Re: [ansible-project] Get "Could not find the requested service" when trying to restart httpd; but it is installed

[Dick Davies]

Could not find the requested service ['httpd']: host"}

looks to me like your issue is in the playbook., You're passing an
array ( 'services' ) in as the service name, ansible is treating that
as a length 1 array
rather than just a string. Replace the "{{ services }}" with just :
httpd and I bet it works.
On Thu, 15 Nov 2018 at 13:17, Sean Hederman  wrote:
>
> The pid file is at
>
> /var/run/httpd/httpd.pid
>
>
> How would I check where the stop script expects it to be?
>
>
> On Thursday, November 15, 2018 at 10:47:47 AM UTC, Karl Auer wrote:
>>
>> This is almost certainly to do with the PID file.
>>
>> Check that it is where the stop script expects it to be.
>>
>> Regards, K.
>>
>>
>> On Thu, Nov 15, 2018 at 9:44 PM Sean Hederman  wrote:
>>>
>>> - name: Restart Apache
>>> service:
>>> name: "{{ services }}"
>>> state: restarted
>>> enabled: yes
>>> become: true
>>> vars:
>>> services:
>>> - httpd
>>>
>>> Have tried variants with different states, enabled, become. All fail with 
>>> exact same error:
>>> amzn-build: TASK [web_server : Restart Apache] 
>>> * amzn-build: fatal: 
>>> [127.0.0.1]: FAILED! => {"changed": false, "msg": "Could not find the 
>>> requested service ['httpd']: host"}
>>>
>>> Logging onto the instance and running:
>>>
>>> sudo service httpd restart
>>>
>>> Stopping httpd:[FAILED]
>>>
>>> Starting httpd:[  OK  ]
>>>
>>>
>>> Vanilla Amazon 2018.03 image with ansible installed via pip
>>>
>>> I cannot see why ansible would report that httpd does not exist when it 
>>> patently does
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/99d478d2-10a7-449a-b573-b3a83e308232%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>> --
>> Karl Auer
>>
>> Email  : ka...@2pisoftware.com
>> Website: http://2pisoftware.com
>>
>> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
>> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/fb53b56c-a863-4538-93f0-00d7a6a63ffd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRDiRUeHfWmnr1qfCLqjNYK2NKMLX0Yu0iTRatL7PAwMA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] how to use systemd to start my custom service

[Dick Davies]

 "msg": "Failed to get D-Bus connection: Operation not permitted",

you're not running ansible with high enough privileges. try a become:
yes somewhere in there.
On Thu, 15 Nov 2018 at 02:47, Ronnie10  wrote:
>
> Hi all,
>
> I am trying to setup zookeeper using ansible with docker, I have copied the 
> zookeeper.service to /usr/lib/systemd/system, however when I run molecule 
> test to test my ansible code, it always fail.
>
> My zookeeper.service looks like following:
> [Unit]
> Requires=network.target remote-fs.target
> After=network.target remote-fs.target
>
> [Service]
> Type=simple
> #User=kafka
> ExecStart=/opt/kafka_2.11-2.0.0/bin/zookeeper-server-start.sh 
> /opt/kafka_2.11-2.0.0/config/zookeeper.properties
> ExecStop=/opt/kafka_2.11-2.0.0/bin/zookeeper-server-stop.sh
> Restart=on-abnormal
>
> [Install]
> WantedBy=multi-user.target
>
>
> My ansible script as follow:
> ---
> - name: Check if Zookeeper service file exists
>   stat:
> path: /usr/lib/systemd/system/zookeeper.service
>   register: zookeeper_service_exist
>
> - name: Copy zookeeper service file to /usr/lib/systemd/system/
>   copy:
> src: files/zookeeper.service
> dest: /usr/lib/systemd/system/
> mode: 0755
>   when: not zookeeper_service_exist.stat.exists
>
> - name: Start Zookeeper service if not started
>   systemd:
> name: zookeeper
> state: started
>
> I always receive the following error:
>fatal: [kafka-deploy]: FAILED! => {
> "changed": false,
> "cmd": "/bin/systemctl",
> "invocation": {
> "module_args": {
> "daemon_reload": false,
> "enabled": null,
> "force": null,
> "masked": null,
> "name": "zookeeper",
> "no_block": false,
> "scope": null,
> "state": "started",
> "user": null
> }
> },
> "msg": "Failed to get D-Bus connection: Operation not permitted",
> "rc": 1,
> "stderr": "Failed to get D-Bus connection: Operation not permitted\n",
> "stderr_lines": [
> "Failed to get D-Bus connection: Operation not permitted"
> ],
> "stdout": "",
> "stdout_lines": []
> }
>
> Hope someone can help me with this.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/f26fab5c-e7c7-4ebd-a5af-b46a012cb211%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRAZvnkRYWZS0HWfdS-bP%2B%2BizeSpXoxiKK5wM_-R_CF6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Set AWS Hostname

[Dick Davies]

You have a YAML nesting mistake - Ansible is reading your register: as
a property of the task,
rather than at the same level as the task.
Your 'with_items:' on the next task has the same issue.

On 16 November 2017 at 09:33, Byym Reddy  wrote:
> I'm using ansible to create aws instances. I want to set the hostname of the
> instance created. The scripts available around have deprecated tags.
> 'register' is no more a supported parameter with ec2. Below my sample
> script. In turn, add_host doesn't work. How to set hostname with ansible
> script? Any help appreciated.
>
> ---
> - name: Provision Instance
>   ec2:
>  aws_access_key: "{{ key1 }}"
>  aws_secret_key: "{{ key2 }}"
>  key_name: "{{ key }}"
>  instance_type: "t2.micro"
>  image: "ami-ccecf5af"
>  region: "ap-southeast-2"
>  group: "SERVERS_PROD"
>  state: present
>  #zone: 1
>  vpc_subnet_id: "subnet-4"
>  instance_tags:
>   Name: Sample
>   Env: production
>   Owner: Company
>   InstanceDescription: Sample Company
>   CreatedBy: John
>   ManagedBy: Logistics
>  #ebs_optimized: yes
>  assign_public_ip: no
>  wait: true
>  count: 1
>  volumes:
>  - device_name: /dev/sda1
>device_type: gp2
>volume_size: "20"
>delete_on_termination: true
>  - device_name: /dev/sdf
>device_type: gp2
>volume_size: "10"
>delete_on_termination: true
> register:ec2
>
> - name: Add new instance to host group
>   add_host:
>  hostname: "A01LPBSIM01"
>  groupname: SERVERS_PROD
>  with_items: "{{ ec2 }}"
>
>
> fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported
> parameters for (ec2) module: register
>
> Supported parameters include: assign_public_ip, aws_access_key,
> aws_secret_key, count, count_tag, ebs_optimized,
>
> ec2_url, exact_count, group, group_id, id, image, instance_ids,
> instance_initiated_shutdown_behavior,
>
> instance_profile_name, instance_tags, instance_type, kernel, key_name,
> monitoring, network_interfaces,
>
> placement_group, private_ip, profile, ramdisk, region, security_token,
> source_dest_check, spot_launch_group,
>
> spot_price, spot_type, spot_wait_timeout, state, tenancy,
> termination_protection, user_data, validate_certs,
>
> volumes, vpc_subnet_id, wait, wait_timeout, zone"}
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9d5070ae-07b2-4e94-ad5a-08db2b9b4058%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRX_qKg9WcaNcUswnGoePmmUYvBNdE4Ry2ObrSsOVKn1g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible service module

[Dick Davies]

Look at the wait_for module, it should be able to help you if you need
to, uh, wait for a specific state.

On 13 November 2017 at 07:27, Harish Singh <08harishsi...@gmail.com> wrote:
> Hey !!
>
> If I am working with ansible service module, if in case my tomcat take time 
> more then min. Or 2 min. How can I verify if my service stop only then next 
> step will run. ??
>
> Or service module can take care this will hold till services not stopped. ??
>
> Live env took time so not able to test please verify
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/4fb1c6f9-d7ed-4784-99b7-8cca80ba66e9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTSeextaMtD5A7hdS5zdYCoemBFDR8kx2Qzq0UxEQrgKA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible playbook xml module - error when using in task

[Dick Davies]

If you just create a library/ folder and put the xml module in there,
it'll work.

We've been using the xml module since 2.0 this way, it works fine.

On 2 October 2017 at 16:04, Sivakumar Lakshminarayanan
 wrote:
> Sorry missed to see that, my bad.
> Bad luck in our office repository we will have ansible 2.3* only.
>
> Thanks
>
>
> On Sunday, October 1, 2017 at 7:23:48 PM UTC+8, Andreas Olsson wrote:
>>
>> lör 2017-09-30 klockan 22:41 -0700 skrev Sivakumar Lakshminarayanan:
>> > When trying ansible xml module...
>> > ...
>> > ...
>> > ansible 2.3.1.0
>>
>> According to https://docs.ansible.com/ansible/latest/xml_module.html
>> the xml module wasn't introduced until Ansible 2.4.
>>
>> // Andreas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/15f6efc4-fc9e-4f66-aeaa-4fa408d0032f%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSKALS0Z6ssRF5bXJ18Y3KyBoO1ZN0n9Fi9OirE1ZgOYg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] yum module localinstall many rpms from directory possible?

[Dick Davies]

That's fine, look at with_items to get it all done in a single yum transaction.

On 21 September 2017 at 19:51, daddyocruzer  wrote:
> Hello
>
> tasks:
>   - name:  yum local install
> yum:  name=/sharedfilesystem/*.rpm  state=present
>
> Our team has several environments that lead up to our production
> environment, so patches must be applied and tested in one environment at a
> time (as they exist at a specific version 'point-in-time') so I can't do a
> blind yum update latest in our production environment -- therefore, I
> download the latest available at a point-in-time and apply them to each
> environment only once testing has succeeded in the previous environment.
>
> Can ansible yum module help 'localinstall' patches that have been
> pre-downloaded?   (I've only seen yum module work with a single rpm)
>
> Maybe should be using command instead of yum module?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/103e0a52-c075-4f66-9764-ae1f3372f77c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRbvzovV9PXrM%3DeqVerLdmrjstfdkohMUwV3pLave_BHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Where to put environnement specific config files to copy (not templated)

[Dick Davies]

What about something like:

copy:
  src: "{{ env }}/config/httpd.conf"
  dest: /etc/httpd/httpd.conf


and then just set env: production
in production/group_vars/all

?

(there are a few ways to calculate the 'env' var based on inventory etc. but
they're a bit arcane IMO. Better to be explicit.)


On 13 September 2017 at 10:46, Julien Musat  wrote:
> Hi,
>
> My ansible project is multi env. I managed to put each inventory file in a
> separate directory (as advise in ansible best practices :
> http://docs.ansible.com/ansible/latest/playbooks_best_practices.html#alternative-directory-layout)
>
> I have a question regarding env specific config file. For instance if I want
> to copy a specific httpd.conf config file (apache) per env on the remote
> hosts, assuming I don't want to use a template so I want to copy those files
> as is.
>
> Currently I put them like this :
>
> inventories/
>production/
>   files/
> configs/
>   httpd.conf
>   hosts
>   group_vars/
>  group1
>  group2
>   host_vars/
>  hostname1
>  hostname2
>
>staging/
>   files/
> configs/
>   httpd.conf
>   hosts
>   group_vars/
>  group1
>  group2
>   host_vars/
>  stagehost1
>  stagehost2
>
> Is there a recommendation where to put those configs files ?
>
>
>
> This message may contain confidential information intended only for use by
> the addressee. If you received it by mistake, please notify us immediately
> by phone or e-mail, delete it and do not forward it to anyone.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8058e298-025e-4020-8264-7cf315043375%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRRQdcs5B850A1%3D%2Br4FbuLq-ksKdcsGKnYr72ndbafnRA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Running tasks in parallel in a playbook

[Dick Davies]

http://docs.ansible.com/ansible/latest/playbooks_loops.html#looping-over-a-list-with-an-index

On 7 September 2017 at 19:14, Giovanni Gaglione
 wrote:
> I basically need the index of the current hostname, but I can't find a way.
> {{ groups['browsers'].index(inventory_hostname) }} will return always the
> same index (because the hostname is always the same).
>
> I couldn't find any other way. Do you know if the API offers something more
> appropriate? Still doing research...
>
> On Thursday, September 7, 2017 at 7:17:08 PM UTC+2, Giovanni Gaglione wrote:
>>
>> Hi Jesse,
>>
>> Could you make an example of this solution?
>>
>> My scenario is like the following:
>>
>> [myhost]
>> 192.168.1.1
>> 192.168.1.1
>> 192.168.1.1
>> 192.168.1.1
>> 192.168.1.1
>> 192.168.1.1
>> 192.168.1.1
>>
>> But then, when ansible iterates over these host, I would like to have a
>> unique name of the host (example `192.168.1.1-3th`). It seems there is not
>> way to get the index of the host.
>>
>> Any suggestion?
>>
>> On Tuesday, September 3, 2013 at 6:33:39 AM UTC+2, Jesse Keating wrote:
>>>
>>> On Aug 28, 2013, at 9:52 AM, CS  wrote:
>>> >
>>> > Thanks for the response. I thought of using bash `wait` and a script,
>>> > but I would like to stay in Ansible as much as possible.
>>> >
>>> > My use case is that there are multiple "slow enough" independent tasks
>>> > that happen on a host, but I can't fire and forget because I need to know
>>> > that they either succeed or fail. That seems like a pretty common use 
>>> > case,
>>> > and I have other things too that would benefit from this kind of
>>> > parallelism, but maybe I'm using Ansible in a non-standard way. In this
>>> > case, I'm installing N (2 or 3 for now) python virtualenvs for independent
>>> > services on a single host, each of which takes about 5 minutes to install.
>>> > I'd love to have developers wait 5 minutes rather than 5N minutes for that
>>> > part of the installation, and there are other tasks too that nothing else
>>> > depends on but that need to be reported as succeeding or failing.
>>> >
>>> > Are there any other approaches I might consider using Ansible apart
>>> > from moving all the parallel tasks into a script?
>>>
>>> What I've done to accomplish this is to create fake inventory entries,
>>> one entry per action I want to do in parallel. Then I have a play that works
>>> over this group of "hosts" to execute the action(s) I want done, all
>>> delegated to localhost.
>>>
>>> This kicks in Ansible's forking and lets the tasks run in parallel.
>>>
>>> -jlk
>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/76c1c632-7921-4fa3-97ce-77d9e27d475d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQ6yNFJfTmrwhTd0-%3DwwV75gQh59cbJx3VjXEj9OV%2B%3DGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Best practice for cluster nodes

[Dick Davies]

Have you seen the serial: argument to plays?


http://docs.ansible.com/ansible/latest/playbooks_delegation.html#rolling-update-batch-size

That's intended for working on a 'chunk' of N servers in a given group at once.

On 6 September 2017 at 13:00, Cev Ing  wrote:
> I have several clusters containing several nodes. I want to run
> configuration jobs on all cluster nodes. The configuration jobs involve a
> small down time of the cluster node. I have to take care, that at least a
> minimum number of nodes in each cluster is still running. What is the best
> practice to achieve this?
>
> I found an option in Ansible to limit the total number of simultaneous
> connections. But this does not help, because I need simultaneous connections
> per cluster.
>
> Another way is to put all nodes of each cluster in groups: First the group
> of all first cluster members, second the group of all second cluster members
> and so on. This would make it possible to apply the configuration role to
> each group. But this is still not exactly what I am looking for, because
> this serializes the cluster nodes more than necessary. If I have 10 nodes
> per cluster and I want to keep at least 50% of all nodes running, it would
> be possible for Ansible to process 5 nodes in parallel.
>
> What is the best practice for Ansible to handle cluster nodes?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/adb8ddab-4973-41a9-91e9-519d9777e92f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQBwM-OXVU5kAHzgGfz-94sZsuLanEwb0G1eds%3DyYeCkw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Need to chat off-forum

[Dick Davies]

This is currently an opinion argument, and you need to turn it into a
numbers argument. It's the only way to get past egos.

If a team deliver what they're asked to do on spec and on time, I
personally don't care what tooling they use, whether it's ansible or
hand-crafted.

If they're delivering late or low quality, start quantifying that and
maybe trial some automation, then compare the outputs.

On 25 August 2017 at 20:23, Adam Shantz  wrote:
> I agree, they shouldn't be in power.  Alas, it's the situation I'm in, and
> I'm not a Director/VP.  The people I refer to are system engineers.  My
> thought is they are comfortable being the only people with root access (even
> though I've managed to get Ansible setup with some level of root
> privileges), and see it as a job security threat to allow other people such
> access.  The other "reason" I've received is that any mature organization
> has "division of duties" to ensure no one person has too much power.  Which
> is true, but I'm trying to ensure business continuity without having to
> remember (and make manual changes) to systems that have special
> customizations.  I've tried to explain that as the platform & business
> owner, I'm the one that has to answer when things go wrong.  I also have a
> proven track record of including people in decisions, but it seems like a
> control thing.  I just want consistent, reliable, repeatable upgrades.
>
> Adam
>
>
>
>
> On Friday, August 25, 2017 at 3:06:45 PM UTC-4, Karl Jorgensen wrote:
>>
>> On Fri, 2017-08-25 at 11:08 -0700, Adam Shantz wrote:
>>
>> Hi all -
>>
>> I have some difficult people in my organization that are in positions of
>> power that think that just because doing something manually "isn't very
>> hard", it shouldn't be automated.  For example, clone of VMs from templates,
>> setting up sshd_config, etc.
>>
>>
>> Hm... such people should not be in power - perhaps if we knew more about
>> their reasoning for this attitude then the list may be useful in proposing
>> lines of arguments to convince them?
>>
>> Is there anyone out there that would be willing to exchange emails (so I'm
>> not airing dirty laundry publicly) to trade ideas on how to deal with these
>> difficult situations?  Bonus if you're in/near the DC or Virginia, USA area.
>>
>>
>> By the little you have revealed, I doubt they would be receptive from
>> advice from a random stranger :-|
>>
>>
>>
>> --
>>
>> Karl E. Jorgensen 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bbcecd70-aae7-4274-a6f7-b8e21ea3f497%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQ%2BTEcCZqUuE78fPpqGLLc_Y2%3DWRBRYVXY%2BMQJwbnbEEg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Inventory

[Dick Davies]

You want group vars (unless your windows and linux hosts are in the same group,
but unless you're applying the same roles to both you probably don't
have that.).

http://docs.ansible.com/ansible/latest/intro_inventory.html#splitting-out-host-and-group-specific-data

On 27 August 2017 at 17:08, Sanju  wrote:
> Hello Folks,
>
> My Inventory has a mix of Linux and windows hosts. Under every group i dont
> want to pass the connection information like ansible_connection=winrm,
> ansible_port=5986 etc.. I want to have a standard location for the
> connection information and I dont want to pass connection info for every
> group as my inventory will have hundreds of groups?
>
> [xxx]
> linux.com ansible_connection=ssh
> windows.com ansible_connection=winrm
>
> What can I do to address this situation?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9326b40c-c2fe-4879-a867-5f37ecbe9c8c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQ464Vo%3DeR1tePJC1pc5hTYe7LoiNAavhgeByuQgOqz4A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] My first steps: apt module

[Dick Davies]

Old version? http://docs.ansible.com/ansible/latest/apt_module.html says:

"autoremove
(added in 2.1)"

On 24 July 2017 at 12:48, Peter Kaagman  wrote:
> Hi there group,
>
> I'm making my first baby steps with ansible. After fooling around with
> ad-hoc command I thought I'd make the steps to playbooks. Looks promissing
> :D
> Ultimate goal is managing my switches, have been playing around with my
> Ubuntu systems thought. Thought I'd automate my update cyle... wrote a
> playbook for it (with help from severall posts I found on the web:
>
> ---
> - hosts: somehost
>   tasks:
> - name: Update and upgrade
>   become: true
>   apt:
> upgrade: safe
> update_cache: yes
> autoremove: yes
>
>
> this playbook breaks on the autoremove... and I can't figure out why
>
> PLAY
> ***
>
> TASK [setup]
> ***
> ok: [somehost]
>
> TASK [Update and upgrade]
> **
> fatal: [somehost]: FAILED! => {"changed": false, "failed": true, "msg":
> "unsupported parameter for module: autoremove"}
>
> PLAY RECAP
> *
> somehost: ok=1changed=0unreachable=0failed=1
>
>
> When I look at the documentation for the APT module "yes" seems to be a
> correct vallue for autoremove.
>
> Had a simular issue with "upgrade", but this was resolved by installing
> "aptitude" on the remote host. Allso made sure I've got "python-apt"
> installed.
>
> Any help would be apreciated :D
>
> Peter
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/cbb1e9da-b14b-4d0f-94b1-c47dd038a94b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRqLb1vsYfvqLK6pUTABx%2BQUTD%3DN30KKb19hFxKA6cCXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Using Pathword Authentication to run a Playbook

[Dick Davies]

What about not putting the users keys onto the production servers?

On 21 July 2017 at 17:21, JS  wrote:
> Hello!
>
> I have a single playbook that with various plays in it.
>
> It goes out to different environments, either dev, uat, or prod (based on
> the --extra-vars input by the user deploying the playbook).
>
>
> i.e. ansible-playbook -i hosts deploy.yml --extra-vars "env=uat"
>
>
> Is there anyway I can set the ansible-playbook to require a password if a
> user selects the prod environment?
>
> They should be allowed to deploy to dev and uat without any authentication
> or passwords.
>
> Thanks
> JS
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ee982bf7-dc4d-4555-9f1a-e46af6e2afdb%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSmq-%2Bk5zta%2BLHj7W3emNZ5j-b%2BLEQz73CoD%3D94eszZBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] /etc not writable

[Dick Davies]

Nope, that's super bad. I thought you didn't have root access?

