Re: [ansible-project] become sudo not working for apt module

[John Petro]

Have you tried a ps on the host you are trying to upgrade to see if an apt
command is already running?  I've run into it before where an auto update
is running, so it has the lock file already in place.

--john

On Mon, May 13, 2024, 10:42 PM Gregory Machin  wrote:

> Hi
>
> I have a number of ubuntu servers that I want to update using ansible via
> AWX. my current test playbook :
>
> ---
>  - hosts: all
>tasks:
>- name: Test Connection
>  ansible.builtin.ping:
>
>- name: Update Cache
>  become: true
>  apt:
>update_cache: true
>
> is not work as expected on the ubuntu servers.
> The servers that have the root user configured are fine. But the Ubuntu
> servers where the root user doesn't have a password set are failing with
> the following error:
>
> "Failed to lock apt for exclusive operation: Failed to lock directory
> /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock -
> open (13: Permission denied)"
>
> In AWX I have configured privilege escalation to use sudo but this doesnt
> help.
>
> I have tried moving the become: yes statement but this did help.
>
> Doe the apt module support the sudo ?
>
> What have I missed ?
>
> Thank you
>
>  Greg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5247dc46-a89e-4685-97af-53f8b91c8be8n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8HmzXZxiHvGnaP63yykLPrBmRkWeJurhm0P9%3DBzfUF4w%40mail.gmail.com.

Re: [ansible-project] Re: Role Handler Separation

[John Petro]

I did see that...  I have to go back and try it again, but I think it was
still reading in all of the handlers for some reason.  I did think about
just putting the handler in that tasks file too...  hadn't yet tried that
one, but I am pretty sure that would work too.


On Mon, Feb 12, 2024 at 9:32 AM Vinay Mulugund  wrote:

> This seems similar to something you are looking for:
>
> https://stackoverflow.com/questions/75134796/ansible-handlers-per-operating-system-with-same-name
>
> On Friday, February 9, 2024 at 5:12:06 AM UTC+5:30 John Petro wrote:
>
>> Good Evening...  A coworker of mine is working on finishing up a role,
>> that may be use across multiple operating systems.  We were wondering, if
>> there was a way to separate the handler files into files based on OS, that
>> are only parsed when you are running the role against that particular OS.
>>
>> For example, if you were running the role against a windows server, the
>> handler would be in windows.yml, or if it was debian, then the handler
>> would be in Debian.yml.
>>
>> I know how to do this for the tasks files, but wasn't sure if this was
>> possible for handlers files.
>>
>> --John
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/88253787-22e0-43cd-ad6a-a3362a1f717fn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/88253787-22e0-43cd-ad6a-a3362a1f717fn%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_vDo2jJ5t0%3DTqVMZgUBiQUwr0z9OUQaNA3fa%3D69Dja1A%40mail.gmail.com.

[ansible-project] Role Handler Separation

[John Petro]

Good Evening...  A coworker of mine is working on finishing up a role, that
may be use across multiple operating systems.  We were wondering, if there
was a way to separate the handler files into files based on OS, that are
only parsed when you are running the role against that particular OS.

For example, if you were running the role against a windows server, the
handler would be in windows.yml, or if it was debian, then the handler
would be in Debian.yml.

I know how to do this for the tasks files, but wasn't sure if this was
possible for handlers files.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_5A0-PoBTZq5gdj230NuN8Pxyv%2B7XyLh1dHaLwOXoj3Q%40mail.gmail.com.

[ansible-project] Antivirus Whitelist Recommendations

[John Petro]

Good Morning,
  running into an issue, which seems to be turning into a game of
whack-a-mole.  Our org uses SentinelOne for server antivirus, and it keeps
flagging various python scripts, which I know are valid scripts for the
modules that are running at that time they get flagged.  I didn't see any
whitelisting recommendations for Antivirus software, so was just curious if
anyone has run into this and how you got around it.  I was thinking of just
having whitelist anything that has AnsiballZ*.py but I am not sure if this
will cover everything or not.

Any guidance folks have would be greatly appreciated.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8E8aGBqM3Bt5t7mGLxCvLVhM6raYiKdMB4UhKQ16SHLw%40mail.gmail.com.

Re: [ansible-project] command/shell module warn deprecation

[John Petro]

yeah, I saw that, and I might go down that road, but wanted to see if there
was a better way first.

--jp

On Wed, Jul 12, 2023 at 11:39 AM 'Rowe, Walter P. (Fed)' via Ansible
Project  wrote:

> I think you can place an ansible.cfg file in the folder where your ansible
> is running. We do this for our packer image management service that also
> uses ansible in the provisioner stage.
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services, OISM
> Mobile: 202.355.4123
>
> On Jul 12, 2023, at 11:30 AM, John Petro  wrote:
>
> Good Morning,
>   I manage the building of some virtual machine templates using packer.  I
> am leveraging ansible as part of this, and when I am doing some cleanup
> after the setup is done to prepare for the conversion to template, and a
> couple of the options I need in yum/dnf, etc don't exist in the module
> don't exist.  So, to get around this, I am using the command module, but I
> get a warning that I should use the module, but that if I am doing it for a
> specific reason, I should use warn: false or set the option to ignore
> warnings in my ansible.cfg.  Since I am using a "ansible_local" provisioner
> in packer, I don't use an ansible.cfg, so I was wondering if there is
> another way to accomplish the warn: false option since it has been removed
> in the more recent versions of ansible.
>
> --John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAPAjob92oJ2rXs8UnESjNJ4URE37WtO0XZ1P0O9Sbo980RQ5_A%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAPAjob92oJ2rXs8UnESjNJ4URE37WtO0XZ1P0O9Sbo980RQ5_A%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/52131541-D791-4DFE-B2A0-B5BA479DF444%40nist.gov
> <https://groups.google.com/d/msgid/ansible-project/52131541-D791-4DFE-B2A0-B5BA479DF444%40nist.gov?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-ACmAduepvGddFW0sTOsv3ymCQB2pd0xdLAGT3S8uP%3DA%40mail.gmail.com.

