive in our role's tasks/main.yml file, since it is part of a large playbook: - name: Firewalld open https firewalld: service: https permanent: yes state: enabled However, it doesn't work in the large playbook which calls that role. Does anybody know why? Thank you, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/df271954-87ac-4f01-b969-a1e0fd152dfe%40googlegroups.com.
Re: [ansible-project] Re: Does current Ansible support templates macro?
Hello Mr. Botka, This is exactly what I am looking for. It looks so neat with ini_file module instead of template. I'll play with it in my tasks. Thank you very much! :) - Xinhuan On Thursday, January 16, 2020 at 10:50:25 AM UTC-5, Vladimir Botka wrote: > > On Thu, 16 Jan 2020 05:49:07 -0800 (PST) > Xinhuan Zheng > wrote: > > > sssd_config: > > sssd: > > debug_level: 1 > > additional_key: additional_value > > another_addtional_key: another_additional_value > > nss: > > reconnection_retries: 3 > > additional_key: additional_value > > another_addtional_key: another_additional_value > > pam: > > debug_level: 5 > > additional_key: additional_value > > another_addtional_key: another_additional_value > > > > Because this is so difficult to manipulate in template (I spend most > > yesterday to figure it out), I think it is probably better just put > > INI-style content into template file > > It also possible to use module 'ini_file' > https://docs.ansible.com/ansible/latest/modules/ini_file_module.html > > With the configuration data transformed to this list > > sssd_config: > - params: > - additional_key: additional_value > - reconnection_retries: 3 > - another_addtional_key: another_additional_value > section: nss > - params: > - debug_level: 5 > - another_addtional_key: another_additional_value > - additional_key: additional_value > section: pam > - params: > - debug_level: 1 > - another_addtional_key: another_additional_value > - additional_key: additional_value > section: sssd > > the task below > > - ini_file: > path: /scratch/tmp/config.ini > section: "{{ item.0.section }}" > option: "{{ item.1.keys()|list|first }}" > value: "{{ item.1.values()|list|first }}" > with_subelements: > - "{{ sssd_config }}" > - params > > gives > > $ cat /scratch/tmp/config.ini > [nss] > additional_key = additional_value > reconnection_retries = 3 > another_addtional_key = another_additional_value > [pam] > debug_level = 5 > another_addtional_key = another_additional_value > additional_key = additional_value > [sssd] > debug_level = 1 > another_addtional_key = another_additional_value > additional_key = additional_value > > -- > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eeb236a9-a093-4f7c-b981-943f43989367%40googlegroups.com.
Re: [ansible-project] Re: Does current Ansible support templates macro?
Hello, Your testing looks fine in the test data model. However, the sssd_config real data model is like below: sssd_config: sssd: debug_level: 1 additional_key: additional_value another_addtional_key: another_additional_value nss: reconnection_retries: 3 additional_key: additional_value another_addtional_key: another_additional_value pam: debug_level: 5 additional_key: additional_value another_addtional_key: another_additional_value The addtional_key and another_additional_key isn't same per section (pam,nss,sssd), and number of additional_key per section isn't identical either. So nss section may have 5 key/value pairs, pam may have 6 key/value pairs, and sssd may have only 3 key/value pairs. Each additional_key is pretty much unique to that section. Because this is so difficult to manipulate in template (I spend most yesterday to figure it out), I think it is probably better just put INI-style content into template file, then fill in the values from variables that varies for that key/value pair. It makes the work more simpler. Thank you for providing the test case. I'll remember this lesson. - Xinhuan On Wednesday, January 15, 2020 at 3:45:44 PM UTC-5, Vladimir Botka wrote: > > On Wed, 15 Jan 2020 11:57:49 -0800 (PST) > Xinhuan Zheng > wrote: > > > I tested the solution, it doesn't work. item.1 becomes: > > {u'id_provider': u'local', u'auth_provider': u'local', u'enumerate': > True} > > So I get error there is no keys on {{ item.1.keys().0 }} > > Both versions works for me. Double-check the code. The playbook > > - hosts: localhost > vars: > sssd_config: > sssd: > debug_level: 1 > nss: > reconnection_retries: 3 > pam: > debug_level: 5 > tasks: > - template: > src: template.j2 > dest: config.ini > > with the template > > % for item in sssd_config.items() %} > [{{ item.0 }}] > {{ item.1.keys().0 }}={{ item.1.values().0 }} > {% endfor %} > # -- > {% for item in sssd_config.items() %} > [{{ item.0 }}] > {% for iitem in item.1.items() %} > {{ iitem.0 }}={{ iitem.1 }} > {% endfor %} > {% endfor %} > > gives > > [nss] > reconnection_retries=3 > [pam] > debug_level=5 > [sssd] > debug_level=1 > # -- > [nss] > reconnection_retries=3 > [pam] > debug_level=5 > [sssd] > debug_level=1 > > -- > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2b863977-2dc5-425f-86f9-e4d7130fad70%40googlegroups.com.