On 22 July 2017 at 13:06, Yuriy Buha  wrote:
> Hi Fayad.
>
> Thank you for the quick reply.
> I tried to create the file in user's home directory, and then move to the
> /etc, but then i would get a permission error moving the file to that
> directory.
> It worked after i changed the ownership of /etc from root to the user, but
> i'm not sure if that's a proper way to do. Is it ok for the /etc directory
> to be owned by the user but not root?
>
> thank you
>
> On Friday, July 21, 2017 at 9:38:49 AM UTC-4, Fayad wrote:
>>
>> Try these options
>>
>> Copy the file to the sudo user's home directory or any other directory
>> where the user has got permission.
>>
>> Or
>>
>> Increase the permissions of the destination directory so that user can
>> write into that directory.
>>
>>
>>
>> Fayad
>>
>> Sent from my OnePlus One
>>
>> On 21-Jul-2017 6:33 PM, "Yuriy Buha"  wrote:
>>>
>>> Hello.
>>>
>>> I have similar case, and i get this error, but i do need to create it as
>>> sudo user. I do not have root privilege.
>>> Can someone please advise?
>>>
>>> Thank you
>>>
>>> On Friday, May 6, 2016 at 11:44:08 AM UTC-4, Kai Stian Olstad wrote:

 On 06. May 2016 14:46, Sanjay Kumar wrote:
 > I am not able copy to remote host, getting not writable error, my
 > playbook
 > is here.
 >
 > ---
 >  - hosts: all
 >become: yes
 >become_user: sanjay
 >become_method: sudo
 >tasks:
 >  - name: copy some file
 >copy: src=/home/sanjay/messages dest=/etc

 become_user: sanjay, means Ansible will do a sudo to user sanjay. So
 sanjay need permission to the destination.

 I guess what you really want is become_user: root , which is the
 default.

 --
 Kai Stian Olstad
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/d2d870d5-5ff6-4503-9096-0e4a183ae6eb%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/78612bcc-e25c-4ee5-9dd0-d5e833a3a696%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTD6FK4Z5V58Wxv-dYjVfQ9BfvzWSRoLtYHJyOpjivf5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Playbook Failys atc copying ssh keys

[Dick Davies]

sudo ansible-playbook .

will work but then you're running the whole play as local root, which
feels wrong.

I can't think why you'd want to do that, if you aren't making changes
to that host.

In this example you're shipping public keys, there's no downside to having them
locally (or better still version controlled, so you remove a
particular workstation
 as a single point of failure).


On 14 July 2017 at 16:56, Anfield  wrote:
> Thanks. So its clear why this didnt work. Can I ask you how I can tell the
> playbook to switch to root to execute the commands on the localhost with
> escalated privileges?
>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d78ee2c5-e7ed-44cc-b7a6-b128b2cb583b%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTc%3DPvokzN2_MuGVBazjAE9kUDhT3_V%3Dd-TmxxaPkU9Kw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Playbook gives inconsistent results

[Dick Davies]

There's no way to figure out what's happening from just that description,
did you provide a test case on github?

On 14 July 2017 at 14:07, MKPhil  wrote:
> I've got a multi-task playbook - if I run it against Servers A & B, all
> tasks run for both servers.  If I run it against just B it fails at the
> first task and stops.
>
> My view is if you run a playbook against a server you should get consistent
> results.
>
> I raised this as a Bug in GitHub but it was closed as "That's the way it
> is".  No disrespect to the Dev who closed that but I want to get other
> opinions on this.
>
> MKPhil
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/930c1eb9-3f84-483f-968c-763e7a520e83%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRZOGDHXR26K9521cn3C8CrxGKpEuvehCr-4tuyH%3DhCdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Host: command output differs on localhost and FQDN

[Dick Davies]

It'll be a path thing most likely. It's in your path on localhost, and
not on the account you're using remotely.

On 13 July 2017 at 22:05, Listing  wrote:
> Hi,
>
> I am trying to run the following playbook:
>
> ---
> - hosts: mymachine.lan
>   become: true
>   tasks:
>   - name: shell
> shell: "ambari-server status"
>
> The problem is that this results in the following output:
>
> [ansi...@mymachine.lan ~]$ ansible-playbook shell.yml
>
> PLAY [mymachine.lan] *
>
> TASK [setup]
> ***
> ok: [mymachine.lan]
>
> TASK [shell]
> ***
> fatal: [mymachine.lan]: FAILED! => {"changed": true, "cmd": "ambari-server
> status", "delta": "0:00:00.026757", "end": "2017-07-13 22:58:27.428523",
> "failed": true, "rc": 127, "start": "2017-07-13 22:58:27.401766", "stderr":
> "/bin/sh: ambari-server: command not found", "stdout": "", "stdout_lines":
> [], "warnings": []}
>
> PLAY RECAP
> *
> mymachine.lan: ok=1changed=0unreachable=0failed=1
>
> So this fails because of 'command not found'. But when I change the host to
> 'localhost', it suddenly works:
>
> ---
> - hosts: localhost
>   become: true
>   tasks:
>   - name: shell
> shell: "ambari-server status"
>
> It now finds the command without any problems:
>
> TASK [shell]
> ***
> fatal: [localhost]: FAILED! => {"changed": true, "cmd": "ambari-server
> status", "delta": "0:00:00.561205", "end": "2017-07-13 23:01:16.929830",
> "failed": true, "rc": 3, "start": "2017-07-13 23:01:16.368625", "stderr":
> "", "stdout": "Using python  /usr/bin/python\nAmbari-server status\nAmbari
> Server not running. Stale PID File at:
> /var/run/ambari-server/ambari-server.pid", "stdout_lines": ["Using python
> /usr/bin/python", "Ambari-server status", "Ambari Server not running. Stale
> PID File at: /var/run/ambari-server/ambari-server.pid"], "warnings": []}
>
> Can someone shine some light on this? Is there an obvious reason why the
> command is not being found? :-)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6102753f-a939-47d1-8a13-e0b272944cc8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTsBD0USAdK8mJPW9T5CvYM8JRo6iKRMehEe3yZPdqMtA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Playbook Failys atc copying ssh keys

[Dick Davies]

Copy the public keys into the playbook directory.

On 12 July 2017 at 19:11, Anfield  wrote:
> How would I get around this issue on the localhost? I tried adding
> become_user: root and that didnt work either
>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRw_hoA%3D4kFOb8nN_wjE7GkXfpa15cb6E3eujn-dXLaZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Playbook Failys atc copying ssh keys

[Dick Davies]

It's this part:

- name: Copy ths ssh public key into the authorized key dir on the
remote host
copy
src: "/home/{{item}}/.ssh/id_rsa.pub"

are the public keys at those paths on the Ansible host?

On 8 July 2017 at 19:18, Anfield  wrote:
>
> I have the below playbook. Created ssh keys for dave on the localhost
> (ansible master) and trying to create some users, groups and copy over ssh
> keys for some users all in the playbook.
>
> All works well until the copying over ssh keys part. Ive confirmed the
> directory and public key exists for dave on the localhost..and the playbook
> created /home/dave/.ssh on the remote host
>
> Not sure why this would fail?
>
> Playbook output -
> TASK [Copy ths ssh public key into the authorized key dir on the remote
> host] 
> failed: [10.10.0.5 -> localhost] (item=frank) => {"failed": true, "item":
> "frank", "msg": "Unable to find '/home/frank/.ssh/id_rsa.pub' in
> expected paths."}
> failed: [10.10.0.5 -> localhost] (item=joe) => {"failed": true, "item":
> "joe", "msg": "Unable to find '/home/joe/.ssh/id_rsa.pub' in
> expected paths."}
> ...ignoring
> failed: [10.10.0.5 -> localhost] (item=dave) => {"failed": true, "item":
> "dave", "msg": "Unable to find '/home/dave/.ssh/id_rsa.pub' in
> expected paths."}
>
> Playbook -
> [ansible@localhost playbooks]$ vi userscreate.yml
>  - hosts: 10.10.0.5
>   become: yes
>   vars:
>  grouplist:
> - devops
> - dbadbmins
> - serveradmins
>
>  users:
> - frank
> - joe
> - dave
>
>   tasks:
> - name: Create groups
>   group:
> name: "{{ item }}"
> state: present
>   with_items: "{{grouplist}}"
>   ignore_errors: yes
>
> - name: Create users
>   user:
> name: "{{ item }}"
> state: present
>   with_items: "{{users}}"
>
> - name: create the users .ssh directories
>   file:
> path: "/home/{{item}}/.ssh"
> state: directory
> owner: "{{item}}"
> group: "{{item}}"
>   register: user_dirs
>   with_items: "{{users}}"
>
> - name: Copy ths ssh public key into the authorized key dir on the
> remote host
> copy
> src: "/home/{{item}}/.ssh/id_rsa.pub"
> dest: "/home/{{item}}/.ssh/authorized_keys"
> owner: "{{item}}"
> group: "{{item}}"
>   with_items: "{{users}}"
>   ignore_errors: true
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/520fbfe4-625e-4f36-96f7-06d5d26a8007%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTQ5pjQj%3DuiC%2Bq8xqzbJgUKE7ueaeMkqs0eC3h92zBwAQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Add role dependency to another role without it being executed automatically

[Dick Davies]

It doesn't sound like you want a dependency at all.

Why not just stick the slack tasks in the relevant roles?
You're losing a lot of clarity trying to use a role to save a bit
of typing, and from the look of that gist you aren't even saving
much typing :)

On 7 July 2017 at 20:08, Lee Connell  wrote:
> Hi all,
>
> I have a role that has a dependency on another role, however by default,
> Ansible will execute the dependency first. In my case, I do not want this to
> happen. I don't want the role executed automatically at all. The role that
> is requiring this dependency will call it on its own within it's own tasks.
> Right now, I am checking if a variable is defined, and if it is, then the
> tasks within the dependent role will run, but you still see the task line
> item in the playbook output. I would like to avoid it attempting to execute
> it altogether.
>
> https://gist.github.com/lconnell/dfb1dc5383517b3bdd9c4832ae9027e2
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/82198539-1af4-4885-8254-ae9788b9d85b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTNcibS6t92e1rEm%3DYiAqV6GvfYU0h66fDrw4tehT0NFQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Is splitting of the inventory possible?

[Dick Davies]

If you have 250 hosts with the same roles applied to them,
then yes I'd go with that.

You can make the inventories less huge depending on your naming convention
by using regexes , e.g.

[webservers]
www[01:250].example.com

Or if you'd rather you can have multiple static inventory files in a single
inventory folder, that works too. Ansible loads them all to get the
list of hosts,
so that might fit better with what you're trying to do.


On 6 July 2017 at 08:24,  <thomas.lehm...@adtech.com> wrote:
> We have that but it does not answer my question. We still would have one
> inventory file with all hosts for 1000 projects per qa, dev and prod, right?
> (we have less than 1000 ... is just a forced example)
>
> Is it possible to organize ... that OPS can "walk" all hosts also the
> repository has - if possible - splittet all details per team (or per
> component) - for
> better readability without being forced to run the playbook several times?
>
> On Thursday, July 6, 2017 at 8:50:27 AM UTC+2, Dick Davies wrote:
>>
>> Try setting up one inventory for QA, another for DEV, and a third for
>> production.
>> You can use the same playbooks with different inventories so it'll keep
>> the
>> environments isolated but you'll get better consistency between each env.
>>
>> On 6 July 2017 at 07:36,  <thomas@adtech.com> wrote:
>> > Hi,
>> >
>> > assume we would have 1000 projects in a big company and an OPS guys
>> > tells us to copy every detail for provisioning for qa, dev and prod in
>> > one
>> > repository. Some told arguments:
>> >
>> > just to clone one repository
>> > all Unix machines require a basic setup and therefore the concrete
>> > inventory
>> > file has to have all hosts and roles
>> > (the intention is to maintain the host names at multiple locations)
>> >
>> > a) Is this the way to go or is there a better solution?
>> > b) when a) could you please provide examples (url's) where to read?
>> >
>> > Kind Regards,
>> > Thomas
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/54c81f68-5bd5-451e-9194-e68c7ed9cac9%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/17c6a4f9-53ed-42ae-a7f9-f66f81ff59a8%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRgJUmn6N-%2BvFo%2B_se6krpHFZoD-b%2BBWq3SsR3Y1ZpXLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Is splitting of the inventory possible?

[Dick Davies]

Try setting up one inventory for QA, another for DEV, and a third for
production.
You can use the same playbooks with different inventories so it'll keep the
environments isolated but you'll get better consistency between each env.

On 6 July 2017 at 07:36,   wrote:
> Hi,
>
> assume we would have 1000 projects in a big company and an OPS guys
> tells us to copy every detail for provisioning for qa, dev and prod in one
> repository. Some told arguments:
>
> just to clone one repository
> all Unix machines require a basic setup and therefore the concrete inventory
> file has to have all hosts and roles
> (the intention is to maintain the host names at multiple locations)
>
> a) Is this the way to go or is there a better solution?
> b) when a) could you please provide examples (url's) where to read?
>
> Kind Regards,
> Thomas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/54c81f68-5bd5-451e-9194-e68c7ed9cac9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSQCWtSrtQOh7JSHfuNfcNMEdT7zm2bkNmvPnw6qAmfcg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: AWS Ansible

[Dick Davies]

No, just keep it simple and set the environment variables; then you
can't accidentally
commit credentials to a repo or use the wrong account.

http://docs.ansible.com/ansible/guide_aws.html


On 4 July 2017 at 11:33, Suporter <groupfile...@gmail.com> wrote:
> Sorry, i dont really know where to start,
> Should i save the keys in some file and refer that fiile in the playbook as
> a variable?
>
> On Tuesday, July 4, 2017 at 3:53:38 PM UTC+5:30, Dick Davies wrote:
>>
>> Sorry I thought you wanted to know about file lookups (in this case
>> it's ssh keys).
>>
>> If the -e 'credentials=/path/to/credentials' , you just need to lookup
>> the file and
>> read it's contents. Or just set environment variables before you run
>> the playbook, I
>> thought the aws related modules read the environment fine.
>>
>> On 4 July 2017 at 09:07, Suporter <groupf...@gmail.com> wrote:
>> > Oh my god, my head is spinning. I have 3 accounts in AWS, i need to
>> > create a
>> > file for each account? and then i need to give that name in playbook?
>> >
>> > i am expecting something like this
>> >
>> > ansible-playbook newmachine.yml --extra-vars "account=myaccount"   and i
>> > want the new ec2 instance to be spinned up in that account. how can i do
>> > this?
>> >
>> > On Thursday, June 29, 2017 at 11:28:59 AM UTC+5:30, Suporter wrote:
>> >>
>> >> Hi Ansiblers,
>> >>How can i use same playbook for multiple aws accounts, can i
>> >> give
>> >> the access key and secret key as command line paramters in playbook?
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/387b9c74-48a7-403d-b1b9-651c81b2312e%40googlegroups.com.
>> >
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQyV1%2Be0b4q0RWu3PZh6B-A6-L%2BuP2_o7OpWR2wVaMYBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: AWS Ansible

[Dick Davies]

Sorry I thought you wanted to know about file lookups (in this case
it's ssh keys).

If the -e 'credentials=/path/to/credentials' , you just need to lookup
the file and
read it's contents. Or just set environment variables before you run
the playbook, I
thought the aws related modules read the environment fine.

On 4 July 2017 at 09:07, Suporter  wrote:
> Oh my god, my head is spinning. I have 3 accounts in AWS, i need to create a
> file for each account? and then i need to give that name in playbook?
>
> i am expecting something like this
>
> ansible-playbook newmachine.yml --extra-vars "account=myaccount"   and i
> want the new ec2 instance to be spinned up in that account. how can i do
> this?
>
> On Thursday, June 29, 2017 at 11:28:59 AM UTC+5:30, Suporter wrote:
>>
>> Hi Ansiblers,
>>How can i use same playbook for multiple aws accounts, can i give
>> the access key and secret key as command line paramters in playbook?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/387b9c74-48a7-403d-b1b9-651c81b2312e%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSw1XxCzH9HHohP23my-tH1qx%3DnypXCqEEn_rEdEp%2BJkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: starting karaf with ansble

[Dick Davies]

Is this an init script? It sounds like it relies on something in the
environment.
Does it start at boot cleanly? If not, that's almost certainly the
issue, you might
find setting some variables explicitly in the init script sorts things out.

On 4 July 2017 at 08:31, fanvalt  wrote:
> I did display the variables when running the
> start command and I cannot find out which variable would be a problem.
> Any clue ?
> Regards
>
> Here are the variables set when the error message is displayed:
> A__z='"*SHLVL="*TMOUT'
> BASH=/bin/sh
> BASHOPTS=cmdhist:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
> BASH_ALIASES=()
> BASH_ARGC=([0]="1" [1]="2")
> BASH_ARGV=([0]="/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin/setenv"
> [1]="clean" [2]="server")
> BASH_CMDS=()
> BASH_LINENO=([0]="12" [1]="0")
> BASH_SOURCE=([0]="/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin/setenv"
> [1]="/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin/foryou")
> BASH_VERSINFO=([0]="4" [1]="2" [2]="46" [3]="1" [4]="release"
> [5]="x86_64-redhat-linux-gnu")
> BASH_VERSION='4.2.46(1)-release'
> CURRENTDIR=/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin
> DIRNAME=/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin
> DIRSTACK=()
> EDITOR=vi
> EUID=21175
> FCEDIT=vi
> GROUPS=()
> HISTEDIT=vi
> HISTFILESIZE=1000
> HISTSIZE=128
> HOME=/home/4you
> HOSTNAME=server1
> HOSTTYPE=x86_64
> IFS='
> '
> KARAF_SCRIPT=foryou
> LOG=/shr_4you/current/logs
> LOGNAME=4you
> MACHINE=x86_64-unknown-linux-gnu
> MACHTYPE=x86_64-redhat-linux-gnu
> MAIL=/var/spool/mail/4you
> MANPATH=/usr/share/man:/sopra/tools/man
> OLDPWD=/shr_4you
> OPTERR=1
> OPTIND=1
> OSTYPE=linux-gnu
> PAGER=more
> PATH=/hrasdlcusers/build-tools/unzip/current:/hrasdlcusers/build-tools/java/current/bin:/hrasdlcusers/build-tools/unzip/current:/hrasdlcusers/build-tools/java/current/bin:/hrasdlcusers/build-tools/unzip/current:/hrasdlcusers/build-tools/java/current/bin:/doi/pjunix/4.1/usrbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin:/sopra/tools/bin:/sopra/tools/sbin
> PIPESTATUS=([0]="0")
> POSIXLY_CORRECT=y
> PPID=1
> PROGNAME=foryou
> PS4='+ '
> SHELL=/usr/bin/ksh
> SHELLOPTS=braceexpand:hashall:interactive-comments:posix
> SHLVL=5
> SIGACS=/shr_4you
> SSH_CLIENT='172.21.18.35 49739 22'
> SSH_CONNECTION='172.21.18.35 49739 10.7.1.4 22'
> SSH_TTY=/dev/pts/2
> TERM=xterm
> TMOUT=7200
> TMP=/shr_4you/current/temp
> UID=21175
> UNZIP_HOME=/hrasdlcusers/build-tools/unzip/current
> USER=4you
> _=/shrnexus/4you/app5/app5-0.0.0-SNAPSHOT/bin
> http_proxy=None
> https_proxy=None
>
> Here are the variables set when the start command is running withour error
> message:
> _=*3622*/usr/bin/env
> EDITOR=vi
> FCEDIT=vi
> HISTEDIT=vi
> HISTFILESIZE=1000
> HISTSIZE=128
> HOME=/home/4you
> HOSTNAME=server1
> JAVACMD=/hrasdlcusers/build-tools/java/current/bin/java
> JAVA_HOME=/hrasdlcusers/build-tools/java/current
> LOG=/shr_4you/current/logs
> LOGNAME=4you
> MACHINE=x86_64-unknown-linux-gnu
> MAIL=/var/spool/mail/4you
> MANPATH=/usr/share/man:/sopra/tools/man
> PAGER=more
> PATH=/hrasdlcusers/build-tools/unzip/current:/hrasdlcusers/build-tools/java/current/bin:/doi/pjunix/4.1/usrbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin:/sopra/tools/bin:/sopra/tools/sbin
> SHELL=/usr/bin/ksh
> SHLVL=1
> SIGACS=/shr_4you
> SSH_CLIENT=172.21.18.35 49739 22
> SSH_CONNECTION=172.21.18.35 49739 10.7.1.4 22
> SSH_TTY=/dev/pts/2
> TERM=xterm
> TMOUT=7200
> TMP=/shr_4you/current/temp
> UNZIP_HOME=/hrasdlcusers/build-tools/unzip/current
> USER=4you
> A__z="*SHLVL="*TMOUT
>
> Le mercredi 28 juin 2017 17:04:40 UTC+2, J Hawkesworth a écrit :
>>
>>
>> Maybe your application needs some environment variables which aren't set
>> when ansible runs the command.
>>
>> You can set specific environment variables though - see
>> http://docs.ansible.com/ansible/playbooks_environment.html
>>
>> Jon
>> On Wednesday, June 28, 2017 at 3:20:21 PM UTC+1, fanvalt wrote:
>>>
>>> Hello,
>>>
>>> If I run karaf manually with the start command, I have no error.
>>> But if I run the start command in a ansible task, I have the following
>>> command:
>>>
>>> 347 [sshd-SshClient[7a4ccb53]-nio2-thread-1] WARN
>>> org.apache.sshd.client.session.ClientSessionImpl - Exception caught
>>> java.lang.IllegalStateException: Unable to negotiate key exchange for kex
>>> algorithms (client:
>>> ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521
>>> / server:
>>> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)
>>> at
>>> org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)
>>> at
>>> org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)
>>> at
>>> org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)
>>> at
>>> 

Re: [ansible-project] Re: AWS Ansible

[Dick Davies]

Yes, you can use lookups, like this

- name: set authorized_keys
authorized_key: user={{ item }} exclusive=yes
key="{{ lookup('file', 'files/pubkeys/{{ item }}.key') }}"
with_items: "{{ team_members[team] }}"

 team_members[team] here is a list of usernames,
the files live in rolename/files/pubkeys/$username.key

original role is here :
https://github.com/rasputnik/ansible-sshteams/blob/master/roles/teams/tasks/team.yml



On 4 July 2017 at 08:32, Suporter  wrote:
> Is there a way to store all accounts keys as some files and call them as
> extra vars in playbook?
>
> On Monday, July 3, 2017 at 2:28:29 PM UTC+5:30, Darragh Grealish wrote:
>>
>> Yes, you pass them as extra-vars, but there are many ways to do this, just
>> watch out where you run your playbook and if AWS ENV variables are already
>> set, as boto will take this into account also.
>> best to understand better the AWS credentials and profiles
>>
>> http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default
>>
>> On Monday, 3 July 2017 07:28:33 UTC+2, Suporter wrote:
>>>
>>> Any help?
>>>
>>> On Thursday, June 29, 2017 at 11:28:59 AM UTC+5:30, Suporter wrote:

 Hi Ansiblers,
How can i use same playbook for multiple aws accounts, can i give
 the access key and secret key as command line paramters in playbook?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5edfad13-4420-4826-a70e-5bfbd56cec86%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRd8PquR21OnsMO-nMLg_9HKW%3DrRr2wN4OKZ_n47JhJVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] get_url runs but doesnt download the file

[Dick Davies]

Explain what you're expecting, because this indicates the file is
already downloaded
and the checksum matches. I might be reading it wrong, or have the
wrong end of the stick...?