[ansible-project] command/shell module warn deprecation

[John Petro]

Good Morning,
  I manage the building of some virtual machine templates using packer.  I
am leveraging ansible as part of this, and when I am doing some cleanup
after the setup is done to prepare for the conversion to template, and a
couple of the options I need in yum/dnf, etc don't exist in the module
don't exist.  So, to get around this, I am using the command module, but I
get a warning that I should use the module, but that if I am doing it for a
specific reason, I should use warn: false or set the option to ignore
warnings in my ansible.cfg.  Since I am using a "ansible_local" provisioner
in packer, I don't use an ansible.cfg, so I was wondering if there is
another way to accomplish the warn: false option since it has been removed
in the more recent versions of ansible.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob92oJ2rXs8UnESjNJ4URE37WtO0XZ1P0O9Sbo980RQ5_A%40mail.gmail.com.

Re: [ansible-project] WSL1 localhost

[John Petro]

If I am reading the output correctly, it looks like it can't find
powershell.  have you tried running a powershell command in WSL to see if
you get that expected output?

--John

On Wed, Jun 28, 2023 at 11:40 AM Filipe Gonçalves <
filipe.pereira@gmail.com> wrote:

> ### Summary
>
> When running a simple playbook that uses the ansible.windows.* module(i've
> tested some ansible.windows, not all) it always fails on runtime, I'm using
> WSL1 on Windows 10, so I imagine it is because it is recognizing localhost
> as the wsl virtual machine and not my windows machine, I'm unsure if this
> is the case since im new to Ansible, but I have researched this quite a bit
> and didn't find a concrete awnser.
>
> My inventory
> [localhost]
> 127.0.0.1 ansible_connection=local
>
> Can upgrading the WSL version to WSL2 fix this issue?
>
>
> ### Ansible Version
> $ ansible --version
> ansible [core 2.14.5]
>
>
> ### OS / Environment
>
> WSL1, Windows 10
>
> ### Steps to Reproduce
> - name: test
>   hosts: localhost
>   gather_facts: false
>
>   tasks:
> - name: Run basic PowerShell script
>   ansible.windows.win_powershell:
> script: |
>   echo "Hello World"
>
>
> ### Expected Results
>
> Hello World
>
> ### Actual Results
> fatal: [127.0.0.1]: FAILED! => {
> "changed": false,
> "module_stderr": "/bin/sh: 1: powershell: not found\n",
> "module_stdout": "",
> "msg": "The module failed to execute correctly, you probably need to
> set the interpreter.\nSee stdout/stderr for the exact error",
> "rc": 127
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6164a4d5-a582-4586-ac4b-1c7403512ab8n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8FVHD365ozTR0zEvRWQHmZe294niAzCe20H6_i5uRhxw%40mail.gmail.com.

Re: [ansible-project] Configuration Drift

[John Petro]

Oh, thanks. that is really helpful.  In parallel, we have been kicking the
tires on Insights for our RHEL servers too.  We have a few Ubuntu servers,
so obviously that won't work for them, but I do like the idea of using a
Tripwire/AIDE type tool and then passing it off to Ansible if needed.  You
have definitely given me some things to ponder.

--John

On Tue, Jun 27, 2023 at 5:18 PM Brian Coca  wrote:

> For drift control i've found most CM systems to be lacking. I've
> always used something like tripwire/aide to detect file changes and
> correlate that with the proper configuration updates. Puppet and other
> 'resident' systems seemsgood for this but they run every Nminutes
> doing a lot of work to verify things, instead of using something like
> inotify to trigger immediate response from a passive kenrel hook (via
> fam deamon or something as simple as incron). This ends up being a LOT
> more efficient and avoids a lot of useless processing.
>
> --
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7e7L_4mCsjTXxW7aK0TpastFRmZ3sobo7aCc6%3Dhtk83jA%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9_qGAnXG6qFmmWVkjjpsaY%2BBmYC6H%3D75y3qe8pBjoC8w%40mail.gmail.com.

Re: [ansible-project] Configuration Drift

[John Petro]

yeah, we are going to do it through AAP/AWX.  Where my interest is besides
the method ( reporting vs clobbering ), is the intervals people are using,
which you answered.  We are currently migrating away from Puppet in favor
of Ansible, and in the process, we are reviewing decisions that were made
when puppet was installed, to see if those are still valid.  Many have been
changed, because technology has changed.  Thanks for the info, it's really
helpful.