Re: [ansible-project] Re: Does current Ansible support templates macro?
Got this error: "AnsibleUndefinedVariable: 'list object' has no attribute 'items' for item.1.items() - Xinhuan On Wednesday, January 15, 2020 at 1:56:58 PM UTC-5, Vladimir Botka wrote: > > On Wed, 15 Jan 2020 19:47:23 +0100 > Vladimir Botka > wrote: > > > Fit the template to your needs. For example the template > > > > {% for item in sssd_config.items() %} > > [{{ item.0 }}] > > {{ item.1.keys().0 }}={{ item.1.values().0 }} > > {% endfor %} > > > > gives > > > > [nss] > > reconnection_retries=3 > > [pam] > > debug_level=5 > > [sssd] > > debug_level=1 > > There might be more items in the configuration sections. The template > below gives the same result and would include other parameters if present > > {% for item in sssd_config.items() %} > [{{ item.0 }}] > {% for iitem in item.1.items() %} > {{ iitem.0 }}={{ iitem.1 }} > {% endfor %} > {% endfor %} > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/adc7d7b9-8e64-4b26-967a-2e74a3f03bd2%40googlegroups.com.
Re: [ansible-project] Re: Does current Ansible support templates macro?
I tested the solution, it doesn't work. item.1 becomes: {u'id_provider': u'local', u'auth_provider': u'local', u'enumerate': True} So I get error there is no keys on {{ item.1.keys().0 }} - Xinhuan On Wednesday, January 15, 2020 at 1:47:42 PM UTC-5, Vladimir Botka wrote: > > On Wed, 15 Jan 2020 10:40:53 -0800 (PST) > Xinhuan Zheng > wrote: > > > Tried what you said. Here is what {{ item }} look like: > > > > [(u'sssd', {u'debug_level': 5, u'reconnection_retries': 3, > > u'config_file_version': 2, u'sbus_timeout': 30})] > > [(u'services', [u'nss', u'pam', u'ssh'])] > > > > What should I do next? > > Fit the template to your needs. For example the template > > {% for item in sssd_config.items() %} > [{{ item.0 }}] > {{ item.1.keys().0 }}={{ item.1.values().0 }} > {% endfor %} > > gives > > [nss] > reconnection_retries=3 > [pam] > debug_level=5 > [sssd] > debug_level=1 > > HTH, > > -vlado > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e5bb467d-0c5c-440e-adfc-41dbcbef9e6f%40googlegroups.com.
[ansible-project] Re: Does current Ansible support templates macro?
Tried what you said. Here is what {{ item }} look like: [(u'sssd', {u'debug_level': 5, u'reconnection_retries': 3, u'config_file_version': 2, u'sbus_timeout': 30})] [(u'services', [u'nss', u'pam', u'ssh'])] ... What should I do next? Thanks again, - Xinhuan On Tuesday, January 14, 2020 at 4:27:45 PM UTC-5, Xinhuan Zheng wrote: > > Hello, > > I'm working on a role for system SSSD daemon. I found this piece of code > online: > > https://github.com/picotrading/ansible-sssd/blob/master/templates/sssd.conf.j2 > > I have defined my own sssd_config variable in my role's defaults > directory, so I'd like to use that piece of code. That code is neat. > However, I don't understand what it is doing in line: > {% from "templates/encoder/macros/ini_encode_macro.j2" import ini_encode > with context -%} > > Also does current Ansible support templates macro like above? > > If it doesn't, then sssd_config variable is a large dictionary map, with > INI-style different sections. What really needs to happen is based on that > variable, change it to use = symbol as delimiter for each INI section. For > example: > > sssd_config: > sssd: > debug_level: 1 > config_file_version: 2 > ... > > Then the produced sssd.conf file would look like below: > > [sssd] > debug_level=1 > config_file_version=2 > > Thank you, > > Xinhuan Zheng > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/58c3be45-1e40-4c86-8421-ebfc5112d88d%40googlegroups.com.
Re: [ansible-project] Does current Ansible support templates macro?