On 3 July 2017 at 17:31, Anfield  wrote:



> ok: [10.10.0.5] => {
> "changed": false,
> "checksum_dest": "7ae457e77532dad0747bee455c54623a459257e7",
> "checksum_src": "7ae457e77532dad0747bee455c54623a459257e7",
> "dest": "/home/ansible/index.html",
> "gid": 1001,
> "group": "ansible",
> "invocation": {
> "module_args": {
> "attributes": null,
> "backup": false,
> "checksum": "",
> "content": null,
> "delimiter": null,
> "dest": "/home/ansible",
> "directory_mode": null,
> "follow": false,
> "force": false,
> "force_basic_auth": false,
> "group": null,
> "headers": null,
> "http_agent": "ansible-httpget",
> "mode": 493,
> "owner": "ansible",
> "path": "/home/ansible/index.html",
> "regexp": null,
> "remote_src": null,
> "selevel": null,
> "serole": null,
> "setype": null,
> "seuser": null,
> "sha256sum": "",
> "src": null,
> "timeout": 10,
> "tmp_dest": "",
> "unsafe_writes": null,
> "url": "http://10.10.0.5/index.html;,
> "url_password": null,
> "url_username": null,
> "use_proxy": true,
> "validate_certs": true
> }
> },
> "md5sum": "460caaa47f13e9a01432a58736f486d7",
> "mode": "0755",
> "msg": "OK (35 bytes)",
> "owner": "ansible",
> "secontext": "unconfined_u:object_r:user_home_t:s0",
> "size": 35,
> "src": "/tmp/tmpDB3rvI",
> "state": "file",
> "status_code": 200,
> "uid": 1001,
> "url": "http://10.10.0.5/index.html;
> }
msgid/ansible-project/6ff9d96a-e80d-4658-add3-4c6d24e54cdd%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPS7vRT-xQdKX0CE0OeVDdZJcCNAQMx-qRYNkeT7HFcNrg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Permissions issue, cannot become root

[Dick Davies]

become_user is the user you sudo to, that should probably not be the
same as remote_user
(or it's a bit of a waste of time).

On 27 June 2017 at 17:44, lask001  wrote:
> Been banging my head against this since yesterday, hoping someone is able to
> shed some insight on my issues.
>
> I have a simple role that I'm trying to install java with:
>
> ---
> - name: Install JDK
>   yum:
> name: /tmp/jdk.rpm
> state: present
>
>
> This works on my test servers without issue. I am trying to run this on a
> real server at this point and am running into issues with permissions.
>
> My inventory file is basic:
>
> [severs]
> host1
>
> and my playbook is as follows:
> ---
> - name: Install JDK
>   hosts: servers
>   remote_user: myuser
>   become: true
>   become_user: myuser
>   become_method: sudo
>   become_flags: '-s /bin/sh'
>   roles:
>   - jdk
>
> I've tried quite a few different combinations of setting the become_user to
> nobody, root, leaving it out, and so on, but have had no success. If I login
> to the server manually and run a sudo yum install /tmp/jdk as 'myuser' it
> works fine, and the playbook will actually run after (stating there is
> nothing to change). Does anyone have any suggestions?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/cff84da6-3154-4018-9ec2-278e734ff741%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR1vTsOuqtyqAzRr-dK5vcMhPu9NTfuPEmHWdJCN0ADfg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Using inventory variables from external inventory script to specify which other variables to use (like hiera)

[Dick Davies]

I don't think there's a One True Way, it really boils down to the team
you're working
with and what makes sense for them given the mix of environments
they're managing.

Some people use one inventory for ALL their servers, if you need cross-site
plays that might be necessary. If you're lucky enough to not need that...

Personally I'm a huge fan of one inventory per site. I think I posted
it earlier,
but the gist is this layout:

.
├── california
│   ├── group_vars
│   │   ├── all
│   │   ├── group1
│   │   └── group2
│   └── hosts
├── newyork
│   ├── group_vars
│   │   ├── all
│   │   ├── group1
│   │   └── group2
│   └── hosts
└── site.yml
|___ (other ad hoc playbooks etc. up at this level too)


Each playbook run just needs a '-i environment_name' and you're set.


It works great if you run isolated environments (prod / dev / staging)
which you want broad consistency between, but also are likely
to have differences in number of servers, types of users with SSH access,
levels of encryption, etc.

When it comes to setting vars, my general rule of thumb is to use
as few 'tiers' of variables as possible, otherwise it gets messy and its
hard to find where they're set. There are about a dozen places to set vars
in Ansible, you don't need to use them all. Generally, I go with:

1. environment-wide globals in  $inventory/group_vars/all
(I used to set them inline in static inventories, but group_vars
support yaml syntax
 and it plays nicer with dynamic inventories)

2. roles have 'sane' defaults in $rolename/defaults/main.yml.
Logfile paths, service account names, etc.
If no sane default exists, that's where it is documented
(via a commented out example var, with a suggestion where to set this).
This is essentially the 'README' for the role.

3. $inventory/group_vars/groupname -  relevant to roles those
groups are performing. Easy to 'cat' to see how e.g. preprods
mongodb is setup.

4. host_vars/hostname is a Last Resort, usually on brownfield
sites to track inconsistencies.
"ls */host_vars/*" returns a handy list of servers we probably
need to rebuild.

In theory, this approach should mean diffing 2 inventory directories
gives a good idea of what's different between them.
I've built pretty complex stacks with
this approach from a single site.yml and it can work really well.


On 21 June 2017 at 21:50, William Saxton <sax...@gmail.com> wrote:
> Yeah, I'm currently playing around with exactly these things.  I guess I'm
> looking for some best-practice guidance for how to handle this situation.  I
> see a couple of ways people are handling these kinds of things...but none
> seem to be very elegant.
>
> I'm trying to talk my team into using Ansible over Puppet because it,
> initially, seemed a lot easier to get started with.  Now that I'm digging
> deep into this, though, Puppet is much easier when it comes to managing
> hierarchical data (via hiera).
>
> On Wednesday, June 21, 2017 at 3:08:02 PM UTC-4, Dick Davies wrote:
>>
>> I played around with 'flat file' variables and a dynamic inventory a while
>> back;
>> group variables seemed to override the inventory level ones.
>>
>> YMMV, check the precedence levels for vars for the version of Ansible
>> you're running.
>>
>> On 20 June 2017 at 22:39, William Saxton <sax...@gmail.com> wrote:
>> > Our current configuration management system stores hostnames and
>> > attributes
>> > for each of our systems, including things like "project" and "site".
>> > I'd
>> > like to use these attributes when determining which values to provision
>> > a
>> > system with using ansible, just like Puppet does with hiera.
>> >
>> > Right now I have an external inventory script working pretty well.
>> > Here's
>> > an example output:
>> >
>> > {
>> > "generic": ["swrgen1.example.com", "swrgen2.example.com"],
>> >
>> > "_meta": {
>> > "hostvars": {
>> > "swrgen1.example.com": {
>> > "site": "california"
>> > },
>> > "swrgen2.example.com": {
>> > "site": "newyork"
>> > }
>> > }
>> > }
>> > }
>> >
>> > What I'd like to do is for ansible to be able to override default
>> > variables
>> > if a site or project-based file exists that contains this variable.
>> > Right
>> > now, I have the following setup working:
>> >
>> > # example_playbook.yml
>> > ---
>> > - name: variable precedence test

Re: [ansible-project] include uid with ansible entries in messages log

[Dick Davies]

Just checked; if you're SSHing in as a non-root user
(vagrant here)
and running the plays via become: then you'll see the sudo messages
in /var/log/secure (on CentOS6; YMMV for other distros) and the
task messages in /var/log/messages.

(the playbook just checks the mysqld service is running, essentially:

- hosts: jiras
  become: yes
  become_user: root
  tasks:
- name: start mysql
  service: mysql
  state: started
  enabled: yes

)



==> /var/log/secure <==
Jun 21 19:18:56 jira1 sshd[3536]: subsystem request for sftp
Jun 21 19:18:56 jira1 sudo:  vagrant : TTY=pts/0 ; PWD=/home/vagrant ;
USER=root ; COMMAND=/bin/sh -c echo
BECOME-SUCCESS-hfjuiqroxdvdnofysfvehhgezbyanxfq; /usr/bin/python
/home/vagrant/.ansible/tmp/ansible-tmp-1498072737.75-49306779549726/service.py;
rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1498072737.75-49306779549726/"
> /dev/null 2>&1

==> /var/log/messages <==
Jun 21 19:18:57 jira1 ansible-service: Invoked with name=mysqld
pattern=None enabled=True state=started sleep=None arguments=
runlevel=default

Shame its not in one log, but it does tick the audit box for privilege
escalation...

On 21 June 2017 at 20:09, Dick Davies <d...@hellooperator.net> wrote:
> Sudoing to run Ansible on the control machine won't show up in the
> target server logs.
>
> If ansible sudos on the targets (i.e. you have become: yes in the
> plays) that should show up.
>
> On 21 June 2017 at 15:56, Steve Zimmerman <lszdro...@gmail.com> wrote:
>> Hello,
>>  I have an audit/security request to include the user id in the messages
>> log for commands issued against a linux server. To illustrate, the commands
>> are issued with as sudo:
>>
>> # sudo ansible ---
>>
>> results in /var/log/messages:
>>
>> Jun 19 00:01:13 usildng-ps-03 ansible-command: Invoked with creates=None
>> executable=None chdir=None args=lsof removes=No
>>
>> ne NO_LOG=None shell=True warn=True
>>
>>
>> Our audit folks would like to see something like :
>>
>>
>> Jun 19 00:01:13 usildng-ps-03 ansible-command-by-: Invoked with
>> creates=None executable=None chdir=None args=lsof removes=No
>>
>> ne NO_LOG=None shell=True warn=True
>>
>>
>> If this is possible via ansible, what steps would be needed to capture the
>> uid of the user calling the command and then pass with the command(s) to the
>> server?
>>
>>
>> Any and all assistance would be greatly appreciated.
>>
>>
>> Thanks in advance,
>>
>>
>> Steve Zimmerman
>>
>> Systems and Network Administrator
>>
>> TreeHouse Private Brands
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/563de177-ce78-4b23-8320-f59a7ebe910f%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSkQgapMTETbmAP6K%2B5NzS7P%3Dzr%3D6pO8DFpGTvesEJh0g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] include uid with ansible entries in messages log

[Dick Davies]

Sudoing to run Ansible on the control machine won't show up in the
target server logs.

If ansible sudos on the targets (i.e. you have become: yes in the
plays) that should show up.

On 21 June 2017 at 15:56, Steve Zimmerman  wrote:
> Hello,
>  I have an audit/security request to include the user id in the messages
> log for commands issued against a linux server. To illustrate, the commands
> are issued with as sudo:
>
> # sudo ansible ---
>
> results in /var/log/messages:
>
> Jun 19 00:01:13 usildng-ps-03 ansible-command: Invoked with creates=None
> executable=None chdir=None args=lsof removes=No
>
> ne NO_LOG=None shell=True warn=True
>
>
> Our audit folks would like to see something like :
>
>
> Jun 19 00:01:13 usildng-ps-03 ansible-command-by-: Invoked with
> creates=None executable=None chdir=None args=lsof removes=No
>
> ne NO_LOG=None shell=True warn=True
>
>
> If this is possible via ansible, what steps would be needed to capture the
> uid of the user calling the command and then pass with the command(s) to the
> server?
>
>
> Any and all assistance would be greatly appreciated.
>
>
> Thanks in advance,
>
>
> Steve Zimmerman
>
> Systems and Network Administrator
>
> TreeHouse Private Brands
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/563de177-ce78-4b23-8320-f59a7ebe910f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTXrM_Z%2BGUGH%2BZY6pCovD80AgRC0sLhfwvfhD_K2c%2BH2w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Using inventory variables from external inventory script to specify which other variables to use (like hiera)

[Dick Davies]

I played around with 'flat file' variables and a dynamic inventory a while back;
group variables seemed to override the inventory level ones.

YMMV, check the precedence levels for vars for the version of Ansible
you're running.

On 20 June 2017 at 22:39, William Saxton  wrote:
> Our current configuration management system stores hostnames and attributes
> for each of our systems, including things like "project" and "site".  I'd
> like to use these attributes when determining which values to provision a
> system with using ansible, just like Puppet does with hiera.
>
> Right now I have an external inventory script working pretty well.  Here's
> an example output:
>
> {
> "generic": ["swrgen1.example.com", "swrgen2.example.com"],
>
> "_meta": {
> "hostvars": {
> "swrgen1.example.com": {
> "site": "california"
> },
> "swrgen2.example.com": {
> "site": "newyork"
> }
> }
> }
> }
>
> What I'd like to do is for ansible to be able to override default variables
> if a site or project-based file exists that contains this variable.  Right
> now, I have the following setup working:
>
> # example_playbook.yml
> ---
> - name: variable precedence test
>   hosts: all
>   vars_files:
>   - [ "/etc/ansible/vars/site/{{ site }}.yml",
> "/etc/ansible/vars/site/default.yml" ]
>   tasks:
> - debug: var=server_memory_size
>
> With variable directories setup as:
>
> # /etc/ansible/vars/site/california.yml
> ---
> server_memory_size: 1gb
>
> And
>
> # /etc/ansible/vars/site/default.yml
> ---
> server_memory_size: 512gb
>
> So, as expected, I get the following output when running the playbook:
>
> [root@swransible ansible]# ansible-playbook plays/example_playbook.yml
> PLAY [variable precedence test]
> *
>
> TASK [Gathering Facts]
> **
>
> ok: [swrgen1.example.com]
> ok: [swrgen2.example.com]
>
> TASK [debug]
> 
>
> ok: [swrgen1.example.com] => {
>   "changed": false,
>   "server_memory_size": "1gb"
> }
> ok: [swrgen2.example.com] => {
>   "changed": false,
>   "server_memory_size": "512mb"
> }
>
> Is this the "right" way to do this?  Is there a better way?  Everything I've
> seen on "ansible/hiera" google searches is about 2 years old and it seems
> like quite a bit has changed over the last few years.
>
> The biggest drawback to this is that EVERY playbook will need to have a
> vars_files entry along with the entire variable file hierarchy.  This seems
> hugely repetitive.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/96de3153-c343-4ae4-8893-a51be2cffb97%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRd1vn3c-WxXHR-4CNWnumpapWkqrdX1GuO6zFO7Mo-3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Securing ansible - best practice?

[Dick Davies]

There's a few options.

You can do a 'pre-seed' ssh key (added via Kickstart on in the VMware template;
on AWS you'd add this as the instance is created).
Ansible can use that to get in initially once the server is up and create more
users/groups as desired. Another option would be a central key system
like FreeIPA (Redhat do their own flavour with commercial support).

I've used both approaches and they work pretty well, but they won't really
help you on an existing site. Typically on those you already have some
form of remote access setup (how else are you managing the servers)?

In that event, I'd allow existing admins to use their own personal accounts
and grant them (ideally passwordless) sudo privileges. That way you get
an audit trail 'for free' and can easily revoke a given admins privileges
(a bit harder with a shared 'special' account).

Essentially, Ansible as a 'power tool' to run over SSH, but respect all
the security restrictions a typical SSH user would have, is a pretty easy
sell to most big corps (compared to the Chef/Puppet approach of a god-level
agent that wakes up every 30 minutes and potentially wreaks havoc).

I'd generally suggest giving 'full' sudo access, not specific commands;
for Ansible to work it needs to run Python and once you have that, you're
generally able to do whatever you want to the server anyway.
As I said, you still get to see what each user is up to in whatever central
logging solution you have (provided you're shipping /var/log/secure somehow).



On 19 June 2017 at 22:08, Chris Jefferies  wrote:
> Hello.
>
> I'm looking around for a best practice tutorial or document that describes
> how to configure our ansible server to deploy our applications to about 20
> servers at a time.  We call this group of servers a track.  We have a
> growing number of tracks.
>
> So I got Ansible installed but now I want to know how best to deploy keys to
> the 20 remote hosts.  How do I automate the secure deployment of ssh keys to
> these hosts?
>
> I see notes about how to set up user security for remote hosts but those
> are, as far as I can tell, assuming initial connectivity has been
> established.
>
> Also, one of my work mates indicates that a secure remote host should have a
> user (ansible perhaps?) with restricted access that can only execute
> specific commands.  I assume this happens by configuring the sudoers file.
> If we go there, it seems I need to allow specific applications like yum,
> python, file copies, etc for the ansible user.
>
> So it seems to be a chicken and egg problem and now we're back to lots of
> pre-configuring each agentless host so that I can deploy apps and configs
> from a central ansible server.
>
>
> How is everyone dispensing ssh keys and setting up ansible users so that we
> can have a secure and a not too tedious set up process.
>
> BTW, our setup is mainly Redhat 6.x and 7.
>
> Thanks in advance for any tips,
> Chris.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c035d0c8-952f-4046-8f0f-d54b0ed37310%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR%2BmHzbuXTFB%3DmG4ay1X0DBHUZivVLyF49M2oXn4coU6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How can load an inventory file via a task within a playbook

[Dick Davies]

Why wouldn't you have a single repo in that case?
You can have multiple inventory folders under the playbooks e.g.

.├── roles < - common roles
│   ├── bar
│   └── foo
├── site.yml <- common playbooks
├── dev   <- dev inventory
│   ├── group_vars
│   │   └── all
│   └── hosts
├── prod <- production inventory
│   ├── group_vars
│   │   └── all
│   └── hosts

└── staging <- staging inventory
├── group_vars
│   └── all
└── hosts

Then your jenkins play just checks out the repo and runs

 ansible-playbook -i dev/ site.yml

(i.e. just switch the inventory to the right one).

On 20 June 2017 at 16:37, ishan jain <ishanja...@gmail.com> wrote:
> I want to make it useful for others, thus trying to cut on an additional GIT
> clone step. I will create a Jenkins job for this which would then just need
> a parameter (with which i can figure out GIT repo).
>
> On Tuesday, 20 June 2017 17:24:37 UTC+2, Dick Davies wrote:
>>
>> Can't you just pull the git repo before you run the inventory?
>>
>>
>> On 20 June 2017 at 15:00, ishan jain <ishan...@gmail.com> wrote:
>> > I keep my inventory files for each environment in GIT repositories. I am
>> > working on some sort of a helper service which i am writing in Ansible
>> > and
>> > this should perform some (housekeeping) tasks on the specified servers,
>> > which i wish to specify using existing inventory files. I want to make
>> > the
>> > GIT repo as a parameter for this script and then the script will have
>> > its
>> > target inventory file. I am not sure how to proceed from here.
>> >
>> > How can i load this inventory file within a task ? After loading, i can
>> > either invoke next play or refresh the inventory with meta. Using
>> > add_host
>> > doesn't seem to be an option as there are elaborate inventory
>> > configurations
>> > which i want to reuse as it is rather than writing more logic to load
>> > it.I
>> > don't see any lookup/parser either. The only option remains for me is to
>> > keep the second phase logic in different playbook and after fetching the
>> > inventory just shoot a shell command executing this playbook with the
>> > inventory, but this method won't give me the logs like a regular
>> > playbook
>> > execution.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/4e2c79d8-7190-4050-9977-ad994032794f%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSqgOtLEL5QH%2BW%3DVPHkVtxa_%2Bq0cd8HQp1eS2CqY-FK_A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How can load an inventory file via a task within a playbook

[Dick Davies]

Can't you just pull the git repo before you run the inventory?


On 20 June 2017 at 15:00, ishan jain  wrote:
> I keep my inventory files for each environment in GIT repositories. I am
> working on some sort of a helper service which i am writing in Ansible and
> this should perform some (housekeeping) tasks on the specified servers,
> which i wish to specify using existing inventory files. I want to make the
> GIT repo as a parameter for this script and then the script will have its
> target inventory file. I am not sure how to proceed from here.
>
> How can i load this inventory file within a task ? After loading, i can
> either invoke next play or refresh the inventory with meta. Using add_host
> doesn't seem to be an option as there are elaborate inventory configurations
> which i want to reuse as it is rather than writing more logic to load it.I
> don't see any lookup/parser either. The only option remains for me is to
> keep the second phase logic in different playbook and after fetching the
> inventory just shoot a shell command executing this playbook with the
> inventory, but this method won't give me the logs like a regular playbook
> execution.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4e2c79d8-7190-4050-9977-ad994032794f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSYh-GSTyZ1fhdpWEtvniVqgz8bDAjKuV7SvUJB5LCk9g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How can I detect Atomic version of CentOS with Ansible facts (setup) mechanism?

[Dick Davies]

Start with: how would I tell the host is an Atomic host without Ansible?

Then you can combine a command: with a register:clause,
and run set_fact with a when: .

For the effort, I'd just add a custom fact. But without knowing how to tell,
that's tricky :)

On 19 June 2017 at 17:00, Stéphane Klein  wrote:
> Hi,
>
> I have CentOS Atomic Host (http://www.projectatomic.io/).
>
> When I execute:
>
> ansible -m setup my_atomic_os
>
> I have:
>
> "ansible_os_family": "RedHat"
>
> I see nowhere that this is a Atomic version of RedHat / CentOS (on Atomic
> host I can't install package…).
>
> How can I detect this with facts mechanism?
>
> I need to create an Ansible issue on GitHub about this feature request?
>
> Best regards,
> Stéphane
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a3cfd3e3-cbcb-4f50-9cc0-b99288c69aaa%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTJvtFa6w%2BPERZGMbghFpJkaSZGvT8DzpCbOH%3D_ZwGqNQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Find number of servers where something is true

[Dick Davies]

On 19 June 2017 at 17:13, Dick Davies <d...@hellooperator.net> wrote:

> will let you make a group by fact, you could then just have a task
> on localhost output '{{ groups["has_that_file"] _ length }}".

sorry that should be:

{{ groups["has_that_file"] | length }}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQV8OcnQcV%2BTRNhp9pQPrEQzayrP7gQ4GbH%2BOg14mq6bA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Find number of servers where something is true

[Dick Davies]

http://docs.ansible.com/ansible/group_by_module.html

will let you make a group by fact, you could then just have a task
on localhost output '{{ groups["has_that_file"] _ length }}".