On Tue, Jun 27, 2023 at 4:09 PM Evan Hisey  wrote:

> For drift control I don't find ansible the best tool when compared to
> something like Puppet in this role. However if drift control is important,
> that is were Tower/AWX or Satellite (ir pure RHEL based) start to shine.
> You can setup a scheduled application of playbooks to always ensure the
> configurations are current and up to date. I used Satellite and Ansible to
> maintain STIG. and FISMA MED security configs across multiple federal sites
> with a scheduled nightly push of core configs to all systems.
>
> On Tue, Jun 27, 2023 at 2:11 PM John Petro  wrote:
>
>> Good Afternoon,
>>   I was wondering what you all are doing to manage configuration drift.
>> Are you having ansible  fix the drift, are you having it notify you of the
>> drift, or are you doing something else.  At work, we are preparing to start
>> having some conversations about what we want to do, and I thought this
>> information from you all might be helpful in our journey.
>>
>> Thanks for your time!!
>>
>> ---john
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAEcFzYwKs0zETYYuPR0TPHNJwtLQDS8ENyoE7ec%2Bvxk_vGfntA%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAEcFzYwKs0zETYYuPR0TPHNJwtLQDS8ENyoE7ec%2Bvxk_vGfntA%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9uAPQT%2BObJw1u8hZje1ymDc-45GqjYv59F54VBRJd%2Bug%40mail.gmail.com.

Re: [ansible-project] Configuration Drift

[John Petro]

That is very interesting, and helpful.  Thanks..

On Tue, Jun 27, 2023 at 3:21 PM 'Rowe, Walter P. (Fed)' via Ansible Project
 wrote:

> We have an ansible role that applies the CIS Distro Independent Linux 2
> baseline when we launch new machines. We also have an ansible tower
> workflow for regularly scheduled patching. At the end of the patching
> workflow we again run the CIS baseline role to ensure we are maintaining
> compliance with our secure configuration baseline.
>
> stop machine -> snapshot -> start machine -> patch -> reboot -> test ->
> snapshot -> secure config -> reboot
>
> if patching fails we revert to the starting snapshot.
> if secure config fails we revert to the post-test snapshot.
>
> All of this is done via ansible automation platform.
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services, OISM
> Mobile: 202.355.4123
>
> On Jun 27, 2023, at 3:11 PM, John Petro  wrote:
>
> Good Afternoon,
>   I was wondering what you all are doing to manage configuration drift.
> Are you having ansible  fix the drift, are you having it notify you of the
> drift, or are you doing something else.  At work, we are preparing to start
> having some conversations about what we want to do, and I thought this
> information from you all might be helpful in our journey.
>
> Thanks for your time!!
>
> ---john
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/74E8295F-0895-4DF2-9CF2-1C363FD92C38%40nist.gov
> <https://groups.google.com/d/msgid/ansible-project/74E8295F-0895-4DF2-9CF2-1C363FD92C38%40nist.gov?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8_UviH_X75AZqrPpPSyjx7BKnfX%3DvJBN0dznHZ4H%2B6ag%40mail.gmail.com.

[ansible-project] Configuration Drift

[John Petro]

Good Afternoon,
  I was wondering what you all are doing to manage configuration drift.
Are you having ansible  fix the drift, are you having it notify you of the
drift, or are you doing something else.  At work, we are preparing to start
having some conversations about what we want to do, and I thought this
information from you all might be helpful in our journey.

Thanks for your time!!

---john

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com.

Re: [ansible-project] Synchronize module troubleshoot

[John Petro]

dInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=10
> -o ControlPath=/home/user/.ansible/cp/be86fc6f7e '[a.b.c.d]'
>  (0, b'sftp> put
> /home/user/.ansible/tmp/ansible-local-21646995ou9wqzi/tmpj99bq8ua
> /home/ansibleuser/.ansible/tmp/ansible-tmp-1671315155.764345-2164717-127377077541884/AnsiballZ_synchronize.py\n',
> b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1:
> Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
> /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched
> no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for
> *\r\ndebug2: resolve_canonicalize: hostname a.b.c.d is address\r\ndebug1:
> auto-mux: Trying existing master\r\ndebug2: fd 3 setting
> O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version
> 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
> remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3:
> mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
> done pid = 2164684\r\ndebug3: mux_client_request_session: session request
> sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "
> posix-ren...@openssh.com" revision 1\r\ndebug2: Server supports extension
> "stat...@openssh.com" revision 2\r\ndebug2: Server supports extension "
> fstat...@openssh.com" revision 2\r\ndebug2: Server supports extension "
> hardl...@openssh.com" revision 1\r\ndebug2: Server supports extension "
> fs...@openssh.com" revision 1\r\ndebug2: Server supports extension "
> lsets...@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16
> I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/ansibleuser size 0\r\ndebug3:
> Looking up
> /home/user/.ansible/tmp/ansible-local-21646995ou9wqzi/tmpj99bq8ua\r\ndebug3:
> Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101
> I:2\r\ndebug1: Couldn\'t stat remote file: No such file or
> directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3
> P:/home/ansibleuser/.ansible/tmp/ansible-tmp-1671315155.764345-2164717-127377077541884/AnsiballZ_synchronize.py\r\ndebug3:
> Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS
> 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent
> message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message
> SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE
> I:7 O:98304 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:8 O:131072
> S:808\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5
> 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop,
> ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In
> write loop, ack for 7 32768 bytes at 98304\r\ndebug3: SSH2_FXP_STATUS
> 0\r\ndebug3: In write loop, ack for 8 808 bytes at 131072\r\ndebug3: Sent
> message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3:
> mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received
> exit status from master 0\r\n')
>  ESTABLISH SSH CONNECTION FOR USER: ansibleuser
>  SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
> ControlPersist=60s -o StrictHostKeyChecking=no -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=10
> -o ControlPath=/home/user/.ansible/cp/be86fc6f7e a.b.c.d '/bin/sh -c
> '"'"'chmod u+x
> /home/ansibleuser/.ansible/tmp/ansible-tmp-1671315155.764345-2164717-127377077541884/
> /home/ansibleuser/.ansible/tmp/ansible-tmp-1671315155.764345-2164717-127377077541884/AnsiballZ_synchronize.py
> && sleep 0'"'"''
>  (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31
> Mar 2020\r\ndebug1: Reading configuration data
> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include
> /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug1:
> /etc/ssh/ssh_config line 21: Applying options for *\r\ndebug2:
> resolve_canonicalize: hostname a.b.c.d is address\r\ndebug1: auto-mux:
> Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
> mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards:
> request forwardings: 0 local, 0 remote\r\ndebug3:
> mux_client_request_session: entering\r\ndebug3: mux_client_request_alive:
> entering\r\ndebug3: mux_client_request_alive: done pid = 2164684\r\ndebug3:
> mux_client_request_session: session request sent\r\ndebug3:
> mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received
> exit status from master 