*I still cannot figure out how to loop through my variable:* *sssd_config:* * sssd:* *debug_level: 1* * nss:* *reconnection_retries: 3* * pam:* * debug_level: 5* Here is my template code: {% for item in sssd_config %} [{{ item }}] {% set list = sssd_config[item] %} {% for i in list %} {{ i }} = {% endfor %} {% endfor %} I cannot figure out what to put after {{ i }}. Please HELP! Thank you, - Xinhuan Zheng On Tuesday, January 14, 2020 at 5:42:22 PM UTC-5, Vladimir Botka wrote: > > On Tue, 14 Jan 2020 13:27:45 -0800 (PST) > Xinhuan Zheng > wrote: > > > ... However, I don't understand what it is doing in line: > > {% from "templates/encoder/macros/ini_encode_macro.j2" import ini_encode > > with context -%} > > This link to the Jinja doc will help you > https://jinja.palletsprojects.com/en/2.10.x/templates/#import > > -vlado > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f83716c1-d475-4034-8b54-95c578503d0b%40googlegroups.com.
[ansible-project] Does current Ansible support templates macro?
Hello, I'm working on a role for system SSSD daemon. I found this piece of code online: https://github.com/picotrading/ansible-sssd/blob/master/templates/sssd.conf.j2 I have defined my own sssd_config variable in my role's defaults directory, so I'd like to use that piece of code. That code is neat. However, I don't understand what it is doing in line: {% from "templates/encoder/macros/ini_encode_macro.j2" import ini_encode with context -%} Also does current Ansible support templates macro like above? If it doesn't, then sssd_config variable is a large dictionary map, with INI-style different sections. What really needs to happen is based on that variable, change it to use = symbol as delimiter for each INI section. For example: sssd_config: sssd: debug_level: 1 config_file_version: 2 ... Then the produced sssd.conf file would look like below: [sssd] debug_level=1 config_file_version=2 Thank you, Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8604b2d6-8af5-476a-a9be-74439659f806%40googlegroups.com.
[ansible-project] How do I use Ansible loop for generalizing things in a role
Hello, I'm creating a Ansible role to place a set of scripts to managed hosts so that they can start by cron in a defined schedule. Since it is a set of scripts, I want to generalize the play execution sequence to use a loop. This will be before loop: --- - name: Create directory file: path: /mydirectory state: directory owner: root group: root mode: 0755 - name: Install script1 template: src: script1.sh.j2 dest: /mydirectory/script1.sh - name: Create cronjob for script1 cron: name: script1 run every minute cron_file: script1_cron user: root job: /mydirectory/script1.sh - name: Install script2 template: src: script2.sh.j2 dest: /mydirectory/script2.sh - name: Create cronjob for script2 cron: name: script2 run every 10 minutes minute: */10 cron_file: script2_cron user: root job: /mydirectory/script2.sh Since it is a set of scripts, I figured it would be possible to generalize using loop but I don't know how. In place of script1/script2, it will be a variable name. How do I generalize every minute, every 10 minutes, every hour, or specific date & time as a variable within a loop? Thank you, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2c5294c6-d1f6-4bd9-b1c6-7bf0bfb31ca2%40googlegroups.com.
[ansible-project] Re: Running Ansible ping and getting error: Operation not permitted\r\n",
On Thursday, December 26, 2019 at 11:49:26 AM UTC-5, gefela wrote: > > > When I am running a ansible ping from a ubuntu VM to a host using the > command > > ansible -m ping juniper > > It gives me the error message ... > > > > WARNING]: Platform freebsd on host 172.16.203.122 is using the discovered > Python interpreter at /usr/bin/python, but future installation of another > Python interpreter could change this. See > https://docs.ansible.com/ansible/2.9/ > reference_appendices/interpreter_discovery.html for more information. > > 172.16.203.122 | FAILED! => { "ansible_facts": { > "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, > "module_stderr": "Shared connection to 172.16.203.122 closed.\r\n", > "module_stdout": "/bin/sh: /usr/bin/python: Operation not permitted\r\n", > "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 126 > > My hosts file has the following entry .. > > [juniper] > > 172.16.203.122 ansible_ssh_user=root ansible_ssh_pass=my password > > What is missing as i am running out of ideas > You need to deploy ssh private key for the user you are running on control node, and ssh public key for the same user on managed node, and escalated privileges, for example, sudo for that same user for commands that require escalated privileges (like reboot). - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a88fe47d-e8d0-43c0-b71d-9163b9b950d7%40googlegroups.com.