There's a set_fact task you can use to set a (boolean) fact on hosts,
or just bite the bullet and write a custom fact.

It seems a bit of an odd requirement to be honest, that's the best I can
suggest from what you've posted.

On 19 June 2017 at 00:39, Tommy Ash  wrote:
> Hi,  I'm trying to get a count of how many servers have a specific file on
> them.  For example, if /tmp/testFile is on 8 of 25 hosts that I'm running a
> playbook against, I'd like to register a variable and give it the value of
> 8.  Is this possible?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8bd181dc-20ce-4ce1-97b4-e85921799c69%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPS%3DtLdehEG0jQ09n%2BV0iNTzUEwDq8qLmto6Vkxs%2BD-y-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Jinja 2 template syntax error

[Dick Davies]

What does the generated config look like?
The error is just redis-sentinel crashing.

On 15 June 2017 at 17:47, Owen Corcoran  wrote:
>
> Hi,
>
>
>
> Im having an issue with the following Jinja2 template and I just cant figure 
> out how to get it to display the ip4 addresses of the hosts from the hostvars 
> for the hosts in the inventory file below
>
>
>
>
>
>
>
> {% for host_system in groups['hosts'] %}
>
> {% if "ansible_eth0" in hostvars[host_system] -%}
>
> sentinel known-sentinel mymaster {{ 
> hostvars[host_system]['ansible_eth0']['ipv4']['address'] }} 26379 {{ 
> hostvars[host_system]['sentinel_id'] }}
>
> {%- endif -%}
>
> {% endfor %}
>
>
>
>
>
> Inventory
>
>
>
> [hosts:children]
>
> haproxyhosts
>
> redishosts
>
>
>
> [haproxyhosts]
>
> Hahost1
>
> Hahost2
>
>
>
> [redishosts]
>
> Rhost1
>
> Rhost2
>
>
>
>
>
> Error
>
>
>
> fatal: [10.193.45.158]: FAILED! => {
>
> "changed": false,
>
> "failed": true,
>
> "invocation": {
>
> "module_args": {
>
> "daemon_reload": false,
>
> "enabled": true,
>
> "masked": null,
>
> "name": "redis-sentinel",
>
> "state": "restarted",
>
> "user": false
>
> }
>
> },
>
> "msg": "Unable to restart service redis-sentinel: Job for 
> redis-sentinel.service failed because the control process exited with error 
> code. See \"systemctl status redis-sentinel.service\" and \"journalctl -xe\" 
> for details.\n"
>
> }
>
> fatal: [10.193.45.157]: FAILED! => {
>
> "changed": false,
>
> "failed": true,
>
> "invocation": {
>
> "module_args": {
>
> "daemon_reload": false,
>
> "enabled": true,
>
> "masked": null,
>
> "name": "redis-sentinel",
>
> "state": "restarted",
>
> "user": false
>
> }
>
> },
>
> "msg": "Unable to restart service redis-sentinel: Job for 
> redis-sentinel.service failed because the control process exited with error 
> code. See \"systemctl status redis-sentinel.service\" and \"journalctl -xe\" 
> for details.\n"
>
> }
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/ea1a8e36-485e-40cc-b7f4-26cdfd787f0f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRKYQ9-yrEvio6COEaUrmuCXsiXtcLGHZUEDHO%3DVJT_aw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Dependency check between roles

[Dick Davies]

I started liking the dependency model but it was generally met with confusion by
other admins, so we started being explicit in the play.

e.g. we'd have an nginx role that setup a 'conf.d' folder to
auto-include vhost definitions.
That would be nginx_confd_dir , set in roles/nginx/defaults/main.yml.

If I 'layer' another role onto that in the same play, it can access
the var directly and
know where to drop it's vhost files.

In practice, this has worked pretty well for us and it makes it
obvious what the play
is putting on each inventory group. It also avoids the 'role gets
applied twice' issue
that dependencies can cause.

If the playbooks are composable and it's obvious what's being deployed
where, it's
a win in my book.

Code reuse makes sense when you have a load of complex libraries of thousands
of lines of code but IMO it's massive overkill wrt. copying and
pasting a dozen lines
of YAML.

On 22 May 2017 at 09:44, Jose Luis Fernández Pérez <josefer...@gmail.com> wrote:
> That's what I'm doing now and it works but I find two trade offs with this
> approach.
>
> 1. You pollute the global scope with facts, and you are at risk of name
> clashing
> 2. You have to explicitly write the guard with code, something that is going
> to be the same in several roles. That's more boilerplate and code
> complexity.
>
> I think this use case is common enough to be implemented in the language
> itself. Something like a meta key saying 'this module should only be run
> once per server, don't bother to run in several times' lets say:
> ---
>   run_once_per_server: yes
>
>
> El domingo, 21 de mayo de 2017, 12:11:35 (UTC+2), Trond Hindenes escribió:
>>
>> As long as you haven't set the "private_role_vars = yes" option in
>> Ansible.cfg, you could do this by adding a set_fact step at the end of role
>> B (something like "role_b_has_run": true), and then at the beginning you
>> check for the existence of it, probably using a "when block" on the entire
>> thing.
>>
>> First time Role B runs, it will toggle the variable to true using
>> set_fact, and next time it runs you can skip the role or parts of it by
>> checking for the existence of that fact.
>>
>> -Trond
>>
>> On Friday, May 19, 2017 at 1:34:01 PM UTC+2, Jose Luis Fernández Pérez
>> wrote:
>>>
>>> Well, the thing here is a matter of encapsulation, the responsibility of
>>> installing B is inside A or C not in the playbook (the playbook should be
>>> agnostic). Imagine this scenario:
>>>
>>> I have a web server with an nginx with different sites installed (for two
>>> different applications). For each application I create a role that installs
>>> nginx and creates a site with its configuration, I want those roles to be
>>> self sufficient because maybe in the future those two applications wont be
>>> installed in the same host.
>>>
>>> In the role of each application I could have a:
>>>
>>> - name: "Install nginx package
>>>   apt: pkg=nginx state=latest
>>>
>>> This will be executed twice though only the first time will do stuff.
>>>
>>> A good approach to DRY it out a little be would be extracting the nginx
>>> installation into a new role where I maybe also do some common tweaks like
>>> adding common files to /etc/nginx/conf.d directory etc. In this case, I
>>> should use a dependency in my application roles so I ensure nginx is
>>> installed before adding the site for the app. Now, after the refactor with
>>> the dependencies approach, the nginx tasks will be executed twice (again),
>>> first time doing stuff and second not doing anything but spending time with
>>> state checking. This is because the whole 'Dependencies are only installed
>>> once unless allow_duplicates is yes' thing is scoped to the role.
>>>
>>> I'm currently creating a guard to ensure it gets executed only once. But
>>> this is ugly and I think this scenario is quite common and ansible should
>>> implement a way of dealing with such things. Maybe there is a way of doing
>>> it but Im missing it. In puppet is straightforward, a simple require would
>>> do, because is declarative.
>>>
>>> Any thoughts?
>>>
>>>
>>>
>>> El jueves, 18 de mayo de 2017, 21:46:39 (UTC+2), Dick Davies escribió:
>>>>
>>>> I'd skip the dependency mechanics and just explicitly apply both roles
>>>> in the play.
>>>>
>>>> On 18 May 2017 at 13:21, Jose Luis Fernández Pérez <josef...@gmail.com>
>>>> wrote:
>>>> 

Re: [ansible-project] Dependency check between roles

[Dick Davies]

I'd skip the dependency mechanics and just explicitly apply both roles
in the play.

On 18 May 2017 at 13:21, Jose Luis Fernández Pérez  wrote:
> Hi all!
>
> I need to disallow a role from being executed when it is include more than
> once. The scenario is like this.
>
> Role A includes as a dependency Role B
> Role C includes as a dependency Role B
>
> I include role A and role C in a playbook
>
> The result is.
>
> B is run
> A is run
> B is run
> C is run
>
> Given that B is already executed I would like it not to be run again.
>
> Any idea? Im currently setting a fact in B and use a conditional include in
> its main.yml file but this is code smell IMHO.
>
> Thanks in advance!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/24f27e6d-0d17-455b-9e4f-fb8b051a09f1%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTPHeF%3DjBGOiw8ANzd9kgGf7q-RX5Fg7%2BCBsLveA_JHTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: SSH connection to host failed..

[Dick Davies]

ConnectTimeout=10 vzylvrnddev3 /bin/sh -c 'sudo -k && sudo -H -S -p
"[sudo via ansible, key=] password: " -u root /bin/sh -c '"'"'echo
BECOME-SUCCESS-; LANG=C LC_CTYPE=C /usr/bin/python
/home/ansible/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679/setup;
rm -rf /home/ansible/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679/
>/dev/null 2>&1'"'"''
failed: [vzylvrnddev3] => {"failed": true, "parsed": false}
/var/tmp/sclRLbVXV: line 8: -k: command not found


Does the sudo on the host not understand the '-k' flag?

On 12 May 2017 at 19:21,   wrote:
> I have nearly the exact same issue. Have you managed to find a solution?
>
> On Friday, March 18, 2016 at 4:00:14 PM UTC-4, Andrzej K wrote:
>>
>> Hello Guys,
>>
>> Can someone of you help me with this strange case? I have host running
>> CentOS 6.7 x86_64. My ansible management host is CentOS 7.2 x86_64, ansible
>> version 1.9.4. When I try to run playbook against my host I'm getting this
>> message:
>>
>> GATHERING FACTS
>> ***
>> failed: [vzylvrnddev3] => {"failed": true, "parsed": false}
>> /var/tmp/sclAxMdst: line 8: -k: command not found
>> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 56: Applying options for *
>> debug1: auto-mux: Trying existing master
>> debug1: mux_client_request_session: master session id: 2
>> Shared connection to vzylvrnddev3 closed.
>>
>>
>> for more info:
>>
>> GATHERING FACTS
>> ***
>>  ESTABLISH CONNECTION FOR USER: ansible
>>  REMOTE_MODULE setup
>>  EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>> ControlPersist=60s -o
>> ControlPath="/home/ansible-admin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>> KbdInteractiveAuthentication=no -o
>> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o
>> PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 vzylvrnddev3
>> /bin/sh -c 'mkdir -p
>> $HOME/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679 && chmod a+rx
>> $HOME/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679 && echo
>> $HOME/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679'
>>  PUT /tmp/tmpCkdV99 TO
>> /home/ansible/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679/setup
>>  EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>> ControlPersist=60s -o
>> ControlPath="/home/ansible-admin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>> KbdInteractiveAuthentication=no -o
>> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o
>> PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 vzylvrnddev3
>> /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=] password: "
>> -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-; LANG=C LC_CTYPE=C
>> /usr/bin/python
>> /home/ansible/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679/setup;
>> rm -rf /home/ansible/.ansible/tmp/ansible-tmp-1458307518.98-232218326920679/
>> >/dev/null 2>&1'"'"''
>> failed: [vzylvrnddev3] => {"failed": true, "parsed": false}
>> /var/tmp/sclRLbVXV: line 8: -k: command not found
>> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 56: Applying options for *
>> debug1: auto-mux: Trying existing master
>> debug2: fd 3 setting O_NONBLOCK
>> debug2: mux_client_hello_exchange: master version 4
>> debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
>> debug3: mux_client_request_session: entering
>> debug3: mux_client_request_alive: entering
>> debug3: mux_client_request_alive: done pid = 5502
>> debug3: mux_client_request_session: session request sent
>> debug1: mux_client_request_session: master session id: 2
>> debug3: mux_client_read_packet: read header failed: Broken pipe
>> debug2: Received exit status from master 127
>> Shared connection to vzylvrnddev3 closed.
>>
>>
>> Any idea why I'm getting this message? I restored /etc/ssh/sshd_config and
>> ssh_config to default - it's still the same. What is the reason?
>>
>> thanks in advance!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6633775f-42e0-4139-89e0-14fcefe44a59%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to 

Re: [ansible-project] Multiple host files with host vars - what is the precedence?

[Dick Davies]

Silly question, but why?

won't a group_vars/all do the trick?



On 12 May 2017 at 09:11, Dan Bateman  wrote:
> I have a setup where I have multiple inventory files in a directory and my
> ansible.cfg points to that inventory directory rather than a file. Also
> using ec2.py for aws dynamic inventory which is inside the inventory
> directory also. All hosts files, except for one are in a sub directory.
> All of the host files have [all:vars] defined, pretty much all the variables
> are duplicated across these different hosts files, but some have different
> values based on the type of environment. I'm attempting to use Dynamic
> inventory and to accommodate this I have a 'hosts' file named as such, in
> the root of the inventory directory. This contains all my tagging for AWS to
> allow me to use short names which relate to an AWS tag + the same [all:vars]
> which I want to be read when I'm using dynamic inventory, because I don't
> want ansible reading other [all:vars] from other inventory files.
> Along with the hosts files, I have a group_vars dir, which contains an
> all.yml that also duplicates some of the variables in the different hosts
> files(I know, I know). I eventually want to deprecate the [all:vars]
> contained in the hosts files in favour of just using
> group_vars/{all,env1,env2, etc}, but at the moment I can't.
>
> My question is, when I run ansible, in what order will it obtain variables
> when multiple host files exist, i.e. using dynamic inventory option I don't
> specify a hosts file or ec2.py, just allow ansible.cfg to read everything in
> the inventory dir:
>
> ansible-playbook someplaybook.yml -e 'somevar=something
> anothervar=anotherthing' --limit devenv
>
> Ideally I want ansible to use just read ec2.py and 'hosts' file, or at least
> read the 'hosts' and pickup the [all:vars] from there. I don't want it
> reading all the other host files that exist in the directory or at least I
> want to know what order it will read them. What is the precedence?
> Does having hosts files in sub-directories help in the precedence of reading
> the hostfiles?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6ad15889-31ad-4945-9f5d-77dee94a5586%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTRb6_xM9m_bDr-iFsd%3D%2BPbxQ4%2B%3DhtYonKQQwoftnsYOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: I want auto script,but something error

[Dick Davies]

Yes, but this :

192.168.30.75 remote_user=root remote_pass=1qaz@WSX

says to login directly as root, so don't do that.

The error is

remote_user" chtadm

instead of

remote_user: chtadm

On 10 May 2017 at 15:35, 王慧勳  wrote:
> Hi Davies:
> thanks，i cant direct use root，because my linux  policy is permitrootlogin no
> !!
>
> Best Regards!!
>
> 王慧勳於 2017年5月2日星期二 UTC+8上午2時20分48秒寫道：
>>
>> my centos deny remoteroot login and how can i improve
>> it my code
>> - hosts: 192.168.30.75
>>   remote_user" chtadm
>>   become: true
>>   become_user: root
>>   tasks:
>>  copy:
>> src: /tmp/kevin/test
>> dest:/tmp
>> owner:root
>> group:root
>> mode:0744
>>
>> it's my ansbile-vault
>> 192.168.30.75 remote_user=root remote_pass=1qaz@WSX
>>
>> and i input ansible-playbook test.yml --ask-vault-pass
>> display error:
>> the error appears to have been in '/tmp/kevin/test.yml' : line 3,column
>> 3,but may be elsewhere in the file depending on the exact syntax problem.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/03ea0f0b-0c40-4e3c-9225-dcf6bf8e216e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR-2qCbg1S5HnzxaObG1YG5hKUUyx%2B1aa9gPuARFEbD%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Is there any better way to find if a list of packes installed

[Dick Davies]

You'd probably get what you want from an Ansible dummy run then, just
pass '--check' to ansible-playbook.

On 9 May 2017 at 20:09, Kiran Kumar  wrote:
> Hi  Tai Kedzierski ,
>
> Thanks for your reply. Am intending only to validate if packages are
> installed or not and am not installing any packages as part of other task.
> Am building a validation playbook that would check few things and packages
> is one of them.
>
> On Tuesday, May 9, 2017 at 8:00:51 AM UTC-7, Tai Kedzierski wrote:
>>
>> Hello Kiran
>>
>> As I understand it, the way Ansible is intended to be used, you should not
>> need this ?
>>
>> If you write a task specifying packageX , and specify a state of
>> installed/uninstalled/latest then that state is enforced... no prior need to
>> check.
>>
>> If you want then to perform an action only if a package is present, it
>> begs the question as to why you do not know already - since you are using
>> Ansible to maintain the server in a known state ?
>>
>> Could you describe what it is you are trying to enable by doing a package
>> check ?
>>
>>
>> On Tuesday, 9 May 2017 04:05:30 UTC+1, Kiran Kumar wrote:
>>>
>>> Hi Friends,
>>>
>>> Is there any better way to find if a list of packes is installed or not
>>> on a linux machine. It needs to return something may be a single variable to
>>> decide if all packages are installed or any one of them missed.
>>>
>>> Assuming i need to check if below packages are installed or not and it
>>> should return true if all the listed packages are installed and false if
>>> anything is missed.
>>>
>>>   - name: Check if packages are installed
>>> command: rpm -q {{ item }}
>>> with_items:
>>>- kernel
>>>- perf
>>>
>>>- perl
>>>
>>>- python
>>>
>>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/16477645-14b2-4a5b-b8cc-3772b1a1f108%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQQs-XjzVvazbiS796Bsxa4_oHJUSzFjY-NcLboKa_mAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible ping hanging on a single node with no errors

[Dick Davies]

Are all the params in that ansible config correct (specifically the
control path)?
I don't know if they're defaults,
or you've customised them for some reason, but I'd be verifying those next.

On 9 May 2017 at 00:06, David Binney <donkeys...@gmail.com> wrote:
> Normal ssh is fine and running with - gives no clues at all. It
> processes one host fine, then just hangs with no output at all.
>
> On Tue, 9 May 2017 at 4:09 am, Dick Davies <d...@hellooperator.net> wrote:
>>
>> Well, back to basics.
>>
>> Can you SSH to the server manually?
>> If so, try adding '-' to the ping task to see if that gives any clues.
>>
>> On 8 May 2017 at 09:35, David Binney <donkeys...@gmail.com> wrote:
>> > I am trying to run an ansible ping, but it it hanging on a single
>> > hostname,
>> > and showing no error or log messages.
>> >
>> > [defaults]
>> > host_key_checking = False
>> > command_warnings = False
>> > error_on_undefined_vars = True
>> > gathering = smart
>> > #ssh_args = -o ControlMaster=auto -o ControlPersist=30m
>> > inventory = ~/hosts/ansible.dyn
>> > #transport = paramiko
>> >
>> > [ssh_connection]
>> > control_path = %(directory)s/%%h-%%p-%%r
>> >
>> > -
>> >
>> > ansible 2.3.0.0
>> >   config file = /Users/dbinney/.ansible.cfg
>> >   configured module search path = Default w/o overrides
>> >   python version = 2.7.13 (default, Dec 18 2016, 07:03:39) [GCC 4.2.1
>> > Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)]
>> >
>> > 
>> >> $ python --version
>> >> [±master ●●]
>> > Python 3.6.1
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-project+unsubscr...@googlegroups.com.
>> > To post to this group, send email to ansible-project@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/4c929ec6-4ee5-48b2-8f5a-62f3b7a9a1df%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/qkrC2vL1Fnk/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAK5eLPSK3RN6kWj7CKEHNXYG6GN_mTRM_pk8jQ5yu4Mwbc3aaw%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> Cheers David Binney
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAN123g%3DVn1_-Bo2VhpZkaCqrAy%2BNZCgcey2Ffw_jC-RAqOg3fQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQ%3DPR85Q%2BC2UVHOGV5MWuZp5-6x8%3D3fn93P2VV%2BLE52kg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] using a "when" for setting environment ?

[Dick Davies]

I think that's setting an environment variable called 'when' with a
value of 'use_apt_mirror'.



On 8 May 2017 at 10:04, Stephen Tan  wrote:
>
> Will this work?
>
> environment:
> http_proxy: "{{ apt_mirror }}"
> when: use_apt_mirror
>
> So, I only want to set the environment variable when the var
> "use_apt_mirror" is true. There is no obvious documentation to suggest that
> this won't work.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/41812e74-cc33-49b4-b498-b805bae26b37%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTnppyC%3Dv_5L3aDuAxnA2_21N6ywvff8mo3L9d4%2BV_MKA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible ping hanging on a single node with no errors

[Dick Davies]

Well, back to basics.

Can you SSH to the server manually?
If so, try adding '-' to the ping task to see if that gives any clues.

On 8 May 2017 at 09:35, David Binney  wrote:
> I am trying to run an ansible ping, but it it hanging on a single hostname,
> and showing no error or log messages.
>
> [defaults]
> host_key_checking = False
> command_warnings = False
> error_on_undefined_vars = True
> gathering = smart
> #ssh_args = -o ControlMaster=auto -o ControlPersist=30m
> inventory = ~/hosts/ansible.dyn
> #transport = paramiko
>
> [ssh_connection]
> control_path = %(directory)s/%%h-%%p-%%r
>
> -
>
> ansible 2.3.0.0
>   config file = /Users/dbinney/.ansible.cfg
>   configured module search path = Default w/o overrides
>   python version = 2.7.13 (default, Dec 18 2016, 07:03:39) [GCC 4.2.1
> Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)]
>
> 
>> $ python --version
>> [±master ●●]
> Python 3.6.1
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4c929ec6-4ee5-48b2-8f5a-62f3b7a9a1df%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSK3RN6kWj7CKEHNXYG6GN_mTRM_pk8jQ5yu4Mwbc3aaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] trying to pass variable to hosts

[Dick Davies]

Those variables are set on localhost , not kfkahost0.

Why don't you just put your kafka host in a group and use group_vars?