Re: [ansible-project] Synchronize module troubleshoot

[John Petro]

If possible, can you post the entire output?  That looks like it's just the
ssh connect string, and I am not seeing any error there, which makes me
think the error is probably elsewhere in your output.

--John


On Sat, Dec 17, 2022 at 2:04 PM Indirajith V  wrote:

> Hi all,
>
> I am new to Ansible and trying to use synchronize module, but it just
> stuck in the middle and I can not figure out how to troubleshoot this. Can
> anyone help?
>
> <> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o
> StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=10
> -o ControlPath=/home/abc/.ansible/cp/be86fc6f7e -tt xxx.xxx.xxx.xxx
> '/bin/sh -c '"'"'/usr/bin/python3
> /home/ansibleuser/.ansible/tmp/ansible-tmp-1671215842.4024777-2122152-168151047792095/AnsiballZ_synchronize.py
> && sleep 0'"'"'
>
> Thank you,
> Indirajith
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ddf82aa8-5f79-40b1-9648-41f4a1ec10b9n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_tZ2gf%3DKgS10wQw0NnAAb6aTgExjQe4MS7jVF-KpmODA%40mail.gmail.com.

Re: [ansible-project] rsync failure

[John Petro]

Have you run the playbook in verbose mode to get more detail?  Maybe
there's a mis-spelling in the inventory hostname you used or something in
the inventory.

The only other idea I have is to copy/paste the msg section that starts
with "Could" into your search engine of choice and see what comes up
there.

--John


On Mon, Aug 1, 2022, 7:07 AM Ashok Reddy  wrote:

> Hi Team,
>
> whatever i've mentioned the inventory hostname just ref i.e not the actual
> one.
>
> On Mon, Aug 1, 2022 at 4:18 PM Dick Visser  wrote:
>
>>
>>
>> On Mon, 1 Aug 2022 at 12:23, Ashok Reddy  wrote:
>>
>>> ---
>>>
>>> - hosts: all
>>>
>>>   become: true
>>>
>>>   become_method: sudo
>>>
>>>   gather_facts: true
>>>
>>>   tasks:
>>>
>>> - name: block
>>>
>>>   block:
>>>
>>> - name: rsync
>>>
>>>   command: "cat /proc/meminfo"
>>>
>>>   rescue:
>>>
>>> - debug:
>>>
>>> msg: proceed to install
>>>
>>> - name: install rsync
>>>
>>>   dnf:
>>>
>>> name: rsync
>>>
>>> state: present
>>>
>>>   delegate_to: localhost
>>>
>>> - name: sync
>>>
>>>   ansible.posix.synchronize:
>>>
>>> src: /root
>>>
>>> dest: /root
>>>
>>>   delegate_to: inventory hostname
>>>
>>>
>>> Error:
>>>
>>>
>>>  FAILED! => {"changed": false, "msg": "Could not determine controller
>>> hostname for rsync to send to"}
>>>
>>
>>
>> The listeral string "inventory hostname" is not a valid hostname. Fix
>> that.
>> Also, "become_method: sudo" and "gather_facts: true" are both the same as
>> the defaults, so you can leave that out.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLa4-JSaG5%2BB2yQ0%2BRm_S-t4JgayH6TJKfxS97%2Bz0Kwinw%40mail.gmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAKRLcHg2Sbjz7Ysgkvb5NsFjn9xdm%3DwmVzn4ja4iSTz9BKUpTQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8hCdxBzPhP2CwhbEg6bq%3D9m-Gic4Cor2X%2BL50dHXdfyw%40mail.gmail.com.