Re: [ansible-project] Force ansible-playbook to collect ansible facts
Hello Mr. Kai, Sorry for not being clear. What I'm working on is probably a big playbook. So I used Ansible roles wisdom, for code re-usability. The main playbook will invoke each role as I develop, and I need to debug each role by calling the main playbook. That's why I figure it to use tags, since each role is also tagged differently. Today I found that some pieces of task in roles are not tagged at all, so it skipped. As I added missing tags, everything worked as expected. One thing I want to share with you and others is it is probably not a good idea to tag the main playbook, if you already tag the roles. If main playbook is tagged, when invoking with both main playbook's tag and role's tag, it causes unwanted roles to be invoked, and when invoking only role's tag, gathering facts will be skipped. So it is better to not tag the main playbook. There is no need to create setup module. Using gather_facts: yes in main playbook is fine. Just find tags can be applied to roles this way: https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html: roles: - role: webserver tags: [ web, foo ] - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ab8b723e-d40d-416f-b43c-732e83cb3afd%40googlegroups.com.
Re: [ansible-project] Not replacing invalid character(s) in group name warning
Hello Mr. Kai, I used {{ ansible_default_ipv4.network.replace('.', '_') }} and created group_vars/subnet_xxx_xxx_xxx_xxx. It worked perfectly. Thank you very much for help! - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9c3491dd-0281-4832-833a-dd4fa3343feb%40googlegroups.com.
Re: [ansible-project] Force ansible-playbook to collect ansible facts
> Because you have replaced the tags with the config tag. > > > I want to configure only networking part inside config. That is, config is parent level tag, I only want to invoke networking tag of the parent tag. Can I do that? BTW, below isn't working: ansible-playbook -i test -l my_servers pb.yml --tags config,networking - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/963ae457-3f5d-4a67-8faf-20126b6ab700%40googlegroups.com.
[ansible-project] Force ansible-playbook to collect ansible facts
Hello, I ran my ansible playbook, pb.yml file, with --tags, like following: ansible-playbook -i "192.168.100.1," pb.yml --tags "networking" ansible-playbook does NOT collect ansible facts. However, if I run it without --tages, the ansible facts are collected. Why is that? Here is my directory layout: pb.yml roles/ networking.yml Here is the pb.yml: --- - hosts: all gather_facts: yes roles: - roles: networking tags: - config Here is the roles/networking/tasks/main.yml file: - name: install networking packages yum: name: 'NetworkManager' state: installed tags: networking Thanks, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5db3f7bc-2241-4448-9ded-0f2e26e773a6%40googlegroups.com.
Re: [ansible-project] Not replacing invalid character(s) in group name warning
Hello, The group names by subnet will have dot. How do I change that to avoid dot characters? - Xinhuan On Saturday, December 21, 2019 at 2:27:52 AM UTC-5, Kai Stian Olstad wrote: > > On 20.12.2019 22:08, Xinhuan Zheng wrote: > >- name: Group system by subnet > > group_by: > >key: subnet_{{ansible_default_ipv4.network}} > > > > While I run my playbook, I got this error: > > > > TASK [os-networking : Group system by subnet] > > > * > > > > task path: os-networking/tasks/main.yml:24 > > Not replacing invalid character(s) "set([u'.'])" in group name > > (subnet_192.168.101.0) > > [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set > to > > allow bad characters in group names by default, this > > will change, but still be user configurable on deprecation. This feature > > will be removed in version 2.10. Deprecation warnings can > > be disabled by setting deprecation_warnings=False in ansible.cfg. > > [WARNING]: Invalid characters were found in group names but not > replaced, > > use - to see details > > > > How should I fix this warning? > > Don't use dot in group name or set TRANSFORM_INVALID_GROUP_CHARS to a > value of your choice. > > > -- > Kai Stian Olstad > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6636b7ef-f393-48de-bfa1-24b139580120%40googlegroups.com.
[ansible-project] Not replacing invalid character(s) in group name warning
Hello, I'm using Ansible group_by for networking specific information configuration. I need to use group_by to collect data values from my group_var/subnet_ file. My group_vars/subnet_192.168.101.0 matches group_by key. Here is my playbook: - name: Group system by subnet group_by: key: subnet_{{ansible_default_ipv4.network}} While I run my playbook, I got this error: TASK [os-networking : Group system by subnet] * task path: os-networking/tasks/main.yml:24 Not replacing invalid character(s) "set([u'.'])" in group name (subnet_192.168.101.0) [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [WARNING]: Invalid characters were found in group names but not replaced, use - to see details ok: [myserver] => { "add_group": "subnet_192.168.101.0", "changed": false, "parent_groups": [ "all" ] } How should I fix this warning? Thanks, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cdbb14ec-afab-4e18-b75e-e3154c235bcf%40googlegroups.com.