On 7 May 2017 at 20:41,   wrote:
> I am trying to pass a variables to the hosts in a play
>
> - name: include vars
>   hosts: localhost
>   connection: local
>   tasks:
> - include_vars:
> dir: '../group_vars'
> depth: 1
>
> - name: debug
>   hosts: localhost
>   connection: local
>   tasks:
> - debug: msg="{{ kfkahost0 }}"
>
> - name: Create topic
>   hosts: "{{ kfkahost0 }}"
>   tasks:
># - name: include vars
># - include_vars: dir="../group_vars" depth="1"
>   #dir: '../group_vars'
>   #depth: 1
>
> - shell: ./app/bin/kafka/bin/kafka-topics.sh --zookeeper {{ zkhost0
> }}:2181 --create --topic {{ topic }} --partitions {{ partition }}
> --replication-factor {{ rpfactor }}
>  42,3
> Bot
>
> in the debug step i see the hostname comes out in the msg fine
>
> but in the next play it says kfkahost0 is undefined.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8c3b338e-f073-4fbe-b91d-46de1851d4c3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPT67nUg8HjLz7LwosbTULkPgxP5%2BeEZUNHOM7BSRt3wHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to get IP address from inventory file

[Dick Davies]

Your inventory doesn't say what you think it does.


[clab111] is a group, not a host, and it contains one host called '11.11.11.11',
and so on.

Inventory docs are at: http://docs.ansible.com/ansible/intro_inventory.html ,
see if that makes it any clearer.

On 4 May 2017 at 22:15, Mateusz Pańczyszyn  wrote:
> Hello,
>
> I have no idea how to solve an IP address problem. I need some tips. I have
> an inventory file with defined hosts:
>
> [clab111]
> 11.11.11.11
>
> [ clab222]
> 22.22.22.22
>
> Then I will start working on one host, for example:
>
> The path to the subtitles PLAYBOOK_NAME.yml and inv -limit "clab111"
>
> In the meantime, I will use in the playbook_name.yml, lineinfile module,
> which should replace any IP address to address of the clab111. I have all
> the regex, but I do not know how to set the variable that will contain the
> IP address from the file inventory file for that particular clab111. I tried
> with hostvars, but without success.
>
> So I need:
> - get IP address of (for example) clab111 from inventory file,
> - define variable with this clabxxx_ip: {{ my_problem }}
> - put here: sed -r 's/([0-9]{1,3}\.){3}[1-9]{1,3}'/{{ clabxxx_ip }}/g
>
> Thanks for the patience. I spent a ton of time on the "google" solution but
> without success, it's my first steps in ansible.
>
> Br,
> Mateusz
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/380b025f-6605-438f-913c-4bdf14226d83%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTt-10Krfhez-4Ai1%2B3xWO9OkxNRcfm%3DwWAu0Ode0nLvQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] suggestion for using ~/.my.cnf file

[Dick Davies]

On 4 May 2017 at 20:12, cutiee  wrote:

> Output_error:
>
>  failed: [10.100.140.230] => {"failed": true}
> msg: unable to connect, check login credentials (login_user, and
> login_password, which can be defined in ~/.my.cnf), check that mysql socket
> exists and mysql server is running

You already provide a user and password. Is the mysql server running?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTskMKRR2SJq6yTjP3PuFyVHOMKhMyWOxWNkDetzosB6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] clients, products, applications ... inventory/host

[Dick Davies]

So each client has their own VM?

If so, you can just set host_vars for each vm, and model each application as
a role - like this:

├── inventory
│   ├── host_vars
│   │   ├── client1 <- sets some_variable1, some_variable2 for client1
│   │   ├── client2
│   │   └── client3
│   └── hosts
├── roles
│   ├── application1 <- role for application1 that uses some_variable1, etc.
│   ├── application2
│   └── application3
└── site.yml   <- applies roles to the VM as appropriate



On 3 May 2017 at 23:13, Scuderia FormulaOne  wrote:
> I am looking for the 'best' practice for the following case where:
>
> there are multiple clients
> a client can have one or more products
> a product is made of  1-5  or more applications
> an application reside on a single vm
>
>
> I am looking for an example/template,  a set of instructions, or a good
> starting point for:
>
> client1 has product 1
> client2 has product 2
> client3 has both product 1-2
>
>
>
> Regards,
>
> t
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a30bbbfe-8854-458a-bf2c-329f546c6fa5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRBZcPU6E9BMb7Ey3WswMdinZzFuE2s%3DSf4VbXJjOEYWg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Is there something like "group_files"

[Dick Davies]

Be wary of looking at Ansible with an MVC perspective; the burden
of maintaining a few dozen YAML files and templates doesn't need
the overhead of OOPs baggage, and in my experience the readability
cost isn't worth it.

That said: perhaps parameterised roles would do what you want?
Passing in paths to certs. etc when you apply the role in your playbook
should give you the flexibility you want.

http://docs.ansible.com/ansible/playbooks_roles.html#id8


On 3 May 2017 at 18:14, Carlos Peñas  wrote:
> I'm a bit new to ansible and perhaps I slip pass over this feature.
>
> I've read the ansible best practices document and choosed a directory layout
> like this
>
> ansible
> ├── roles
> │   ├── ...
> │
> ├── staging
> │   ├── inventory
> │   └── group_vars
> │   ├── all
> │   ├── app
> │   └── web
> └── production
> ├── inventory
> └── group_vars
> ├── all
> ├── app
> └── web
>
>
> This is perfect for configuring different secrets and variables for
> different groups in different stages and reuse the same playbook/roles for
> any different environment which is a quite elegant solution, the problem
> comes when I need to use a "copy" or "template" task and the file varies in
> each stage, for example a server certificate which varies with the host name
> of the stack configured...
>
> In templates you can always add some logic, but this smells a bit odd to me,
> because you are tying your role to the architecture. (Correct me if I'm
> wrong but it looks like insert business logic in a view of a MVC framework).
> The same for roles' tasks lists
>
> As far as I know ansible looks for files in each ./files/ directory of the
> related role
>
> Is there another path dependant of the inventory used were I can store stage
> dependant files that the roles can refer only by basename?
>
> If there isn't
>
> Any way to emulate it (maybe adding something like a search path at playbook
> level) ?
>
> Thanks
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6f3b5673-6217-4a2b-b616-d72ff9cc49f8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPT%3DSxCw4n8Nh_%3DKwRZRZDxDEczD50GcdgBijEpZpTibaA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] get value from command line in playbook

[Dick Davies]

There probably is a way to hack it

(e.g. inventory_file minus inventory_dir , see


http://stackoverflow.com/questions/18839509/where-can-i-get-a-list-of-ansible-pre-defined-variables

)

but I've done this myself by just setting a common variable in
inv/*/group_vars/all
and referencing that.

On 2 May 2017 at 10:52, 'Anand Dasari' via Ansible Project
 wrote:
> Hi
>
> is there anyway i can get value from command line arguments
>
> for eg.,  my command line is
>
> ansible-playbook -i inv/sit1 playbooks/sit1/test.yml
>
> in test.yml i want to capture the value   from  inv/sit1  as   sit1,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/412cd46c-a5f1-44f8-91bb-b6ef1f2e2f68%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSMOYBML6jUj88HtYGPOcRdX3%2Bsn16gwQA1GmYfJi%3Db%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Python Annoying error when connecting to target machines

[Dick Davies]

It looks like your install of Python isn't complete, or you're missing
some required env.
vars.

Back to your UNIX team?

On 2 May 2017 at 18:24, Anthony Youssef  wrote:
> Hi,
>
>
> i am facing an error that is blocking my work on ansible. i am trying to
> connect from my control machine to a big number of hosts to execute remote
> commands (around 1000 hosts).
>
> some of these target hosts didn't have python2.6 installed under
> /usr/bin/python, thus i was not able to connect to them.
>
> Unix team suggested to put python2.6 under a shared location and thus all
> machines will be able to connect to it(shared
> location=./nettools/python_ansible/bin/python), i updated my
> "group_vars/all" to point to this location, as per below
>
>  ansible_python_interpreter: /nettools/python_ansible/bin/python
>
> now when trying to connect to remote hosts, i faced many issues related to
> libraries
>
> hp214srv | FAILED! => {
>  "changed": false,
>  "failed": true,
>  "module_stderr": "ld.so.1: python: fatal: libpython2.6.so.1.0: open failed:
> No such file or directory\n/bin/bash: line 1: 3469 Killed
> /nettools/python_ansible/bin/python\n",
>  "module_stdout": "",
>  "msg": "MODULE FAILURE"
> }
>
> only machines having python2.6 installed locally were still able to connect
> since libpython2.6.so.1.0 was found locally (i knew this after running ldd
> on the python executable)
>
> what i did next, is that i created a wrapper
> /nettools/python_ansible/bin/python.sh and below is the code inside the
> wrapper
>
> hp225srv autoengine /usr/local/quality/test/bin/
> bash$ vi python.sh
> "python.sh" 6 lines, 1088 characters
> #!/bin/bash
> export
> PATH="/nettools/subversion/bin:/nettools/python/bin:/nettools/cmake/cmake-2.6.1/bin:/nettools/sudo/sudo1.7.2p1/bin:/usr/local/java/jdk1.7.0_79/bin:.:/usr/local/bin:/usr/bin:/bin:/nfshome/nonuser/autoengine/bin:/usr/sfw/bin:/usr
> /local/tex/bin/:/etc:/usr/etc:/usr/openwin/bin:/usr/ccs/bin:/opt/csw/bin:/opt/HPQhealth/sbin/:/opt/HPQacucli/sbin/:/sbin:/usr/sbin:/usr/local/tools:/nettools/tools:/nettools/sunstudio/sunstudio11/SUNWspro/bin:/opt/oracle/11204/bin:/op
> t/sybase/oc12.5.1-EBF12837/OCS-12_5/bin:/nettools/bin:/nfs_tools/common/scripts:/nfs_tools/common/operate:/nfs_tools/common/globalqa:/usr/ucb:/opt/sfw/bin:/usr/sbin:/nettools/python_ansible/bin"
> export
> LD_LIBRARY_PATH="/usr/local/lib:/usr/local/ssl/lib:/opt/sfw/lib:/usr/lib:/nettools/sunstudio/sunstudio11/SUNWspro/lib:/opt/oracle/11204/lib:/nettools/sudo/sudo1.7.2p1/lib:/nettools/cmake/cmake-2.6.1/share/cmake-2.6/Lib:/nettool
> s/python/lib:/nettools/lib:/usr/ucblib:/nettools/subversion/lib:/nettools/python_ansible/lib"
> export PYTHONHOME="/nettools/python_ansible"
> echo "ayoussef"
> exec /nettools/python/bin/python "$@"
>
>
> this time where running ansible -m ping
> dell190srv,dell201srv,dell027srv,hp214srv,hp244srv  from control machine i
> got the below output
>
>
> hp244srv | FAILED! => {
>  "changed": false,
>  "failed": true,
>  "module_stderr": "Could not find platform independent libraries
> \nCould not find platform dependent libraries
> \nConsider setting $PYTHONHOME to
> [:]\n'import site' failed; use -v for
> traceback\nTraceback (most recent call last):\n File \"\", line 4, in
> \nImportError: No module named os\n",
>  "module_stdout": "",
>  "msg": "MODULE FAILURE"
> }
> hp214srv | FAILED! => {
>  "changed": false,
>  "failed": true,
>  "module_stderr": "ld.so.1: python: fatal: relocation error: file
> /nettools/python_ansible/lib/libpython2.6.so.1.0: symbol fdatasync:
> referenced symbol not found\n/bin/bash: line 1: 5699 Killed
> /nettools/python_ansible/bin/python.sh\n",
>  "module_stdout": "",
>  "msg": "MODULE FAILURE"
> }
> An exception occurred during task execution. To see the full traceback, use
> -vvv. The error was: NameError: name 'false' is not defined
> dell201srv | FAILED! => {
>  "changed": false,
>  "failed": true,
>  "module_stderr": "Traceback (most recent call last):\n File \"\",
> line 1, in \nNameError: name 'false' is not defined\n",
>  "module_stdout": "",
>  "msg": "MODULE FAILURE"
> }
> An exception occurred during task execution. To see the full traceback, use
> -vvv. The error was: NameError: name 'false' is not defined
> dell190srv | FAILED! => {
>  "changed": false,
>  "failed": true,
>  "module_stderr": "Traceback (most recent call last):\n File \"\",
> line 1, in \nNameError: name 'false' is not defined\n",
>  "module_stdout": "",
>  "msg": "MODULE FAILURE"
> }
> dell027srv | UNREACHABLE! => {
>  "changed": false,
>  "msg": "SSH Error: data could not be sent to the remote host. Make sure
> this host can be reached over ssh",
>  "unreachable": true
> }
>
>
> this is really annoying as it is blocking my progress in learning this tool,
> i am in the middle of the course and i like it.
>
> Please can anyone help me and tell me what is missing, why i am not able to
> connect to these machines, and what is the best way to do so?
>
> i have been 

Re: [ansible-project] New to Ansible - need to pull hostname and ip from facts for template.

[Dick Davies]

You can iterate over the group and access hostvars['server name'].
Assuming your backends are in a group called 'backends'
something like this should work:

{% for host in groups['backends'] %}
{% set h = hostvars[host] %}
   server name {{ h.name }} {{ h.ip }} check
{% endfor %}

On 1 May 2017 at 21:18, Owen Corcoran  wrote:
>
> Hey all,
>
> Im trying to pull the hostname and ip of the hosts in a specific host group
> from the facts gathered when the ansibe playbook runs to gather it facts.
>
> Im trying to use the hostname and ip for both my two target hosts to
> dynamically populate a haproxy config file using the jinja2 templating
> support
>
> Ive got the templating working perfectly but i cannot find a way to
> reference these facts and interate over them within the template.
>
> I know in the template we can do
>
> {% for item in hosts %}
> server name {{ host.name }} {{ host.ip }} check
> {% endfor %}
>
> How can i get the facts i need into either array or dictionary so i can
> iterate through them and populate the template.
>
> Owen
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/14f3f918-d267-48d2-a242-28d158e960c3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTOJxZaO2bHZsD0rXxJ-1ub0uco7uxTXr3zwF43RQNuTw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to filter dictionary entries using Jinja

[Dick Davies]

If each mount was managed by a role, you could just apply those
roles to the (groups holding) the relevant servers.

You'll need to have multiple data structures, one per role, but that's
probably going to 'work with the grain' of Ansible better.



On 26 April 2017 at 15:20, Frank Thommen  wrote:
> Dear all,
>
> I'm at a loss as to how to filter entries fom a dictionry based von specific
> host variables.  In the concrete case we have a long list of possible NFS
> mounts which should be applied according to the hosts' class.
>
>
> Our hostlist would be like:
>
> host1 class=cluster
> host2 class=cluster
> host3 class=server
>
>
> our dictionary of possible mounts would e.g. be:
>
> ---
> /mnt/1:
>   name:   /mnt/1
>   src:server:/exports/1
>   fstype: nfs
>   state:  mounted
>   class:
> - cluster
>
> /mnt/2:
>   name:   /mnt/2
>   src:server:/exports/2
>   fstype: nfs
>   state:  mounted
>   class:
> - cluster
> - server
>
> /mnt/3:
>   name:   /mnt/3
>   src:server:/exports/3
>   fstype: nfs
>   state:  mounted
>   class:
> - cluster
> ...
>
>
> I.e I'd like all three mounts to be available on hosts of the class
> "cluster" and /mnt/2 (but not the other two mounts) on hosts of the class
> "server".
>
> The current playbook (which applies all mounts to all hosts) is
>
> ---
> - hosts: '{{ target }}'
>   gather_facts: no
>   serial: 5
>
>   tasks:
>- include_vars:
>file: ./mounts-dict.yml
>name: fs
>
>- name: "Add NFS mounts"
>  mount:
>   name:   "{{ item.value.name   }}"
>   fstype: "{{ item.value.fstype }}"
>   src:"{{ item.value.src}}"
>   state:  "{{ item.value.state  }}"
>  with_dict: "{{ fs }}"
> ...
>
>
> The playbook is run with `ansible-playbook ./nfs-mounts.yml
> --extra-vars="target=".
>
> What I'd need is a syntax, which checks for each mount in the dictionary, if
> one of it's (possibly multiple) classes matches the (single) class of the
> server and then applies the mount.  I could not find a usable Jinja-Syntax
> which I could use together with `when`.  I'd appreciate any hint or pointer
> to achieve this task.
>
> Thanks
> frank
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a0fbe52c-a1bc-f33e-985e-216dac495630%40drosera.ch.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRZ5oxxoZfyR-MuJF-B0%2BJnmaXmxzJz09poE%2BErKPwJdw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to check the physical memory and free disk is greater than some value?

[Dick Davies]

I'd use facts for that. The ones you want are probably

ansible_memtotal_mb

(total RAM in Mb)

and

ansible_mounts

(which gives free bytes per mounted device)

On 26 April 2017 at 15:16, Swathi Cutie  wrote:
> How to write an ansible task to check if the physical memory >=128 MB and
> free disk is >= 256 MB. i tried to get the output but i am not sure how to
> proceed further.
>
>
> # Check the physical disk memory 128 MB and free disk 256 MB
>  - name: check the physical memory
>command: free -m
>register: phy_mem
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e1c356ca-d4a1-4462-93b0-988d4de133c6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSd91qNzJHti6tirRu2ng_G1HnKk506PBsVrMNSTKhiaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] New to ansible, trying to get ping to work but getting Paramiko/SSH errors

[Dick Davies]

An 'Ansible ping' checks that Python is on the remote host - cisco iOS
probably doesn't
have that, so you'd manage it with ansible modules running on your ansible host.

On 25 April 2017 at 21:11, Mini  wrote:
> Hi Ravi,
>
> Could you please tell how you made it work. what does this mean " fully
> qualified hostname" ?
> I am able to ssh using username@ip address but unable to ping it.
>
> I am using CentOS 7 and the host machine is a Cisco IOS router.
>
> Thanks!!
>
>
> On Tuesday, January 5, 2016 at 11:20:56 AM UTC-6, Ravi B wrote:
>>
>> Hi Toshio,
>> You're right!! I was not able to ssh to 127.0.0.1.
>> $ ssh 127.0.0.1
>> ssh_exchange_identification: Connection closed by remote host
>>
>> Then I replaced 127.0.0.1 with the fully qualified hostname. After that it
>> worked ( I had to give the --ask-pass option to the command)
>>
>> $ ansible all -m ping --ask-pass
>> SSH password:
>>  | SUCCESS => {
>> "changed": false,
>> "ping": "pong"
>> }
>>
>> Thank you Toshio and Chun-Hung for all your help! I can't thank you enough
>> as it solved my headache.
>>
>>
>> On Tuesday, January 5, 2016 at 9:47:13 AM UTC-5, tkuratomi wrote:
>>>
>>> Ssh 127.0.0.1 works?
>>> Does ansible all -m ping -c ssh work ?
>>>
>>> -Toshio
>>>
>>> On Jan 4, 2016 8:27 AM, "Ravi B"  wrote:

 Hi everyone,
 I'm new to ansible and trying to get the basing ping working on
 local host (127.0.0.1 in the $ANSIBLE_HOSTS file) but keep running into
 problems.I thought the problem was python3 that was installed on the
 machine, but I uninstalled python3 (deleted the python3 binaries and
 reinstalled ansible from source). I'm still getting the same error with
 ansible (see the error below in red).
 The command "ansible all -m ping" is not working.

 # python -V
 Python 2.7.11

 # pip install --upgrade paramiko
 Requirement already up-to-date: paramiko in
 /usr/local/lib/python2.7/site-packages/paramiko-1.16.0-py2.7.egg
 Requirement already up-to-date: pycrypto!=2.4,>=2.1 in
 /usr/local/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-linux-x86_64.egg
 (from paramiko)
 Requirement already up-to-date: ecdsa>=0.11 in
 /usr/local/lib/python2.7/site-packages/ecdsa-0.13-py2.7.egg (from paramiko)

 # cat $ANSIBLE_HOSTS
 127.0.0.1

 # ansible --version
 ansible 1.9.4
   configured module search path = None

 # ansible all -m ping
 No handlers could be found for logger "paramiko.transport"
 127.0.0.1 | FAILED => FAILED: Error reading SSH protocol banner[Errno
 104] Connection reset by peer

 I'm getting the same error with ansible 2 also
 # ansible --version
 ansible 2.1.0
   config file =
   configured module search path = Default w/o overrides

 # ansible all -m ping
 No handlers could be found for logger "paramiko.transport"
 127.0.0.1 | UNREACHABLE! => {
 "changed": false,
 "msg": "ERROR! Error reading SSH protocol banner[Errno 104]
 Connection reset by peer",
 "unreachable": true
 }

 --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-proje...@googlegroups.com.
 To post to this group, send email to ansible...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/390aff87-4911-4a6b-b58a-598671d4312a%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/445ba0a9-665b-4090-ab7d-a86d300b7c66%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRzt0G71DOnmifoU%2B99hnB8ZfGPkT6j_-oPgu4nokV4yg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Need help in exploring how to use regular expression to find the correct file name in a play book

[Dick Davies]

Might be better to list the files you want to edit as vars on each of the hosts
in your inventory.

On 25 April 2017 at 14:35, vinod kumar  wrote:
> Hi All,
>
> I am writing a play book to add below two lines to a service config file
> under /etc/xinetd.d/. The filename generally starts with oscssd*. As i have
> multiple servers, this file name is getting changed and playbook is not
> working as expected as the filename is getting change.
>
> Please let me know how can i incorporate the regular expression to find the
> correct file name. /etc/xinetd.d/oscssd* is not working with lineinfile
> module.
>
> cat xinetd.yml
> ---
> - name: xined log reduction playbook
>   hosts: test-servers
>   become: True
>   become_method: sudo
>   tasks:
>   - name: updating with log_on_success value in xinetd oscssd3001
> configuration
> lineinfile:
>   name: "/etc/xinetd.d/oscssd3001"
>   insertbefore: '^}'
>   line: 'log_on_success ='
> ignore_errors: yes
>   - name: updating with log_on_failure value in xinetd oscssd3001
> configuration
> lineinfile:
>   name: "/etc/xinetd.d/oscssd3001"
>   insertbefore: '^}'
>   line: 'log_on_failure ='
> ignore_errors: yes
>   - name: updating with log_on_success value in xinetd oscssd5001
> configuration
> lineinfile:
>   name: "/etc/xinetd.d/oscssd5001"
>   insertbefore: '^}'
>   line: 'log_on_success ='
> ignore_errors: yes
>   - name: updating with log_on_failure value in xinetd oscssd5001
> configuration
> lineinfile:
>   name: "/etc/xinetd.d/oscssd5001"
>   insertbefore: '^}'
>   line: 'log_on_failure ='
> ignore_errors: yes
>   - name: Reload of xinetd services
> service:
>   name: xinetd
>   state: reloaded
>
>
> Thanks in advance.
>
> Regards,
> Vinod.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/96f43351-b409-46d1-9bea-b16d2abc58b5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQDNM9ZRZbDU1atF1Tx-WG-zsUUk1%3Dv%3D00YVPxD3CzpsQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: getting error while trying to create my own role

[Dick Davies]

It is, or the task wouldn't have run.