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

t;changed": false, "msg":
>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>
>>>>
>>>> any idea?
>>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>>>
>>>>> do you mean something like this?
>>>>>
>>>>>
>>>>> ---
>>>>> # tasks file for createuser
>>>>> - include_vars:
>>>>>dir: vars
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *- name: Get id_rsa.pub from localhost  set_fact:auth_key: "{{
>>>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"  delegate_to: localhost*
>>>>>
>>>>> - name: create user rke
>>>>>   ansible.builtin.user:
>>>>> name: '{{ username }}'
>>>>> shell: '{{ shell }}'
>>>>> generate_ssh_key: yes
>>>>> create_home: yes
>>>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>>>> append: yes
>>>>> ssh_key_file: .ssh/id_rsa
>>>>>   become: true
>>>>>
>>>>> - name: Make sure we have a 'wheel' group
>>>>>   group:
>>>>> name: wheel
>>>>> state: present
>>>>>
>>>>> - name: Allow 'wheel' group to have passwordless sudo
>>>>>   lineinfile:
>>>>> dest: /etc/sudoers
>>>>> state: present
>>>>> regexp: '^%wheel'
>>>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>>>> validate: 'visudo -cf %s'
>>>>>
>>>>>
>>>>> - name: Setup authkeys for user rke
>>>>>   become: true
>>>>>
>>>>>   authorized_key:
>>>>> user: '{{ username }}'
>>>>> state: present
>>>>> key: auth_key
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser  wrote:
>>>>>
>>>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong  wrote:
>>>>>> >
>>>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>>>> even though it has sudo rights and in root group cant access that folder.
>>>>>>
>>>>>>
>>>>>> Your authorized_keys task is run on the remote host, but using the
>>>>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>>>>> escalation locally.
>>>>>> I think for fetching the materials, you should have an initial
>>>>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>>>>
>>>>>> (not verified)
>>>>>>
>>>>>>
>>>>>>
>>>>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>>>>> >
>>>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro 
>>>>>> wrote:
>>>>>> >>
>>>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running
>>>>>> the ansible playbook from?  Also, what happens if you try to do a ls on
>>>>>> that directory as the user that is executing the ansible playbook, are 
>>>>>> you
>>>>>> getting any errors?
>>>>>> >>
>>>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong 
>>>>>> wrote:
>>>>>> >>>
>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>>>> paths (use -v to see paths)
>>>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>>>>> occurred while running the lookup plugin 'file'. Error was a >>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file 
>>>>>> in
>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>>>> paths (use -v to see paths)
>>>>>> >>> fatal:

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

The one thing I will add to this, is that if you are using ansible 2.9.x,
make sure you are looking at that version of the docs.  Some of the
problems you might be having could be from exactly what Todd was getting
at.  This goes for the module that was suggested to you earlier for this
task. ( the ssh_key module ) if you haven't already looked at the 2.9
specific documentation.

When it comes to this, I also have found google to be my friend in these
cases.  It will many times, point me to a github repository where someone
has written something similar to what I am trying to do, which definitely
has helped get me on the right track more than a few times.  Hope you are
able to get this worked out.

--John

On Fri, Jul 22, 2022 at 4:28 PM Todd Lewis  wrote:

> The error message is pretty clear: the command module doesn't have a "cmd"
> parameter. (Then it helpfully lists the parameters it does have.)
> You could say
>
>   ansible.builtin.shell: "{{ command2 }}"
>
> But Brian already gave you a solution, which I'll repeat here:
> You either need to run ansible-playbook as a user with permissions (rke,
> root?)
> or use a task to read the file while using privilege escalation (become):
>  - slurp:
>  path: , '*/home/rke/*.ssh/id_rsa.pub'
>become: yes
>delegate_to: localhost
>register: rke_pub_key
> This is the equivalent of you doing `sudo cat */home/rke/*.ssh/id_rsa.pub'
> (lookups always run 'locally and are not affected by become, which only
> affects the 'remote' side of a task).
>
>
>
> On Friday, July 22, 2022 at 2:06:55 PM UTC-4 tdub...@gmail.com wrote:
>
>>
>> trying to do this another way
>>
>> - name: copy id_rsa.pub to tmp for reading on localhost
>>   ansible.builtin.shell:
>> cmd: "{{ command2 }}"
>>   register: shell_output
>>   become: true
>>   delegate_to: localhost
>>
>>
>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>
>> I am trying to run this only on the ansible controller (localhost)
>>
>> but it looks like its trying to run on remote nodes
>>
>>
>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>
>>
>> any idea?
>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>
>>> do you mean something like this?
>>>
>>>
>>> ---
>>> # tasks file for createuser
>>> - include_vars:
>>>dir: vars
>>>
>>>
>>>
>>>
>>> *- name: Get id_rsa.pub from localhost  set_fact:auth_key: "{{
>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"  delegate_to: localhost*
>>>
>>> - name: create user rke
>>>   ansible.builtin.user:
>>> name: '{{ username }}'
>>> shell: '{{ shell }}'
>>> generate_ssh_key: yes
>>> create_home: yes
>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>> append: yes
>>> ssh_key_file: .ssh/id_rsa
>>>   become: true
>>>
>>> - name: Make sure we have a 'wheel' group
>>>   group:
>>> name: wheel
>>> state: present
>>>
>>> - name: Allow 'wheel' group to have passwordless sudo
>>>   lineinfile:
>>> dest: /etc/sudoers
>>> state: present
>>> regexp: '^%wheel'
>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>> validate: 'visudo -cf %s'
>>>
>>>
>>> - name: Setup authkeys for user rke
>>>   become: true
>>>
>>>   authorized_key:
>>> user: '{{ username }}'
>>> state: present
>>> key: auth_key
>>>
>>>
>>>
>>> On Thu, Jul 21, 2022 

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

What ansible version do you have installed

On Fri, Jul 22, 2022 at 2:37 PM Tony Wong  wrote:

> still failed
>
> TASK [rancherpocreplay : copy id_rsa.pub to tmp for reading]
> *
> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>
> On Fri, Jul 22, 2022 at 11:32 AM John Petro  wrote:
>
>> just for giggles, have you tried putting a sudo in front of your
>> command?  I am not saying this would work, but just curious if maybe the
>> "become" is being honored on the remote site only, so locally it might
>> still be running as whatever local user you are running the ansible
>> playbook as.
>>
>> On Fri, Jul 22, 2022 at 2:21 PM Tony Wong  wrote:
>>
>>> trying to copy id_rsa.pub for a user (rke) on my ansible controller to
>>> authorized_keys on remote hosts
>>>
>>> I am running ansible playbook as user ansible
>>>
>>> since ansible user cannt access /home/rke/.ssh, it cannot lookup the pub
>>> key
>>>
>>> I tried elevating privileges on lookup tasks and cannot do it
>>>
>>>
>>>
>>> On Fri, Jul 22, 2022 at 11:12 AM John Petro 
>>> wrote:
>>>
>>>> I am sure you have mentioned this before, so forgive me if it's a
>>>> repeat. I couldn't find the email in my inbox.  What is it you are trying
>>>> to do again?
>>>>
>>>> On Fri, Jul 22, 2022 at 2:07 PM Tony Wong  wrote:
>>>>
>>>>>
>>>>> trying to do this another way
>>>>>
>>>>> - name: copy id_rsa.pub to tmp for reading on localhost
>>>>>   ansible.builtin.shell:
>>>>> cmd: "{{ command2 }}"
>>>>>   register: shell_output
>>>>>   become: true
>>>>>   delegate_to: localhost
>>>>>
>>>>>
>>>>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>>>>
>>>>> I am trying to run this only on the ansible controller (localhost)
>>>>>
>>>>> but it looks like its trying to run on remote nodes
>>>>>
>>>>>
>>>>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>>
>>>>>
>>>>> any idea?
>>>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>>>>
>>>>>> do you mean something like this?
>>>>>>
>>>>>>
>>>>>> ---
>>>>>> # tasks file for createuser
>>>>>> - include_vars:
>>>>>>dir: vars
>>>&

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

just for giggles, have you tried putting a sudo in front of your command?
I am not saying this would work, but just curious if maybe the "become" is
being honored on the remote site only, so locally it might still be running
as whatever local user you are running the ansible playbook as.

On Fri, Jul 22, 2022 at 2:21 PM Tony Wong  wrote:

> trying to copy id_rsa.pub for a user (rke) on my ansible controller to
> authorized_keys on remote hosts
>
> I am running ansible playbook as user ansible
>
> since ansible user cannt access /home/rke/.ssh, it cannot lookup the pub
> key
>
> I tried elevating privileges on lookup tasks and cannot do it
>
>
>
> On Fri, Jul 22, 2022 at 11:12 AM John Petro  wrote:
>
>> I am sure you have mentioned this before, so forgive me if it's a repeat.
>> I couldn't find the email in my inbox.  What is it you are trying to do
>> again?
>>
>> On Fri, Jul 22, 2022 at 2:07 PM Tony Wong  wrote:
>>
>>>
>>> trying to do this another way
>>>
>>> - name: copy id_rsa.pub to tmp for reading on localhost
>>>   ansible.builtin.shell:
>>> cmd: "{{ command2 }}"
>>>   register: shell_output
>>>   become: true
>>>   delegate_to: localhost
>>>
>>>
>>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>>
>>> I am trying to run this only on the ansible controller (localhost)
>>>
>>> but it looks like its trying to run on remote nodes
>>>
>>>
>>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>
>>>
>>> any idea?
>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>>
>>>> do you mean something like this?
>>>>
>>>>
>>>> ---
>>>> # tasks file for createuser
>>>> - include_vars:
>>>>dir: vars
>>>>
>>>>
>>>>
>>>>
>>>> *- name: Get id_rsa.pub from localhost  set_fact:auth_key: "{{
>>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"  delegate_to: localhost*
>>>>
>>>> - name: create user rke
>>>>   ansible.builtin.user:
>>>> name: '{{ username }}'
>>>> shell: '{{ shell }}'
>>>> generate_ssh_key: yes
>>>> create_home: yes
>>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>>> append: yes
>>>> ssh_key_file: .ssh/id_rsa
>>>>   become: true
>>>>
>>>> - name: Make sure we have a 'wheel' group
>>>>   group:
>>>> name: wheel
>>>> state: present
>>>>
>>>> - name: Allow 'wheel' group to have passwordless sudo
>>>>   lineinfile:
>>>> dest: /etc/sudoers
>>>> state: present
>>>> regexp: '^%wheel'
>>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>>> validate: 'visudo -cf %s'
>>>>
>>>>
>>>> - name: Setup authkeys for user rke
>>>>   become: true
>>>>
>>>>   authorized_key:
>>>> user: '{{ username }}'
>>>> state: present
>>>> key: auth_key
>>>>
>>>>
>>>>
>>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser  wrote:
>>>>
>>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong  wrote:
>>>>> >
>>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>>> even though it has sudo rights and in root group cant access that folder.
>&g

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

I am sure you have mentioned this before, so forgive me if it's a repeat. I
couldn't find the email in my inbox.  What is it you are trying to do
again?

On Fri, Jul 22, 2022 at 2:07 PM Tony Wong  wrote:

>
> trying to do this another way
>
> - name: copy id_rsa.pub to tmp for reading on localhost
>   ansible.builtin.shell:
> cmd: "{{ command2 }}"
>   register: shell_output
>   become: true
>   delegate_to: localhost
>
>
> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>
> I am trying to run this only on the ansible controller (localhost)
>
> but it looks like its trying to run on remote nodes
>
>
> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>
>
> any idea?
> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>
>> do you mean something like this?
>>
>>
>> ---
>> # tasks file for createuser
>> - include_vars:
>>dir: vars
>>
>>
>>
>>
>> *- name: Get id_rsa.pub from localhost  set_fact:auth_key: "{{
>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"  delegate_to: localhost*
>>
>> - name: create user rke
>>   ansible.builtin.user:
>> name: '{{ username }}'
>> shell: '{{ shell }}'
>> generate_ssh_key: yes
>> create_home: yes
>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>> append: yes
>> ssh_key_file: .ssh/id_rsa
>>   become: true
>>
>> - name: Make sure we have a 'wheel' group
>>   group:
>> name: wheel
>> state: present
>>
>> - name: Allow 'wheel' group to have passwordless sudo
>>   lineinfile:
>> dest: /etc/sudoers
>> state: present
>> regexp: '^%wheel'
>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>> validate: 'visudo -cf %s'
>>
>>
>> - name: Setup authkeys for user rke
>>   become: true
>>
>>   authorized_key:
>> user: '{{ username }}'
>> state: present
>> key: auth_key
>>
>>
>>
>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser  wrote:
>>
>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong  wrote:
>>> >
>>> > yes it does, but the user (ansible) i am running the playbook with
>>> even though it has sudo rights and in root group cant access that folder.
>>>
>>>
>>> Your authorized_keys task is run on the remote host, but using the
>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>> escalation locally.
>>> I think for fetching the materials, you should have an initial
>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>
>>> (not verified)
>>>
>>>
>>>
>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>> >
>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro 
>>> wrote:
>>> >>
>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>>> ansible playbook from?  Also, what happens if you try to do a ls on that
>>> directory as the user that is executing the ansible playbook, are you
>>> getting any errors?
>>> >>
>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong  wrote:
>>> >>>
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -v to see paths)
>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a >> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> 

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

Sounds like you have a local permissions issue.

On Thu, Jul 21, 2022 at 10:32 AM Tony Wong  wrote:

> yes it does, but the user (ansible) i am running the playbook with even
> though it has sudo rights and in root group cant access that folder.
>
> i tried to copy the id_rsa.pub to /tmp and it works
>
> On Thu, Jul 21, 2022 at 7:10 AM John Petro  wrote:
>
>> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>> ansible playbook from?  Also, what happens if you try to do a ls on that
>> directory as the user that is executing the ansible playbook, are you
>> getting any errors?
>>
>> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong  wrote:
>>
>>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
>>> (use -v to see paths)
>>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred
>>> while running the lookup plugin 'file'. Error was a >> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
>>> (use -v to see paths)
>>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred
>>> while running the lookup plugin 'file'. Error was a >> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
>>> (use -v to see paths)
>>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred
>>> while running the lookup plugin 'file'. Error was a >> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>
>>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong  wrote:
>>>
>>>> how do i access to lookup the id_rsa.pub file? The user running ansible
>>>> playbook has sudo rights on the controller
>>>>
>>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis  wrote:
>>>>
>>>>> It would have root access — on the target machine, but not on the
>>>>> Ansible controller.
>>>>>
>>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 tdub...@gmail.com
>>>>> wrote:
>>>>>
>>>>>> But I used become: in my main.yml
>>>>>>
>>>>>> Would that have root access?
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Ansible Project" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>> .
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> ansible-project+unsubscr...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com?utm_medium=email_source=footer>
>>>>> .
>>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz

Re: [ansible-project] how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[John Petro]

Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
ansible playbook from?  Also, what happens if you try to do a ls on that
directory as the user that is executing the ansible playbook, are you
getting any errors?

On Thu, Jul 21, 2022 at 9:09 AM Tony Wong  wrote:

> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
> (use -v to see paths)
> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a  'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
> (use -v to see paths)
> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a  'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths
> (use -v to see paths)
> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a  'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
>
> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong  wrote:
>
>> how do i access to lookup the id_rsa.pub file? The user running ansible
>> playbook has sudo rights on the controller
>>
>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis  wrote:
>>
>>> It would have root access — on the target machine, but not on the
>>> Ansible controller.
>>>
>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 tdub...@gmail.com wrote:
>>>
 But I used become: in my main.yml

 Would that have root access?

>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> ansible-project+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com.

Re: [ansible-project] Ansible playbook to monitor disk space utilization and generate alert

[John Petro]

If you are looking to learn, one of the first things I learned to do, was I
wrote a playbook, that would set up everything I needed when I would load
an OS on one of my Raspberry Pi devices.

--John

On Mon, Jul 18, 2022 at 4:24 PM Amit Das  wrote:

> Thank you for your suggestion. We already have Dynatrace at work.
> For my learning purposes, I wanted to write a playbook.
>
> Kind regards,
> Amit
>
> On Mon, 18 Jul 2022 at 22:01, Dick Visser  wrote:
>
>> On Mon, 18 Jul 2022 at 20:18, Amit Das  wrote:
>> >
>> > Dear All,
>> >
>> > I am relatively new to Ansible. Could someone please guide me on
>> writing a playbook which runs hourly to monitor the disk space and
>> generates an email alert if the threshold is breached?
>>
>> Ansible is a configuration management tool. You should not waste
>> effort trying to shoehorn ansible into some home grown service
>> monitoring tool.
>> Instead, use a dedicated service monitoring tool for that job.
>> Picking the right one is outside the scope of this list, but there is
>> plenty of information out there, take a look at zabbix, nagios, etc.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLa1PDhep9dOqhjK7GdnV8y%3DzGOYRM26e7LsuQhqCxkf8A%40mail.gmail.com
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALEnQg-MVLZLm--YeEiRZkPje9nG8SpirogNYooxKxJ0abN6iw%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_MyYYFwgQGy04DkuU-mGcue%2BauJZsvy0DP4yq_4ccNKA%40mail.gmail.com.

Re: [ansible-project] nested roles

[John Petro]

That's really where I come down.  I'd rather see all dependancies in the
playbook, to avoid potential problems down the road.