[ansible-project] How do I assign different variable values for different group system
Hello, I'm trying to create an Ansible role, networking, to automate /etc/resolv.conf file. I created this role like below: production networking.yml group_vars/ agroup bgroup roles/ networking/ tasks/main.yml templates/resolv.conf.j2 In my resolv.conf.j2 file, I put variables in this file: {% for item in nameserver %} nameserver {{ item }} {% endfor %} The name servers will be different for different group systems. In group_vars/agroup: --- nameservers: - 192.168.10.251 - 192.168.10.252 In group_vars/bgroup: --- nameservers: - 192.168.101.251 - 192.168.101.252 In playbook networking.yml: --- - hosts: all roles: - networking In production (inventory) file: [agroup] myserver [bgroup] myserver2 Here is command I want to use for play: $ ansible-playbook -i production networking.yml -l myserver $ ansible-playbook -i production networking.yml -l myserver2 Does above play use agroup defined nameservers for myserver, and bgroup defined nameservers for myserver2? Thank you, - Xinhuan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dcbd0424-dd54-4fe5-8de7-940a470c0476%40googlegroups.com.
[ansible-project] Re: Define global variables in ansible group_vars/all file
Hello All, I just figured out myself and I want to post it for sharing with other who would have similar issue like myself. The issue is what variable names I use in group_vars/all file. remote_user, become and become_method, are not inventory-like recognized variables, they are recognized in playbook, but not in inventory, although those variables are not put in inventory file, I believe, they are inventory variables. The correct names when putting in group_vars/all file are: --- # group_vars/all ansible_user: ansible ansible_become: true ansible_become_method: sudo - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/865c9020-02b8-4e0a-a798-57fb9e01adfb%40googlegroups.com.
Re: [ansible-project] Define global variables in ansible group_vars/all file
Hello Dick, Yes, I added -b option. That worked fine. $ ansible all -i production -u ansible -l mygroup -a "uptime" -b myserver | CHANGED | rc=0 >> 12:26:39 up 11 days, 2:40, 2 users, load average: 0.00, 0.01, 0.05 On Friday, December 6, 2019 at 12:19:50 PM UTC-5, Dick Visser wrote: > > And if you add the ‘-b’ option to that? > > On Fri, 6 Dec 2019 at 18:15, Xinhuan Zheng > wrote: > >> Hello Alicia, >> >> I just ran ad-hoc command with -u ansible parameter like below: >> >> $ ansible all -i production -u ansible -l mygroup -a "uptime" >> myserver | CHANGED | rc=0 >> >> 12:13:22 up 11 days, 2:26, 2 users, load average: 0.00, 0.02, 0.05 >> >> ansible user is defined on myserver, and it is in sudoers file in wheel >> group without password required. >> >> On Friday, December 6, 2019 at 12:10:05 PM UTC-5, alicia wrote: >>> >>> I don’t think the failure is related to using or not using “sudo”. The >>> playbook failed because Ansible could not connect to the remote machine. >>> >>> The error message: >>> >>> fatal: [myserver]: UNREACHABLE! => {"changed": false, "msg": "*Failed >>> to connect to the host via ssh*: >>> \n|Permission >>> denied (publickey,password,keyboard- >>> interactive).", "unreachable": true} >>> >>> tells you that Ansible cannot connect to ‘myserver’ over SSH. If you try >>> to connect to the target machine using SSH and the user ‘ansible’ from the >>> command line, does that work? Do you have to type in a password? If you’re >>> using SSH keys, does the ‘ansible’ user have permission to access the >>> correct key? >>> >>> See >>> https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#ssh-key-setup >>> for >>> information on setting up SSH keys. >>> >>> Hope this helps point you in the right direction. >>> >>> Alicia >>> >>> On Dec 6, 2019, at 10:44 AM, Xinhuan Zheng wrote: >>> >>> Hello, >>> >>> >>>> It's not necessary to use the "vars:" directive in the files. >>>> See "Organizing host and group variables" >>>> >>>> https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables >>>> >>>> >>>> # group_vars/all >>>> remote_user: ansible >>>> become: yes >>>> become_method: sudo >>>> >>>> Cheers, >>>> >>>> -vlado >>>> >>> >>> I changed per advice. Here is my changed file: >>> >>> --- >>> # group_vars/all >>> >>> remote_user: ansible >>> become: yes >>> become_method: sudo >>> >>> However, this doesn't work either. I got same Permission Denied error >>> like my previous run >>> >>> - Xinhuan Zheng >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ansible...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com?utm_medium=email_source=footer> >>> . >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com?utm_medium=email_source=footer> >> . >> > -- > Sent from a mobile device - please excuse the brevity, spelling and > punctuation. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/595e0e94-ee0a-4f81-b7cb-9de6c34b366f%40googlegroups.com.