OP: Your role looks broken, but you haven't show that.

Probably /usr/bin/lsb_release doesn't exist on localhost.

On 25 April 2017 at 12:30,   wrote:
>
>
> your file role must be in the path ansible/roles/own_test/tasks/main.yml
>
>
> El martes, 25 de abril de 2017, 11:49:28 (UTC+2), acharya tejaswi indurthi
> escribió:
>>
>> Hi,
>>
>> I am trying to create a new role from my playbook. I had created a file
>> with the created role
>>
>> ---
>> - hosts: localhost
>>   connection: local
>>   gather_facts: yes
>>   roles:
>>- own_test
>>
>> when i am trying with ansible-playbook own_role.yml getting an error
>>
>> PLAY [localhost]
>> ***
>>
>> TASK [setup]
>> ***
>> fatal: [localhost]: FAILED! => {"changed": false, "cmd":
>> "/usr/bin/lsb_release -a", "failed": true, "msg": "[Errno 2] No such file or
>> directory", "rc": 2}
>> to retry, use: --limit @/etc/ansible/playbooks/own_role.retry
>>
>> PLAY RECAP
>> *
>> localhost  : ok=0changed=0unreachable=0
>> failed=1
>>
>> where is the mistake.Can anyone help me
>>
>> Thanks,
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/47c87c16-618e-43f9-8ee2-b5288ffcd49c%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQAEFackZwfdjuXrKK2NxbGF%3DyGYddsZP1tKPjj7OhHmA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] template backup names?

[Dick Davies]

I'm guessing its intended to prevent collisions rather than as an audit tool?

On 21 April 2017 at 14:58, Dave Martin  wrote:
> So, why is there a process ID in the extension added to the backup file
> created by a template action?  Any why not put it at the end so they sort
> correctly?
>
> The process id is ephemeral - by the time you go look a the file, that
> process is long gone.  What use is it?
> --
> --
> Nobody believed that I could build a space station here.  So I built it
> anyway. It sank into the vortex.  So I built another one.  It sank into the
> vortex.  The third station burned down, fell over then sank into the vortex.
> The fourth station just vanished.  And the fifth station, THAT stayed!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAA2%3Dfcq_xwTYTMBhVPfT3N0wwoGkkzFJfp5Oi9PuBOi37K3irw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQLx5MkKCEspCKe-0a6Fjoa%2B14HEp3Bu%2BdyMrPZufGrQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Seamless provisioning, install and configuration automation in Ansible

[Dick Davies]

I've never used Azure but this looks like what you want:

https://azure.microsoft.com/en-us/blog/custom-data-and-cloud-init-on-windows-azure/



On 18 April 2017 at 03:42, Madhava Rao <mrao8...@gmail.com> wrote:
> Could you please point to some links on how it can done through Azure?
>
> Thanks,
>
> On Thursday, April 13, 2017 at 2:05:37 PM UTC-4, Dick Davies wrote:
>>
>> Are you able to modify the VM templates? That would be simplest.
>> Depending on your virtualiser there is usually a way to run a 'first boot'
>> step
>> on newly created VMs; that might be another way to get the initial pubkey
>> (that Ansible will use) installed.
>>
>> On 13 April 2017 at 03:23, Madhava Rao <mrao...@gmail.com> wrote:
>> > Hi,
>> >
>> > I'm automating a QA environment which involves provisioning VM's on the
>> > cloud and installation of Kubernetes cluster. I'm able to install and
>> > configure Kubernetes on the VM's after provisioning thanks to the
>> > Kubernetes
>> > Contrib.
>> >
>> > I would like to know how I can provision a VM, copy the public keys to
>> > the
>> > VM created, and proceed with the installation of Kubernetes without
>> > manual
>> > intervention. Currently I can't figure out a way in which I can copy the
>> > ssh
>> > keys to the provisioned VM without the password prompt. Any directions
>> > on
>> > how to achieve this would be very helpful.
>> >
>> > Thanks,
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/8ac66980-9292-40ef-98a7-89d095e64ce4%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRad%2BddEbGHomGxpGo9%2BYCw2rSind80MMFQav%3DcE8Q%3DxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Seamless provisioning, install and configuration automation in Ansible

[Dick Davies]

Are you able to modify the VM templates? That would be simplest.
Depending on your virtualiser there is usually a way to run a 'first boot' step
on newly created VMs; that might be another way to get the initial pubkey
(that Ansible will use) installed.

On 13 April 2017 at 03:23, Madhava Rao  wrote:
> Hi,
>
> I'm automating a QA environment which involves provisioning VM's on the
> cloud and installation of Kubernetes cluster. I'm able to install and
> configure Kubernetes on the VM's after provisioning thanks to the Kubernetes
> Contrib.
>
> I would like to know how I can provision a VM, copy the public keys to the
> VM created, and proceed with the installation of Kubernetes without manual
> intervention. Currently I can't figure out a way in which I can copy the ssh
> keys to the provisioned VM without the password prompt. Any directions on
> how to achieve this would be very helpful.
>
> Thanks,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8ac66980-9292-40ef-98a7-89d095e64ce4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR%3DGmbYm%3DK5j9Rz7nVwoyjN%2BYQMghGk0tvBJTfCCBjo9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to detect which role called an other role in case of role dependency

[Dick Davies]

This sounds like you're re-discovering why OOP is such a pain in the arse.

Sorry to be glib but I see this a lot and it's usually easier for everyone if
you just avoid the whole meta dependency thing altogether, it's always
a maintenance
hassle. If you get this to work it's just another maintenance headache
for you or
the next guy who maintains this playbook.



On 10 April 2017 at 13:58,   wrote:
> Hi,
>
> I have a playbook with many roles plus a common role that is used by each
> other roles.
> Basically, this common role is used because I have some tasks that are
> applicable for all roles, obviously, I don't want to rewrite these tasks as
> many time as I have a role.
> Recently I encountered a case where I need a task to be played for all roles
> except only one. Therefore, I'm looking for a way to detect which role
> issued the call to the common role due to dependency so I could filter when
> to skip the task or not with a simple `when` statement.
>
>
>
> ├── roles
> │   ├── common
> │   │   ├── defaults
> │   │   │   └── main.yml
> │   │   └── tasks
> │   │   ├── main.yml
> │   │   └── test.yml
> │   ├── first_role
> │   │   ├── meta
> │   │   │   └── main.yml
> │   │   └── tasks
> │   │   └── main.yml
> │   └── second_role
> │   ├── meta
> │   │   └── main.yml
> │   └── tasks
> │   └── main.yml
> └── site.yml
>
>
>
> The only way I see at the moment to achieve that would be something like
> following:
>
>
> # ./hosts[group1]
> laptop ansible_host=127.0.0.1
>
>
>
> # ./site.yml
> ---
> - hosts: group1
>   roles:
> - first_role
>
>
>
> # ./roles/first_role/meta/main.yml
> ---
> dependencies:
>   - { role: common, parent_role: "first_role" }
>
>
>
> # ./roles/common/defaults/main.yml
> ---
> parent_role:
>
>
>
> # ./roles/common/tasks/main.yml
> ---
> - name: common task
>   debug:
> msg: "I'm a common task"
>
>
> - name: common task but not for all roles
>   debug:
> msg: "I'm not a common task for all roles"
>   when: parent_role != 'first_role'
>
>
>
>
> 1/ The fact that I need to hardcode the rolename is not something really
> clean I think.
>
> 2/ I'm obliged to declare a default variable for `parent_role` to avoid an
> error message :
>
> "The error was: 'parent_role' is undefined"
>
> Indeed, when my common role is played and was not called by my role that
> doesn't need to exclude the task from being played, I'll get this error
> since I do not pass the `parent_role` variable from the other roles.
>
>
> Maybe someone know a nicer way to do this ?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7cd49c8c-99bf-4758-bb1c-129c80306abd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPT4SOeMysn_ZUh8aLvhH3EF2%3DvSTT5QM6eiEeKzuohhow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible motd changed login prompt

[Dick Davies]

That looks like your inventory_hostname was an IP that started
with 10 and the hostname pieces are splitting this like an FQDN.

What does 'hostname' come back with now, I'm guessing '10'?

On 5 April 2017 at 14:19, Robert Recchia  wrote:
> This is weird and I am not sure of what really caused it all I know is I
> just wanted to start making motd files bit more useful.  Created this simple
> playbook
>
> ---
> - hosts: web
>   user: root
>   tasks:
>   - name: Ensure the MOTD file is present and updated
> template:
> src: motd
> dest: /etc/motd
> owner: root
> group: root
> mode: 0644
>   - name: Ensure the hostname is the same of the inventory
> hostname:
> name: "{{ inventory_hostname }}"
>
> using this template
>
> This system is managed by Ansible
>   Any change done on this system could be overwritten by Ansible
> OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
> Hostname: {{ inventory_hostname }}
> Main Ip address: {{ ansible_default_ipv4.address }}
> All connections are monitored and recorded
> Disconnect IMMEDIATELY if you are not an authorized user
>
> I ran this on 2 servers.  The login prompt changed for example to this
> [root@10 ~]#
>
>  ansible --version
>
> ansible 2.2.1.0
>
>   config file = /etc/ansible/ansible.cfg
>
>   configured module search path = Default w/o overrides
>
>
> I have checked ~/.bashrc /etc/bashrc /etc/profile i see nothing that would
> have changed the prompt.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e10c0bab-ae6b-4bce-b318-4c98295d3b8f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQP3fv%3DB4iZv_f5%2Bm-pQ24jBykMRvyM90G%3DEk_%3Dmg_hhA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Installing preview module subscription-manager

[Dick Davies]

If you just make a directory library/ in your playbook directory
and put the .py in there, Ansible should pick it up when you run your play.

On 30 March 2017 at 22:38, William Muriithi  wrote:
> Good afternoon,
>
>
> [william@cacti ~]$ ansible --version
> ansible 2.1.1.0
>   config file = /etc/ansible/ansible.cfg
>   configured module search path = Default w/o overrides
>
> I am using ansible on RHEL 6 systems.  I am aware I can use command to
> enrol a system to RedHat subscription, but I prefer module unless
> nothing ideal is around.
>
> I noticed there is a module to handle subscription and would like to
> try it.  I can't however find a way of installing preview module
>
> http://docs.ansible.com/ansible/redhat_subscription_module.html
>
> Is there a link somewhere on how to go about this process?
>
> Regards,
> William
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/CAE9rU%2B7OPeeuHAaLWCuu83%2B4oQ-PFXU0q8gEBS0c4GcTzNc_Zw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRbXJSXmspwVaghPOkcg8fUBF0k-ke5o3n-3L_-nqH7mA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] "This module requires the passlib Python library"}

[Dick Davies]

what version of passlib? docs say 1.6 or better. IIRC EPEL6 has 1.5.something.
EL7 should be ok.

On 29 March 2017 at 17:52, Matthew Cooper  wrote:
> I'm hoping someone can help me out.
>
> I have a playbook to install Graylog2 on an EC2 host. The playbook fails on:
>
> 'TASK [graylog : setting nginx pass]'
>
> with the following error:
>
> 'FAILED! => {"changed": false, "failed": true, "msg": "This module requires
> the passlib Python library"}'
>
> Within the .yml file for this particular role I have:
>
> - name: install python-passlib
>   yum: name=python-passlib state=present
>   tags: graylog2
>
> which is before the setting nginx pass task:
>
> - name: setting nginx pass
>   htpasswd: path=/etc/nginx/htpasswd.users name=name password=password
> owner=root group=root mode=0640
>   tags: graylog2
>
>
> Has anyone else come across this issue previously? Any advice on how to
> resolve?
>
> Thanks, Matt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/79b207eb-1841-456a-9887-9cf8e9762c3f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTVsLeQ50LDwhvXk9-wKEtuTLGgAMgdWe3zicPLqHFUjQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to read sub-members from group, within YAML file (i.e. like custom Ansible hosts file)

[Dick Davies]

Hi Bhavin

I may be wrong but it sounded like you are generating this file yourself.
So if instance-id is invalid, why not use instance_id instead?

If it's an inventory there's no need to use a lookup_ function, just pass
that to the next playbook.

e.g.


ansible-playbook createinstances.yml  # you run this to create hosts
and write the host file

ansible-playbook -i host_file do_something.yml # use the generated
file as an inventory

On 27 March 2017 at 11:58, Bhavin Parmar <bhavinjpar...@gmail.com> wrote:
> Thanks, Dick Davies,
>
> I have few related queries:
>
> 1. As best of my understanding Instance-Id is not a valid key world to be
> placed in an Ansible hosts file. Is it okay, if we place such keywords
> without making them comment (#)? Will it create any problem, when such host
> inventory file will be used with Ansible for normal host reference?
>
> 2. Do have to use lookup only? Lookup with with_items? Please, can you give
> some example or URL to example?
>
> 3. In case, above method is not best practice, please, can you also suggest
> which ansible module can process INI file placed at the custom location?
>
> Thanks and regards,
>
>
> On Monday, March 27, 2017 at 12:47:34 PM UTC+5:30, Dick Davies wrote:
>>
>> That's an .ini file , not a yaml file.
>>
>> Why don't you just uncomment the key1= part?
>> Then you can use it as an inventory directly and be able to access
>> both instance-id and key1 as host vars.
>>
>> Personally I'd split this into 2 plays - one provisioner (that has the
>> file creation as its last task) and one to use for setting up the
>> instances
>> for service that uses the previously generated inventory file as its
>> inventory.
>>
>> (I would be remiss not to mention dynamic inventory here, so I am)
>>
>> On 27 March 2017 at 06:13, Bhavin Parmar <bhavin...@gmail.com> wrote:
>> > One of my Ansible roles is creating AWS infrastructure. Same time, it
>> > also
>> > creates YAML file, like Ansible hosts file. Structure is as follow:
>> >
>> > [master]
>> > 1.1.1.1 instance-id=i-0 # key1=val1
>> > 2.2.2.2 instance-id=i-0 # key1=val2
>> > 3.3.3.3 instance-id=i-0 # key1=val3
>> >
>> > [nodes]
>> > 4.4.4.4 instance-id=i-0 # key1=val4
>> > 5.5.5.5 instance-id=i-0 # key1=val5
>> > 6.6.6.6 instance-id=i-0 # key1=val6
>> > 7.7.7.7 instance-id=i-0 # key1=val7
>> > 8.8.8.8 instance-id=i-0 # key1=val8
>> > 9.9.9.9 instance-id=i-0 # key1=val9
>> >
>> > It would be stored at some custom location (i.e.
>> > common/vars/inventory.yml).
>> >
>> > My query is how to get an instance-id and key1 value from the above
>> > file?
>> > Where key1 is commented and instance-id is not commented?
>> >
>> > Please, someone can provide some hint?
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/b37ddd1b-9ca8-4b54-8d46-0df22d804b2e%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQfg1tu7j1hjyXZW7-wDNr6pw-ZEjoF6LmzPXJG2uqXOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to read sub-members from group, within YAML file (i.e. like custom Ansible hosts file)

[Dick Davies]

That's an .ini file , not a yaml file.

Why don't you just uncomment the key1= part?
Then you can use it as an inventory directly and be able to access
both instance-id and key1 as host vars.

Personally I'd split this into 2 plays - one provisioner (that has the
file creation as its last task) and one to use for setting up the
instances
for service that uses the previously generated inventory file as its inventory.

(I would be remiss not to mention dynamic inventory here, so I am)

On 27 March 2017 at 06:13, Bhavin Parmar  wrote:
> One of my Ansible roles is creating AWS infrastructure. Same time, it also
> creates YAML file, like Ansible hosts file. Structure is as follow:
>
> [master]
> 1.1.1.1 instance-id=i-0 # key1=val1
> 2.2.2.2 instance-id=i-0 # key1=val2
> 3.3.3.3 instance-id=i-0 # key1=val3
>
> [nodes]
> 4.4.4.4 instance-id=i-0 # key1=val4
> 5.5.5.5 instance-id=i-0 # key1=val5
> 6.6.6.6 instance-id=i-0 # key1=val6
> 7.7.7.7 instance-id=i-0 # key1=val7
> 8.8.8.8 instance-id=i-0 # key1=val8
> 9.9.9.9 instance-id=i-0 # key1=val9
>
> It would be stored at some custom location (i.e. common/vars/inventory.yml).
>
> My query is how to get an instance-id and key1 value from the above file?
> Where key1 is commented and instance-id is not commented?
>
> Please, someone can provide some hint?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b37ddd1b-9ca8-4b54-8d46-0df22d804b2e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPThNTmGLNnyTm2DRw0%2B-0ehuVYkpUYOLC%2B_ydvTYhe0LQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not completely installing Elasticsearch RPM package via YUM

[Dick Davies]

I'd start by going through /var/log/yum.log, maybe something went boom
and was logged there?

On 21 March 2017 at 17:06, Tom Albrecht  wrote:
> This has me tearing my hair out, only because I don't know how to go about
> debugging this.
>
> Versions:
> # ansible --version
> ansible 2.2.1.0
> config file = /etc/ansible/ansible.cfg
> configured module search path = Default w/o overrides
>
> (This is current version in EPEL)
>
> Trying to install elasticsearch-2.4.4-1.noarch from the graylog repo.  Our
> system is disconnected from the Internet, so we've created our own yum
> repositories that are properly configured on the clients.
>
> When I log onto my graylog server and do a "yum install elasticsearch", the
> package installs correctly.  However, I want to run a simple playbook
> against the server that does the following:
>
> - name: Install ElasticSearch
> yum:
>   name: elasticsearch
>   state: present
>   update_cache: yes
>
> When I run this playbook, it looks as though the package installs, but
> checking the server, it doesn't install a few of the files in the package:
>
> # rpm -qa elasticsearch
> elasticsearch-2.4.4-1.noarch
>
> # rpm -V elasticsearch
> missing   c /etc/elasticsearch/elasticsearch.yml
> missing   c /etc/elasticsearch/logging.yml
> missing   c /etc/init.d/elasticsearch
> missing   c /etc/sysconfig/elasticsearch
> missing   c /usr/lib/systemd/system/elasticsearch.service
>
> It's a challenge to me to figure out whether the problem is with Ansible or
> with the package itself, but I'm not sure what Ansible would be doing
> different when it runs the yum installation than when it's installed
> manually.
>
> Any help in debugging this would be greatly appreciated.
>
> Tom Albrecht III
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1af451c1-13b8-486c-b49a-31d2fdec5eb6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTFOwjnAec0O%3DNm1k_5E5ZZ3oNPY7i2ZsYBG0-oXtAZaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Basic Ansible Ping Module Question

[Dick Davies]

Ansibles ping: task checks the host is 'manageable' - that login
works, python is recent enough and can generate json.

If the host is unreachable that sounds unlikely. Can you SSH to it?


On 18 March 2017 at 20:08, jerewrig12345  wrote:
> I'm just learning the Ansible basics in my lab. I have an Ansible VM that
> can't ping my virtual router. I have purposely shutdown the router interface
> for testing. Even though the router is down, the Ansible ping module makes
> it appear as if it is up. I thought this was designed to quickly check if my
> hosts were reachable via ssh but I could be wrong. What is this module
> really doing? Yes I'm new to this so apologies in advance for the basic
> questions. Thanks!
>
> @ubuntu:~/jw-ansible$ ansible --version
>
> ansible 2.2.1.0
>
>   config file = /home/jeremywright/jw-ansible/ansible.cfg
>
>   configured module search path = ['/usr/share/ansible']
>
>
> jeremywright@ubuntu:~/jw-ansible$ ping 192.168.7.56
>
> PING 192.168.7.56 (192.168.7.56) 56(84) bytes of data.
>
> ^C
>
> --- 192.168.7.56 ping statistics ---
>
> 3 packets transmitted, 0 received, 100% packet loss, time 2010ms
>
>
> jeremywright@ubuntu:~/jw-ansible$ ansible -i hosts 1000v -m ping
>
> 192.168.7.56 | SUCCESS => {
>
> "changed": false,
>
> "ping": "pong"
>
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3637d0a1-0bc0-49fd-817f-855483ea66a1%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQDhaSo3D0cCaA9OBTMYeL6jD97y2wDjJfEK5Wr8DbYTg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] File name of the current playbook

[Dick Davies]

Simple but guaranteed to work: set a var in the playbook, use that.

On 15 March 2017 at 13:07,   wrote:
> Hello,
>
> I was looking for a way to get the file name of the current playbook.
>
> Found an old thread, but no workarounds or solutions there.
> https://groups.google.com/forum/#!searchin/ansible-project/playbook_dir|sort:relevance/ansible-project/JMh1zguAAbI/crMsJP-rLZoJ
>
> Our use case is that we would like to log some message in an include with
> the the playbook file (not the playbook include).
>
> "playbook_dir" is out there, but it holds the directory that the playbook is
> in.
>
> Any solutions/workarounds?
>
> Cheers
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ebc938fc-54cb-40a3-8ffc-1f6bffe7e6ce%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR7i9d-BnQz2o-g5pOxHJTPM78zqVeJ7OaUZQmrShn7Ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Put anisble up and running example in a role with add_host

[Dick Davies]

You could use delegation to run some of the tasks on another machine
(in this case localhost).

But to be honest I wouldn't, personally I'd split this into 2 plays.