Re: [ansible-project] Define global variables in ansible group_vars/all file
Hello Alicia, I just ran ad-hoc command with -u ansible parameter like below: $ ansible all -i production -u ansible -l mygroup -a "uptime" myserver | CHANGED | rc=0 >> 12:13:22 up 11 days, 2:26, 2 users, load average: 0.00, 0.02, 0.05 ansible user is defined on myserver, and it is in sudoers file in wheel group without password required. On Friday, December 6, 2019 at 12:10:05 PM UTC-5, alicia wrote: > > I don’t think the failure is related to using or not using “sudo”. The > playbook failed because Ansible could not connect to the remote machine. > > The error message: > > fatal: [myserver]: UNREACHABLE! => {"changed": false, "msg": "*Failed to > connect to the host via ssh*: > \n|Permission > denied (publickey,password,keyboard- > interactive).", "unreachable": true} > > tells you that Ansible cannot connect to ‘myserver’ over SSH. If you try > to connect to the target machine using SSH and the user ‘ansible’ from the > command line, does that work? Do you have to type in a password? If you’re > using SSH keys, does the ‘ansible’ user have permission to access the > correct key? > > See > https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#ssh-key-setup > for > information on setting up SSH keys. > > Hope this helps point you in the right direction. > > Alicia > > On Dec 6, 2019, at 10:44 AM, Xinhuan Zheng > wrote: > > Hello, > > >> It's not necessary to use the "vars:" directive in the files. >> See "Organizing host and group variables" >> >> https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables >> >> >> # group_vars/all >> remote_user: ansible >> become: yes >> become_method: sudo >> >> Cheers, >> >> -vlado >> > > I changed per advice. Here is my changed file: > > --- > # group_vars/all > > remote_user: ansible > become: yes > become_method: sudo > > However, this doesn't work either. I got same Permission Denied error like > my previous run > > - Xinhuan Zheng > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible...@googlegroups.com . > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com > > <https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com?utm_medium=email_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44684370-2c51-468b-9165-feb6ec743eca%40googlegroups.com.
Re: [ansible-project] Define global variables in ansible group_vars/all file
Hello, > It's not necessary to use the "vars:" directive in the files. > See "Organizing host and group variables" > > https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#organizing-host-and-group-variables > > > # group_vars/all > remote_user: ansible > become: yes > become_method: sudo > > Cheers, > > -vlado > I changed per advice. Here is my changed file: --- # group_vars/all remote_user: ansible become: yes become_method: sudo However, this doesn't work either. I got same Permission Denied error like my previous run - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c0f93f0f-315a-47f5-a645-17a35bd7ae82%40googlegroups.com.
[ansible-project] Define global variables in ansible group_vars/all file
Hello, I followed Ansible best practice to create my ansible automation directory structure like following: group_vars group_vars/all host_vars os.yml production roles roles/os-issue Since I'm using ansible user as a remote user, and sudo method to escalate its privileges globally, I want to define this in group_vars/all file. Here is what I define in group_vars/all directory: --- # group_vars/all vars: - remote_user: ansible - become: yes - become_method: sudo However, when I ran my playbook, I'm still getting Permission Denied error: ansible-playbook -i production os.yml -l Cluster1 -v Using /etc/ansible/ansible.cfg as config file PLAY [all] TASK [Gathering Facts] fatal: [myserver]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: \n|Permission denied (publickey,password,keyboard-interactive).", "unreachable": true} PLAY RECAP myserver : ok=0changed=0unreachable=1failed=0 skipped=0rescued=0ignored=0 Here is my os.yml playbook: --- # file: os.yml # This playbook file is to configure operating system after kickstarting - hosts: all roles: - role: os-issue It is to set /etc/issue file for remote myserver. Please advise me how I can define global variables in group_vars/all file. Thank you, - Xinhuan Zheng -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/43c05320-4326-4a0a-9fef-fd54f1d9bb3f%40googlegroups.com.