On 12 March 2017 at 04:33, Zhu Wayne  wrote:
> Is it possible to pack the following into a single role? My understanding
> that a role ONLY can be run on a defined set of hosts.
>
> - name: Provision a vagrant machine
>   hosts: localhost
>   vars:
>
> box: trusty64
>   tasks:
>
> - name: create a Vagrantfile
>   command: vagrant init {{ box }} creates=Vagrantfile
>
> - name: Bring up a vagrant server
>   command: vagrant up
>
> - name: add the Vagrant hosts to the inventory
>   add_host: >
>
> name=vagrant
> ansible_ssh_host=127.0.0.1
> ansible_ssh_port=
> ansible_ssh_user=vagrant
>
> ansible_ssh_private_key_file=/Users/lorinhochstein/.vagrant.d/
> insecure_private_key
>
>
> - name: Do something to the vagrant machine
>   hosts: vagrant
>   sudo: yes
>   tasks:
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e65e7792-1911-4bd7-a773-2c13e08d20dd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQfQMZWt5WGBpWZNntP4M375wXanExpVVUjmv%3Dhgetozw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Crons on a collection of servers

[Dick Davies]

Why don't you just set disabled: as a var, and then set that either
true or false on each server/group
as needed?

On 8 March 2017 at 16:27, Ed Greenberg  wrote:
> We have a collection of load balanced web servers, and we have cron jobs
> spread across the server base.
>
> I would like to manage these cron jobs in Ansible.
>
> The current state is to have all the cron jobs on all the servers, disabled,
> and then to selectively enable the ones that need to run on each server.
>
> On my test server, I rolled out all the cron jobs as state=present
> disabled=true and got all the cron jobs, properly commented out.
>
> I can do a play as follows:
>
>
> - name: cron Update Webmin
>   cron:
> user: root
> state: present
> name: "Update Webmin"
> minute: "10"
> hour: "10"
> day: "*"
> month: "*"
> weekday: "2"
> job: "/etc/webmin/package-updates/update.pl"
>   when: ansible_hostname == 'web-node-1'
>
> But when I go into the playbook and change web-host-1 to web-host-2, that
> won't remove the job from web1.
>
> So my current thought is:
> - name: cron Update Webmin
>   cron:
> user: root
> state: present
> disabled: true
> name: "Update Webmin"
> minute: "10"
> hour: "10"
> day: "*"
> month: "*"
> weekday: "2"
> job: "/etc/webmin/package-updates/update.pl"
>
> - name: cron Update Webmin
>   cron:
> user: root
> state: present
> name: "Update Webmin"
> minute: "10"
> hour: "10"
> day: "*"
> month: "*"
> weekday: "2"
> job: "/etc/webmin/package-updates/update.pl"
>   when: ansible_hostname == 'web-node-1'
>
> This should roll all the jobs to all the servers, then enable them only
> where needed.
>
> So, for a reality check, does this seem the best method?
>
> Thanks,
>
> Ed G
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6e8f8017-e4f2-43ce-97b7-e6b684f01089%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSuvDkrP9ezfD%2BvQ%3D4Dx9B%2BtV-HiMiK8Z7jgiQuv2weUQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Failed to validate the SSL certificate for archive.apache.org:443

[Dick Davies]

Sure, see the second task here:

https://github.com/rasputnik/ansible-jira/blob/master/roles/jira/tasks/main.yml


On 7 March 2017 at 09:21, Pedro Ferro <pedro.fe...@gmail.com> wrote:
> Thanks for the help.
>
>> I just use a command: to fire off curl, that works fine
>
> Like I said my field is not IT related, so if you could give me an exemple
> how to do that I appreciate.
>
>
> Pedro
>
> segunda-feira, 6 de Março de 2017 às 19:33:43 UTC, Dick Davies escreveu:
>>
>> Your python is a bit old, so it doesn't support SNI.
>>
>> To be fair the error message is pretty helpful.
>>
>> I'm starting to see this more and more as some bigger providers start to
>> cut
>> over to SNI.
>>
>> I just use a command: to fire off curl, that works fine (I don't fancy
>> upgrading
>> all my servers python versions just yet).
>>
>> On 6 March 2017 at 18:00, Pedro Ferro <pedro...@gmail.com> wrote:
>> > Hi,
>> >
>> > Have this yml file
>> >
>> > ---
>> > - hosts: localhost
>> >   sudo: yes
>> >
>> >   tasks:
>> > - name: download solr-5.1.0.tgz
>> >   get_url:
>> > url:
>> > https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz
>> > dest: /tmp/solr-5.1.0.tgz
>> >
>> >
>> > And got this error:
>> > TASK [download solr-5.1.0.tgz]
>> > *
>> > fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg":
>> > "Failed to validate the SSL certificate for archive.apache.org:443. Make
>> > sure your managed systems have a valid CA certificate installed. If the
>> > website serving the url uses SNI you need python >= 2.7.9 on your
>> > managed
>> > machine or you can install the `urllib3`, `pyopenssl`,
>> > `ndg-httpsclient`,
>> > and `pyasn1` python modules to perform SNI verification in python >=
>> > 2.6.
>> > You can use validate_certs=False if you do not need to confirm the
>> > servers
>> > identity but this is unsafe and not recommended. Paths checked for this
>> > platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem,
>> > /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org,
>> > /etc/ansible"}
>> >
>> >
>> > Python 2.7.6
>> > Ansible 2
>> > Working beyond a proxy (I can access the site archive.apache.org...)
>> >
>> > If I make from terminal  "wget
>> > https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz "
>> > works.
>> >
>> > What is strange is that on friday this thing was working in the same
>> > machine
>> > without any problems.
>> >
>> > I'm not an IT guy so probably I'm making some basic errors.
>> >
>> >
>> >
>> > Thanks in advance,
>> > Pedro
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/ansible-project/a1a84f45-a3df-4e39-90eb-03a744c695cd%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSTs_SExEz_TwbiN_BJAUxi2_LRYRdZKLm6FFqtdc3DcA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Failed to validate the SSL certificate for archive.apache.org:443

[Dick Davies]

Your python is a bit old, so it doesn't support SNI.

To be fair the error message is pretty helpful.

I'm starting to see this more and more as some bigger providers start to cut
over to SNI.

I just use a command: to fire off curl, that works fine (I don't fancy upgrading
all my servers python versions just yet).

On 6 March 2017 at 18:00, Pedro Ferro  wrote:
> Hi,
>
> Have this yml file
>
> ---
> - hosts: localhost
>   sudo: yes
>
>   tasks:
> - name: download solr-5.1.0.tgz
>   get_url:
> url:
> https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz
> dest: /tmp/solr-5.1.0.tgz
>
>
> And got this error:
> TASK [download solr-5.1.0.tgz]
> *
> fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg":
> "Failed to validate the SSL certificate for archive.apache.org:443. Make
> sure your managed systems have a valid CA certificate installed. If the
> website serving the url uses SNI you need python >= 2.7.9 on your managed
> machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`,
> and `pyasn1` python modules to perform SNI verification in python >= 2.6.
> You can use validate_certs=False if you do not need to confirm the servers
> identity but this is unsafe and not recommended. Paths checked for this
> platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem,
> /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}
>
>
> Python 2.7.6
> Ansible 2
> Working beyond a proxy (I can access the site archive.apache.org...)
>
> If I make from terminal  "wget
> https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz " works.
>
> What is strange is that on friday this thing was working in the same machine
> without any problems.
>
> I'm not an IT guy so probably I'm making some basic errors.
>
>
>
> Thanks in advance,
> Pedro
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a1a84f45-a3df-4e39-90eb-03a744c695cd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTsNdz1NhN9sVnEMh7z320fX%3DQv87OLXxEWG%3DQOAtTocA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] uri module and curl

[Dick Davies]

I was thinking of a wait_for: task *before* the uri: check, just to give tomcat
enough time to start a http connector
(I don't think wait_for on its own would work, as there's no option
to send a GET to the port).

The more I think about it, the more I prefer your idea; I've seen plenty of WARs
that take ages to fire up after the port is open.

On 1 March 2017 at 13:05, Kai Stian Olstad
 wrote:
> On 01.03.2017 11:29, Paul Tötterman wrote:
>>>
>>>
>>> Instead of pause you could use until: so it retries until you get 200.
>>> https://docs.ansible.com/ansible/playbooks_loops.html#do-until-loops
>>
>>
>>
>> Or wait_for: https://docs.ansible.com/ansible/wait_for_module.html
>
>
> Can you use wait_for to check if a web server application return status code
> 200?
> If so how? It's not clear to me after reading the documentation.
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9099b9c07a63166dfe4372a01916d91b%40olstad.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQUbFoPxPD68rYeVcg7KpOC4%3Dwd3f7UNSoh4B1g6_ty_g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Alternatives to ansible tower.

[Dick Davies]

Was about to suggest Rundeck (purely because we already use it for
deployments, jenkins
sounds like a good option too) -
haven't tried this plugin myself but it looks interesting:

https://github.com/Batix/rundeck-ansible-plugin

On 2 March 2017 at 17:49, Simon Wydooghe  wrote:
> To pitch in, another job runner could be Rundeck. Also, this could be
> extended with ARA perhaps (https://github.com/openstack/ara). I haven't set
> up any of this yet, but a Rundeck / ARA combination seems like a nice proof
> of concept to work out.
>
> On Thursday, March 2, 2017 at 11:29:30 AM UTC+1, Rafał Radecki wrote:
>>
>> Hi All.
>>
>> I had the pleasure to test Ansible Tower a few months ago. It looked
>> overall well but did not have as many unique features for us to pay for it.
>> Are there any mature open source alternatives? I found semaphore
>> (https://github.com/ansible-semaphore/semaphore) and will check it out.
>>
>> Thanks for the help :)
>>
>> BR,
>> Rafal.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2950ec74-1a76-46fe-acce-84d1eed1fae7%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRHm8PBg5vsH7r2ib9kah0_E%3DayGT3eQT22spg5E%2BDOLA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Variables and templates between roles

[Dick Davies]

If you load the apache role in a play and then your vhosts role, you should be
able to use apache role vars (or set in defaults/ ) in the vhosts role, so long
as both roles are in the same play.

(we just did exactly this this afternoon, so let me know if it's not happening
for any reason).

On 28 February 2017 at 15:32, Gabriel Forster  wrote:
> I may be way off in the way I'm trying to accomplish this, but I think I
> need to pass variables from one role to another.
>
> I am setting up svn on a Suse server. I'm using the geerlingguy.apache and a
> rather modified geerlingguy.svn roles. I need the apache role available to
> deploy apache with various vhosts across a number of servers. So, my thought
> is that the vhosts should not be in the apache role, but in roles for the
> various different services that use apache, svn being one of them. So, I'd
> like to basically use the roles and templates from the apache role in the
> svn role.
>
> Alternatively, I think I would put all the various vhost configurations into
> the apache role and somehow determine which one goes on which server. Unsure
> how to do that.
>
> Looking for the best way forward since this idea will carry over into other
> roles as well and I want to get the structure correct.  Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/980f29cf-829e-461c-8d8a-656155c79872%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTjStUb3cO2sZAKXei6Qwi6gGMcm3Cy4XWN6t-HdvZbAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] uri module and curl

[Dick Davies]

It'd be worth checking if a command: task using curl works.
If not it's probably a shell environment (proxy?) issue.

I've seen curl work where get_url: / uri: doesn't if you are hitting an SNI
endpoint, my workaround is a command: task. Issue here:

https://github.com/ansible/ansible-modules-core/issues/1716


On 28 February 2017 at 09:42, norricorp  wrote:
> Hi,
> is the uri module a curl substitute?
> I ask because if, on the command line, I run curl, I get the expected json
> output from a tomcat rest application. In the logs is a 200 result.
> But if I run the same in uri then ...
> - name: test with curl type command
>   uri:
>  url: http://centos7-ansible:8080/heroes/heroes
>
> TASK [test with curl type command]
> *
> fatal: [localhost]: FAILED! => {"changed": false, "content": "", "failed":
> true, "msg": "Status code was not [200]: Connection failure: timed out",
> "redirected": false, "status": -1, "url":
> "http://centos7-ansible:8080/heroes/heroes"}
>
> What am I doing wrong?
>
> Regards,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f4133ed5-8800-4c8c-8304-de095a245c7c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRh6s4TEk8QM1X0c%3Dr5ax0jLXimmNtuN4rMu9Y-yZvfDQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] how to organize hosts

[Dick Davies]

Would separate inventories for UAT and Prod work?

If you set the play to deploy each app to a group,
you can put the same server into multiple inventory groups.

so UAT inventory has the same server in both the app1 and app2
groups, but the Prod inventory has 2 servers in app1 but only
one server in app2.

On 24 February 2017 at 15:29, Trond Hindenes  wrote:
> I'm struggling with this problem, hoping to get some feedback on how others
> solve it:
> The situation is this:
> I have two apps, App1 and App2. Each app is configured using a collection of
> roles and variables
>
> In UAT, both apps run on the same server
> in Prod, there's two servers; 1 run both apps, the other runs only App2.
>
> I'm trying to come up with a solution that lets me reflect this in Ansible
> as easily as possible, and with the smallest amount of duplicate code.
>
> Thinks I'm considering:
> 1. use hostvars combined with the "group by" functionality and separate
> things. Problem with this is that my two "generated" groups would be
> "app1+app2" and "app2". This seems counter-intuitive to me, not to mention
> what if I get an App3, then the complexities suddenly explode.
> 2. Use hostvars combined with the "split" functionality, and then do a
> conditional loop to iterate each server's apps and do includes from there.
>
> Both of these seem like overly complicated solutions to a (in theory) simple
> problem. How are others solving this?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bf94d9e0-6bba-46cb-8f35-be4ed10381f3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTkAOS%3D1-eYkuh2%3DC5LkEWkc2s91swXx3VWbE%2Bw0meZjA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ValueError: No closing quotation

[Dick Davies]

You have a syntax error in your site.yml, probably an unterminated string.

Try http://yamllint.com maybe?

On 21 February 2017 at 06:14, Mona Gopal  wrote:
> Hi,
>
> ansible-playbook -i hosts site.yml - -c paramiko
> Traceback (most recent call last):
>   File "/usr/bin/ansible-playbook", line 324, in 
> sys.exit(main(sys.argv[1:]))
>   File "/usr/bin/ansible-playbook", line 157, in main
> inventory = ansible.inventory.Inventory(options.inventory,
> vault_password=vault_pass)
>   File "/usr/lib/python2.6/site-packages/ansible/inventory/__init__.py",
> line 128, in __init__
> self.parser = InventoryParser(filename=host_list)
>   File "/usr/lib/python2.6/site-packages/ansible/inventory/ini.py", line 43,
> in __init__
> self._parse()
>   File "/usr/lib/python2.6/site-packages/ansible/inventory/ini.py", line 47,
> in _parse
> self._parse_base_groups()
>   File "/usr/lib/python2.6/site-packages/ansible/inventory/ini.py", line
> 108, in _parse_base_groups
> tokens = shlex.split(line)
>   File "/usr/lib64/python2.6/shlex.py", line 279, in split
> return list(lex)
>   File "/usr/lib64/python2.6/shlex.py", line 269, in next
> token = self.get_token()
>   File "/usr/lib64/python2.6/shlex.py", line 96, in get_token
> raw = self.read_token()
>   File "/usr/lib64/python2.6/shlex.py", line 172, in read_token
> raise ValueError, "No closing quotation"
> ValueError: No closing quotation
>
> Getting the above error while executing the playbook
> Ansible version is: 1.9.4
> Python version is: Python 2.6.6
>
> Thanks in advance,
> Mona G
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/40b030a7-57b6-4fb0-baca-e3de9a6d5b84%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRdAhxHWywRx3qikJWjx72wteLe7JbLMpAzbBYT1UVb6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: how to use ansible galaxy roles

[Dick Davies]

Yum isn't seeing the 'mysql-server' package in any of its configured repos.
That's the right name for EL6 redhat/centos, maybe you're missing one of the
base repos?

Get that working first before you ask Ansible to install it, and
things will be ok.

On 3 February 2017 at 21:28, jithendra myla  wrote:
> Hi Marko,
>
> I updated with correct REDHAT packages, Sorry for confusion, now i get below
> error
>
>
>
> [ansible@centos1 playbooks]$ ansible-playbook mysql_server.yml -C
>
> PLAY [localhost]
> ***
>
> TASK [setup]
> ***
> ok: [localhost]
>
> TASK [mysql : Add the OS specific variables]
> ***
> ok: [localhost]
>
> TASK [mysql : Install the mysql packages in Redhat derivatives]
> 
> failed: [localhost] (item=[u'libselinux-python', u'mysql-server',
> u'MySQL-python']) => {"changed": false, "failed": true, "item":
> ["libselinux-python", "mysql-server", "MySQL-python"], "msg": "No package
> matching 'mysql-server' found available, installed or updated", "rc": 126,
> "results": ["libselinux-python-2.5-6.el7.x86_64 providing libselinux-python
> is already installed", "No package matching 'mysql-server' found available,
> installed or updated"]}
> to retry, use: --limit
> @/home/ansible/ansible/playbooks/mysql_server.retry
>
> PLAY RECAP
> *
> localhost  : ok=2changed=0unreachable=0failed=1
>
> [ansible@centos1 playbooks]$
>
> below are the redhat packages
>   - libselinux-python
>   - mysql-server
>   - MySQL-python
>
>
> On Thursday, February 2, 2017 at 12:35:09 PM UTC-5, jithendra myla wrote:
>>
>> Hello Sir/madam,
>>
>> I downloaded the ansible galaxy roles using ansible-galaxy install
>> bennojoy.mysql from https://galaxy.ansible.com/bennojoy/mysql/ ,
>> when i run it as below i get below error
>>
>> [ansible@centos1 playbooks]$ pwd
>> /home/ansible/ansible/playbooks
>> [ansible@centos1 playbooks]$ ls -ltr
>> -rw-rw-r--. 1 ansible ansible  148 Feb  2 12:14 mysql_server.yml
>> drwxrwxr-x. 8 ansible ansible  102 Feb  2 12:19 mysql
>> -rw-rw-r--. 1 ansible ansible   10 Feb  2 12:20 mysql_server.retry
>> [ansible@centos1 playbooks]$ ansible-playbook mysql_server.yml -C
>>
>> PLAY [localhost]
>> ***
>>
>> TASK [setup]
>> ***
>> ok: [localhost]
>>
>> TASK [mysql : Add the OS specific variables]
>> ***
>> ok: [localhost]
>>
>> TASK [mysql : Install the mysql packages in Redhat derivatives]
>> 
>> failed: [localhost] (item=[u'mysql_pkgs']) => {"changed": false, "failed":
>> true, "item": ["mysql_pkgs"], "msg": "No package matching 'mysql_pkgs' found
>> available, installed or updated", "rc": 126, "results": ["No package
>> matching 'mysql_pkgs' found available, installed or updated"]}
>> to retry, use: --limit
>> @/home/ansible/ansible/playbooks/mysql_server.retry
>>
>> PLAY RECAP
>> *
>> localhost  : ok=2changed=0unreachable=0
>> failed=1
>>
>> [ansible@centos1 playbooks]$
>> [ansible@centos1 playbooks]$ cat mysql_server.yml
>> ---
>> - hosts: localhost
>>   roles:
>>   - {role: mysql, mysql_db: [{name: sql_first_db}], mysql_users: [{name:
>> sql1, pass: papa123, priv: "*.*:ALL"}] }
>> [ansible@centos1 playbooks]$
>>
>> [ansible@centos1 playbooks]$ cat mysql/vars/RedHat.yml
>> ---
>> mysql_pkgs:
>>   - libselinux-python
>>   - mysql-server
>>   - MySQL-python
>>
>> mysql_service: mysqld
>>
>> mysql_conf_dir: "/etc/"
>> [ansible@centos1 playbooks]$
>>
>>
>> not sure defining  a variable like above works, Can you please help me out
>>
>> Thank you very much for helping me
>>
>> -Jithendra Myla
>>
>>
>>
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/26c17e1a-4598-4419-9014-9296662c7f1e%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 

Re: [ansible-project] Inventory Configuration

[Dick Davies]

The second command is what i'd expect to work. group_vars/ , host_vars/ etc
are relative to the directory holding the 'hosts' static list.

General rule: if you're going to target plays against different groups
of servers,
put them as groups in a single inventory.

There'd be nothing wrong with a single inventory with groups like
'dev3' , 'dev5', etc.


On 3 February 2017 at 20:11, Anthony Bond  wrote:
> I have been using Ansible in a limited fashion and have configured a static
> inventory. I'm trying to build onto this inventory by adding groups_vars and
> host_vars for individual cluster groups. Problem is Ansible isn't picking up
> the required group_vars. Does anyone see why my group_vars wouldn't be
> loading with this inventory structure. I'm only testing with the dev3 group
> before filling out the remaining group_vars directories.
>
> Command: ansible -m debug dev3 -i /eprn/inventory -a
> "var=hostvars[inventory_hostname]"
>
> inventory/
> ├── batch
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev0
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev1
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev2
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev3
> │   ├── group_vars
> │   │   ├── dev3
> │   │   │   └── vars.yml
> │   │   └── dev3_db
> │   ├── hosts
> │   └── host_vars
> ├── dev4
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev5
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> ├── dev6
> │   ├── group_vars
> │   ├── hosts
> │   └── host_vars
> └── dev7
> ├── group_vars
> ├── hosts
> └── host_vars
>
>
> Current Sample Output:
> dev1.domain.com | SUCCESS => {
> "hostvars[inventory_hostname]": {
> "ansible_check_mode": false,
> "ansible_version": {
> "full": "2.1.2.0",
> "major": 2,
> "minor": 1,
> "revision": 2,
> "string": "2.1.2.0"
> },
> "group_names": [
> "dev3"
> ],
> "groups": {
> "all": [
> "test1.domain.com",
> "test2.domain.com",
> "test3.domain.com",
> "dev1.domain.com",
> "dev2.domain.com",
> "dev3.domain.com",
> "dev4.domain.com"
> ],
> "dev3": [
> "dev1.domain.com",
> "dev2.domain.com",
> "dev3.domain.com",
> "dev4.domain.com",
> "dev5.domain.com"
> ],
> "ungrouped": []
> },
> "inventory_dir": "/ansible/inventory",
> "inventory_file": null,
> "inventory_hostname": "dev3.domain.com",
> "inventory_hostname_short": "dev3",
> "omit":
> "__omit_place_holder__998cd0b3347833ef6af77480e6387c8135a35469",
> "playbook_dir": "."
> }
> }
>
>
>
> Expected Output with the addition of my group_vars
>  "app_location": "east",
> "db_connection": "some string value",
> dev1.domain.com | SUCCESS => {
> "hostvars[inventory_hostname]": {
> "ansible_check_mode": false,
> "ansible_version": {
> "full": "2.1.2.0",
> "major": 2,
> "minor": 1,
> "revision": 2,
> "string": "2.1.2.0"
> },
> "app_location": "east",
> "db_connection": "some string value",
> "group_names": [
> "dev3"
> ],
> "groups": {
> "all": [
> "test1.domain.com",
> "test2.domain.com",
> "test3.domain.com",
> "dev1.domain.com",
> "dev2.domain.com",
> "dev3.domain.com",
> "dev4.domain.com"
> ],
> "dev3": [
> "dev1.domain.com",
> "dev2.domain.com",
> "dev3.domain.com",
> "dev4.domain.com",
> "dev5.domain.com"
> ],
> "ungrouped": []
> },
> "inventory_dir": "/ansible/inventory",
> "inventory_file": null,
> "inventory_hostname": "dev3.domain.com",
> "inventory_hostname_short": "dev3",
> "omit":
> "__omit_place_holder__998cd0b3347833ef6af77480e6387c8135a35469",
> "playbook_dir": "."
> }
> }
>
>
> I do know that running the below command will produce the desired data that
> I'm expecting, but now I don't have all of my hosts that I want. I'm
> probably trying to over organize my hosts by breaking all my groups out into
> small clusters of groups. What I found odd is Ansible can read the hosts
> files located in the individual cluster directories but it won't recognize
> the group_vars unless I move my group_vars under /ansible/inventory..
>
> ansible -m debug dev403 -i /eprn/inventory/dev403 -a
> 

Re: [ansible-project] adding a repo

[Dick Davies]

http://docs.ansible.com/ansible/yum_repository_module.html

cheers!

On 2 February 2017 at 14:47, jithendra myla  wrote:
> Hi Sir/Madam,
>
> Does ansible have any module for adding new repository in Centos/Redhat
> Linux, i know it have apt_repository for debian.
>
> Thank you very much for helping me,
> Jithendra Myla
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5e940d3a-ecbf-4411-9acb-0ff2dc896b82%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSaK7o9jTORpv3-r2_%2BKbZvFpBsFNtHS%2B4sshH3vTF2qA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible best practice

[Dick Davies]

Just apply both roles to your mongodb group, and if you want to be explicit
you'd just set some vars on that group that both roles can use to find
paths etc.


On 31 January 2017 at 13:35, Rui Goncalves  wrote:
> Hi all,
>
> I have no experience writing ansible roles. At the moment I'm trying to
> write a few ansible roles, but I'm not sure how to separate
> responsibilities.
>
> I have two roles.
> - prometheus - installs and configures prometheus.
> - mongodb - Installs and configures mongodb database.
>
> Prometheus needs to be configured in order to scrap metrics about mongoDB.
> Basically, it's necessary to put a file on a directory where the prometheus
> server is installed, containing information about mongodb location, etc...
> the question is: Should I configure this on the prometheus role? It seems to
> me that I'm polluting the prometheus role with things that belong elsewhere.
> This way, I'm also coupling the prometheus role with a specific use case.
> It's recommended to create a separate role to configure mongodb location on
> prometheus?
>
> What's the best practice?
>
> Thanks,
> Rui
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/744a004e-8c85-407c-9f29-e255d1a2dce0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRuGZCLUjZzHHsCEXHonEUc8cdWN%2BOCXpxiLoP8DqohmQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] managing xml fragments a la lineinfile

[Dick Davies]

Does anyone here a good tip for managing parts of xml files
(like lineinfile / blockinfile but xml-aware)?

I have several fairly complex apps to manage, each with their own role.
Ideally they'd each manage their own subset of the domain.xml,
which rules out a single domain.xml template.


ansible-xml looked perfect until I tried it and found it doesn't actually
work :([ https://github.com/cmprescott/ansible-xml/issues/55  ]

My Plan B (make that 'H' by now) would be to have a master template
that pulled in 'sub-templates' via lookup_template() , but that sounds like
it'll get messy fast and involve hardcoding roles together.

Does everyone just template their XML? Are you crazy kids all using
YAML and JSON nowadays?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR3icbDbo54Afmz%2B%3DtE36HWwnT7x8OMX95qEm%3DkvA1xeA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] PostgreSQL 9.5 or Higher installation on Ubuntu 14.04 LTS

[Dick Davies]

The error looks a lot like apt-get is unable to find the packages
you want. Until you fix that I don't think there's much Ansible can
do, it's just asking apt-get to install the packages you specify.

On 30 January 2017 at 15:54, Shyam Yenna  wrote:

> I posted exact error message in my first mail for below step.
>
> Does this step return an error?
>
> > - name: PostgreSQL | Install PostgreSQL
> >   apt:
> > name:   "{{ item }}"
> > state:  present
> > update_cache:   true
> >   environment:  "{{ postgresql_env }}"
> >   when: repoadd.changed
> >   with_items:
> > - "postgresql-common"
> > - "postgresql-{{ postgresql_version }}"
> > - "postgresql-client-{{ postgresql_version }}"
> > - "postgresql-contrib-{{ postgresql_version }}"
>
>
>
> Unable to install package as depends are not met. Technically i have added
> repository of postgresql 9.5, still i get dependencies not match with exact
> version number to proceed on installation.
>
>
> Thanks
> Shyam
>
>
> On Sunday, January 29, 2017 at 11:19:31 AM UTC-5, Johannes Kastl wrote:
>>
>> On 29.01.17 16:05 Shyam Yenna wrote:
>>
>> > - name: PostgreSQL | Make sure the dependencies are installed
>> >   apt:
>> > name:   "{{ item }}"
>> > state:  present
>> > update_cache:   true
>> >   with_items:   ['python-psycopg2', 'python-pycurl', 'locales',
>> 'sysstat',
>> > 'libpq5']
>>
>> Does this step return an error?
>>
>> > - name: PostgreSQL | Install PostgreSQL
>> >   apt:
>> > name:   "{{ item }}"
>> > state:  present
>> > update_cache:   true
>> >   environment:  "{{ postgresql_env }}"
>> >   when: repoadd.changed
>> >   with_items:
>> > - "postgresql-common"
>> > - "postgresql-{{ postgresql_version }}"
>> > - "postgresql-client-{{ postgresql_version }}"
>> > - "postgresql-contrib-{{ postgresql_version }}"
>>
>> What is the actual error message?
>>
>> From your playbook it could be lots of things, from missing variables
>> to whatever. Hard to say.
>>
>> Johannes
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/625a3516-1316-497b-b2d6-a143177af313%40googlegroups.
> com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR0EPCmBVeQzhzK_CJ_9x5H956nEzjH-bx3E%3DOudwZ4qw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Version dependency management

[Dick Davies]

Hi Adam

I'd put the servers into groups, and then use group_vars to set
specific versions.

On 27 January 2017 at 15:39, Adam Shantz  wrote:
> Hi all -
>
> We're using Ansible, but haven't gotten super advanced.  I have a challenge
> where I'm doing rolling upgrades across thousands of systems.  Due to
> business reasons (i.e. different groups owning different systems,
> applications, and parts of the infrastructure), I can't schedule a mass
> deployment of the latest & greatest software.
>
> I envision we'll get there some day, but in the meantime, I need a way of
> saying which systems get which versions of software, while also tracking
> which systems have which versions.
>
> For example, if in a (de-normalized) database, it would be something like:
>
> System | Application Name | Version | Date deployed
> host1| Adam's app  | 1.0 | 1/5/2017
> host1| John's app| 1.0 | 1/5/2017
> host2| Adam's app  | 1.3 | 1/20/2017
>
>
> Has anyone had to do something like this?  If so, can you share your
> experiences, and maybe any management software that has made this easier for
> you to integrate with Ansible?
>
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/82f50366-f7d4-4f51-9111-093063189f16%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPT2Re5gJCtq%2Bqwh_BFJaceZ%3DTm2%3DKXcz5erNVxPgTktVA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: SSH via Jumpbox

[Dick Davies]

So you all use roots private key on the jumpbox to access the protected servers?

Forgive me but that seems a bit backwards - you lose audit trail for
the servers being accessed,
since you're all logging in with the same private key (i.e. roots key
on the jump host).


We generally ssh to our jump boxes as non-root users and then ssh
again to the backend servers
from non-root accounts on the jump box.

I know that's not really answering your issue, but I'm curious which
one of us is doing the unusual thing :)

On 11 January 2017 at 15:59, Thomas Oliw  wrote:
> Hello,
>
> I know this is an old thread, but I have exactly the same problem as Ethan.
> In our environment, we juse a jump host to access servers.
> This is a very hardened and stripped down linux/unix server.
>
> The only way to become root on your server-to-manage is to ssh with your
> username to the jumphost and then issue a "sudo ssh server-to-manage".
>
> I can accomplish this in one ssh command with this:
>
> ssh -tt jumpserver "sudo ssh server-to-manage"
>
>
> Question is how do you accomplish that in Ansible?!
>
>
> Any advice is much appreciated.
>
>
> Kind Regards,
>
>
> Thomas
>
>
>
> Den tisdag 3 februari 2015 kl. 11:26:31 UTC+1 skrev Ethan Zhan:
>>
>> Hi,
>>
>>I'm in trouble with how to use ansible on jumpbox, here is the
>> issue.
>>
>>from jumpbox I have to use command  sudo ssh box_ip  to get login
>> with root permission.
>>
>>How can I let ansible know to use sudo ssh instead of ssh command
>> to execute ?
>>
>> Thanks
>> Ethan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/61e47c0d-f0dd-418b-b90f-237ed8ab1cc2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQTrUeJpqM-sxf9%2BmNvDb-sEjms0BLt9Ti1PMbk3yzFfg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible enhancement request: persistent variables?

[Dick Davies]

My worry about that sort of approach is it assumes the local playbook
directory is authoritative - in our case several people have access to run
our playbooks, so that would get messy very quickly.

Keeping state on the managed hosts would be a better idea, and in that
case you could keep 'lock files' around in /var that are created at
the beginning
of a piece of work, and then removed once everything is updated successfully.

If those scripts are facts , you can use most of Ansibles existing machinery
for free.


On 20 December 2016 at 19:20, eric via Ansible Project
 wrote:
> I'm looking for an enhancement to Ansible that I'm conceiving of as
> "persistent variables." Specifically, when one part of my script does
> something that registers a variable, I'm typically using that registration
> to affect whether or not operations are performed afterwards. However,
> scripts can fail, and then I've lost that prior state that something
> happened. Running the script again will typically leave the registered
> variable in a different state, and the operations that triggered off of the
> registered variable may not be performed, even though they should be.
>
> For a work-around, for example, looking at packages going to be updated on
> the system. If the pending package updates include, say, an update to the
> database software, then my script pseudo code looks like this:
>
> # check whether the DB software is going to be updated, record to a file
>
> # update database
>
> # check if file exists indicating DB software update - flag DB updated
>
> # if db updated, run DB migration tool
>
> # restart database server
>
> # remove flag file indicating DB software being upgraded
>
> ---
> Or a similar case:
>
> # check whether apache web server going to be updated, write a file that
> indicates apache update
>
> # update all packages
>
> # check whether file exists indicating apache update
>
> # if apache updated - optionally rewrite Apache config
>
> # if apache updated - restart apache
>
> # remove flag file indicating apache update
>
> 
>
> When I initially wrote my scripts, I recorded the state of whether or not
> the DB software or Apache was being updated in a variable.
>
> However, ansible scripts fail. For example, "update all packages" could
> update Apache, but then fail for any number of reasons. So I want to capture
> the state of a potential update in a file, so that if Ansible steps fail,
> the state that the software has been updated has been captured, so that the
> next time the script runs, it still does the right thing and restarts
> Apache, for example. I could restart Apache every time, but that is
> potentially disruptive to clients, so I don't want to do that except if
> required.
>
> All of which leads me to suggest two enhancements:
>
> 1) Persisted state variables - as you can see from the scripts above, I have
> to write a file saving state (only if update is needed), test that file
> later - saved into a variable, and then delete the file that holds the
> state. Instead, if I could conditionally "register" a value for a persistent
> variable, and then upon successful completion of a script, Ansible itself
> cleans up all the persistent variables, then I don't need to have steps for:
> writing to a file, checking that file, and removing that file. This will
> simplify handling of scenarios where state needs to persist between steps in
> an Ansible script.
>
> 2) Assuming I can get persisted state variables, it would also be useful to
> enhance the package management tools (portage, yum, apt, etc...) to record
> persistent state about which packages were updated by an update. Only when
> the script has run successfully to completion does that variable, and all
> the packages updated, actually get removed. Now I can write scripts that
> check whether an update has happened in this run of a script, or any
> previously unsuccessful run.
>
> Perhaps there's a better way to accomplish some of the above with existing
> Ansible tasks, but I've not found it.
>
> Eric.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bd5e22a2-6fb4-4923-ad06-541de3c98a3d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web 

Re: [ansible-project] How can I change the path for specific host

[Dick Davies]

If they're in different groups, make the path a group var.
If they're in the same groups, make the path a host var.

On 12 December 2016 at 14:29, Guilherme Ueno  wrote:
> Hi all,
>
> I have to copy a file into a directory to specific hosts, but the path
> changes for specific hosts.
>
> Ex.:
>
> Inventory:
>
> [webserver]
> hosta
> hostb
>
>
>
> task: Copy a file into:
>
> hosta: /usr/app/abc/dir
> hostb: /usr/app/def/dir
>
>
> But, I don't know how to use those variables in the "same task" using
> "webserver" as target.
>
> thank you,
> Guilherme.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a4ec4ad0-6432-40a1-a45b-6e908b506e77%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQa12ugC0pm3AjMkys3Rmequ6Aw2Ef9zcZ%2Bmy00NUtoHw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Can not handle .tar.gz file and gives error

[Dick Davies]

It's not looking very much like an Ansible problem from where I'm sat.

Do you have e.g. a proxy environment variable set in your shell
running wget that you haven't set in the
ansible task?

On 9 December 2016 at 15:42, Balu Kompalli  wrote:
>> Yes, That link is fine. But When I used the wget  it gave error
>
>
>
> fatal: [192.168.1.223]: FAILED! => {"changed": true, "cmd": ["wget",
> "--no-check-certificate", "-c", "--header", "Cookie:
> oraclelicense=accept-securebackup-cookie",
> "http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz;],
> "delta": "0:02:26.744175", "end": "2016-12-09 10:36:58.731695", "failed":
> true, "rc": 4, "start": "2016-12-09 10:34:31.987520", "stderr":
> "--2016-12-09 10:34:31--
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nResolving
> download.oracle.com (download.oracle.com)... 23.215.132.129,
> 23.215.132.163\nConnecting to download.oracle.com
> (download.oracle.com)|23.215.132.129|:80... connected.\nHTTP request sent,
> awaiting response... Read error (Connection reset by peer) in
> headers.\nRetrying.\n\n--2016-12-09 10:34:33--  (try: 2)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:34:35--  (try: 3)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:34:38--  (try: 4)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:34:42--  (try: 5)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:34:47--  (try: 6)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:34:53--  (try: 7)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:00--  (try: 8)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:08--  (try: 9)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:17--  (try:10)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:27--  (try:11)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:37--  (try:12)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:48--  (try:13)
> http://download.oracle.com/otn-pub/java/jdk/8u112-b15/jdk-8u112-linux-x64.tar.gz\nConnecting
> to download.oracle.com (download.oracle.com)|23.215.132.129|:80...
> connected.\nHTTP request sent, awaiting response... Read error (Connection
> reset by peer) in headers.\nRetrying.\n\n--2016-12-09 10:35:58--  (try:14)
> 

Re: [ansible-project] Unable to Install PostgreSQL using Ansible

[Dick Davies]

On 25 November 2016 at 13:33, Gustavo da Silva Carita
 wrote:
> Hello Everyone,


>>   become_user: postgres
>>   become: true
...
...
> "module_stdout": "sudo: a password is required\r\n",
> "msg": "MODULE FAILURE"

Ansible needs a password so it can sudo to the postgres user.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSxZuSwTFqsdAe5pEtyWvssVBtE%3DPiEnq_Tqid3VdNd9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Possible Improvement to the 'command' Module

[Dick Davies]

It's not a bad idea, but it would need a bit of work to cater to
things like directories.
I often use a task like this to create automatically versioned
directory names if I can't
find an RPM:

- name: extract {{ foobar_version }}.tgz
  unarchive: src=/tmp/{{ foobar_version }}.tgz
dest=/usr/local
creates=/usr/local/{{ foobar_version }}

On 26 November 2016 at 05:22, Jon Forrest  wrote:
> The Ansible documentation shows the following example for the 'command'
> module"
>
> - command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database
>
> The idea here is that if the /path/to/database file already exists,
> the command doesn't run. This is a poor man's way of adding idempotence.
>
> But, what if a previous module, or external command, created a new
> version of /path/to/database that requires the command to be run again?
> The mere fact that /path/to/database exists isn't sufficient to
> determine with the command should be run again. Instead, it's the
> combination of whether the file exists, and its contents.
>
> What if there were an addition argument called "with_sha1hash" that
> contains a hash value to use to recognize whether /path/to/database has
> changed. For example,
>
> - command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database
>  with_sha1hash="ab34ac"
>
> (The hash value can be enough of the first characters of the hash to
> be unique, the way Git does things).
>
> If /path/to/database exists, but it doesn't have "ab34ac" as
> its sha1 hash, the command would be run.
>
> This would be an optional argument so it wouldn't affect
> any existing playbooks.
>
> I have to admit I don't have any examples of when this would be
> necessary but it seems like such a thing could exist. Does this
> make sense?
>
> Jon Forrest
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/o1b65m%244ut%241%40blaine.gmane.org.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPRWoC68BvnQtSZmsKP_LinKUrGxqFWpjEMO6vVvnZ0ksg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible yum module unable to find certain packages

[Dick Davies]

Isn't that because those packages are from EPEL ? You need to add the
repo in one task,
and then add the other packages in the second.

On 24 November 2016 at 12:57, 'Jeffrey Wen' via Ansible Project
 wrote:
> Hey Alexander,
>
> Thank you so much for helping me out! However, there is still an issue with a 
> few of the other packages.
>
> For example: try removing epel-release from the list and watch it complain 
> about a few of the other packages.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/a346869e-76b8-4b00-a114-aa99ae2d791f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQiUSdofv1%3DJabsoiTrhSoutAdz1Jn4QmsnQ8EMkWX5rg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Problem With Simple Template

[Dick Davies]

On the 'how do i apply roles to specific hosts, I'd go for a full
ntp_server role and an ntp_client role.
Then your site.yml looks like


--8<---

- hosts: ntpservers
  roles:
- ntp_server

- hosts: servers
  roles:
- ntp_client
- presumably_something_useful

--8<--

if you want to avoid hardcoding a group into the ntp_client roles
templates, you can pass in a group
name using 'parameterised roles' - though TBH that might be overkill.

the folder layout is then something like (for completeness)

.
├── hosts
├── roles
│   ├── ntp_client
│   │   ├── tasks
│   │   │   └── main.yml
│   │   └── templates
│   │   └── etc
│   │   └── ntp.conf.j2
│   └── ntp_server
│   ├── tasks
│   │   └── main.yml
│   └── templates
│   └── etc
│   └── ntp.conf.j2
└── site.yml



On 22 November 2016 at 14:58, Jon Forrest <nob...@gmail.com> wrote:
>
>
> On 11/22/16 12:14 AM, Dick Davies wrote:
>>
>> That playbook tells ansible to create the template on the 'all' group
>> i.e. everything in the inventory.
>>
>> That's what it's trying to do.
>
>
> The moment I read this I realized my mistake. You're absolutely
> right! I had stupidly been thinking that this would happen on
> the control machine. Maximum mea culpa. Changing 'all' to
> 'localhost' fixes the problem and lets me test the template.
> This was driving me crazy.
>
>> for your use case, just make 2 roles: ntp_server and ntp_client, and
>> apply them to groups as required.
>
>
> The issue I was trying to address in my posting is how to
> recognize which role to apply to a host. I think my basic
> idea is sound. All I have to do is avoid making more stupid
> mistakes.
>
> Thank you *very* much!
>
> Jon Forrest
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8d610703-3c86-0c33-0f22-da2e9ed7e86d%40gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQtGV%3D__ztTPgcCoCZCPhN5eQeczVLFXfvjbEX9GM-nJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Problem With Simple Template

[Dick Davies]

That playbook tells ansible to create the template on the 'all' group
i.e. everything in the inventory.

That's what it's trying to do.

for your use case, just make 2 roles: ntp_server and ntp_client, and
apply them to groups as
required.

On 22 November 2016 at 05:58, Jon Forrest  wrote:
> As a follow up, I realize that I made a couple of mistakes in my
> original posting. Unfortunately, fixing these mistakes didn't change
> the results.
>
> templates/jon.j2 is now
>
> {% for backend in groups['ntpservers_datacenter'] %}
> server {{ inventory_hostname }} {{ backend }}
> {% endfor %}
>
>
> and jon.inv is now
>
> [datacenter]
> host1.example.com
> host2.example.com
>
> [ntpservers_datacenter]
> host1.example.com
>
> Jon
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f1c58feb-528a-4c6d-884b-3f3095a63a4e%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTHmUZvC1oQEbK6B5Bf1JQPeSUr_m68BJfLV2oJM0c6pQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Can Ipaddress of the target be fetched by ansible?

[Dick Davies]

It's hard to give details because you haven't explained why you don't
know the IP.

 I've used multicast DNS (via avahi ) on DHCP booted Raspberry Pis to
advertise hostnames, then
put those hostnames into groups in flat file inventories.

That means the servers can change IP without having to update any
config on the ansible node.

You're copying this key up so you'll need some way to find the server, right?
Ansible inventories can be scripts as well as flat files (that's how
things like it's cloud support
works). There's lots of information at:

http://docs.ansible.com/ansible/intro_dynamic_inventory.html

On 11 November 2016 at 17:30, anirudh vasudevan  wrote:
>
>
> I know the conventional way of using Ansible is copying the ssh key on to
> the target and then adding the ip address to the inventory file. In my case
> I will not know the Ip address of the target that am testing on, how can
> ansible get me the ip address? Any workaround
>
> Thanks in advance
>
> Thanks,
>
> Anirudh Vasudevan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9e626ca7-888e-4f4a-9224-6bc580506a4b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPSZc-c_UBxATT7WZsUH6hUsGjO4Qh57RbjHQ%3Du2tiFxag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.