On Tue, Jun 21, 2022, 6:13 PM Brian Coca  wrote:

> Yes, but that is not a commonly held view, why 'dependencies' exist,
> so I suggest using import/include_role instead ... if i cannot
> convince people of avoiding role 'trees'.
>
>
> --
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7cqGgnT4qaz60m4AdT6zW977AyiAMBf9N3dLJ3K4v8_XQ%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob94QrGhOxfq35pis-mk49OHkHsr_iozrS_f7q6wicgP3g%40mail.gmail.com.

Re: [ansible-project] nested roles

[John Petro]

@Brian Coca,
   So what you are suggesting, when you say you "prefer to keep things
simple and obvious" is that you suggest keeping the import statements in
the playbook that calls the role, not really inside the role itself, is
that what I am understanding you to mean by that?

--John

On Tue, Jun 21, 2022 at 11:45 AM Brian Coca  wrote:

> I prefer to keep things simple and obvious, I would keep role imports
> to the play, not everyone agrees and many use complex role
> hierarchies.
>
> If it is a choice between setting 'dependencies' (which imports a role
> from a role) and import_role, I always advise to use the latter.
> reasons against dependencies:
> - it is hidden in the 'meta' so it adds 'yet another file' to find out
> the task flow
> - they execute prior to the role with a lot of rules to which
> variables and keywords are inherited
> - the dependent is also the parent, which many find counterintuitive
> - the import always happens, conditionals are appended to the
> tasks/handlers on execution
>
> with import/include:
> - inheritance is clear, set at the time of import/inclusion (import
> directly,  include via apply option)
> - with include_role you can avoid importing at all, import_role
> behaves closer to roles:/dependencies
> - finer control on when to execute
> - you can dynamically choose the role and/or entry points for the role
> (tasks_from/vars_from/etc)
>
> Currently the only advantage of dependency over include/import is that
> it is both runtime and install time so you don't need to add the role
> to 'requirements' file, which can be dealt with if we automate
> requirements file creation (some issues with dynamic role selection,
> but should work for static references).
>
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7cJWniX7iYMVN7SmPDdvim_wVDyWD9ppnjS_xnvMN%3D3fQ%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9BGF9NiLszJRo0ojx0_maOgKaLx_2bs%2BT9UWGD%3DgLn5Q%40mail.gmail.com.

Re: [ansible-project] nested roles

[John Petro]

Paul,
  Thanks for that feedback.  Definitely some things to think about here for
sure.  I thought I had remembered reading somewhere that is wasn't a great
idea, and was not able to figure out where I had read that so I am glad you
brought up that it wasn't recommended with earlier versions.  My thought,
is that if a role is being imported inside a role to make sure that
dependencies were met, that it might be better done in the master playbook,
instead of the role to make debugging easier.  I am sure there are other
reasons too but that is one of the first things that came to mind.

--John

On Sun, Jun 19, 2022 at 10:30 AM Paul Manno  wrote:

> Hello flowerysong,
>
> I'm sure it was the case, at least with older versions of ansible, that
> the doc included a statement that roles should not be included from other
> roles and that the dependency mechanism should be used instead. Looking at
> the link you posted, that feature has only been available since v2.10. I'm
> using AWX, running 2.9, and the official RedHat ansible tower is only up to
> ansible 2.9.27. That suggests that the feature you're referencing wouldn't
> even work in Tower or AWX? Are you using tower and/or AWX and are you able
> to use that feature? Another question world be about dependencies for the
> roles you import because older roles may still use the older meta/main.yml
> which would not be evaluated on role import?
>
> So maybe we are finding even more reason to not import roles in roles due
> to backwards compatibility issues?
>
>
>
> Sent from my T-Mobile 5G Device
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> --
> *From:* ansible-project@googlegroups.com 
> on behalf of flowerysong 
> *Sent:* Saturday, June 18, 2022 11:45:26 PM
> *To:* Ansible Project 
> *Subject:* Re: [ansible-project] nested roles
>
> I highly disagree with this, and would be interested in a pointer to the
> documentation that you say claims "importing a role in the tasks of another
> role is a bad idea" since I've never seen that in the official Ansible
> documentation.
>
> Explicitly importing or including the role provides more control over
> execution order, and ansible-galaxy can still handle dependency install by
> listing them in meta/requirements.yml (
> https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#using-meta-requirements-yml
> )
>
> On Saturday, June 18, 2022 at 11:33:55 AM UTC-4 pgm...@gmail.com wrote:
>
> Hi John,
>
> Per ansible doc, you should not import a role within another role.
> Instead, you should use the built in dependencies model. Importing a role
> in the tasks of another role is a bad idea because it reduces the
> portability of the role. You'd have to guarantee that the role you're using
> and the role you import are both present in your roles dir. The dependency
> model ansible provides solves this problem by leveraging the ansible galaxy
> command to pull dependencies from remote repositories.
>
> Paul
>
> Sent from my T-Mobile 5G Device
> Get Outlook for Android <https://aka.ms/AAb9ysg>
>
> --
> *From:* ansible...@googlegroups.com  on
> behalf of John Petro 
> *Sent:* Friday, June 17, 2022, 3:26 PM
> *To:* ansible...@googlegroups.com 
> *Subject:* [ansible-project] nested roles
>
> I have a question regarding nested roles.
>
> Back Story:  I am doing some code reviews for some ansible code a coworker
> has done.  I noticed that they are importing other roles into the role they
> are working on.
>
> Question:  I feel like this is not a good idea, that dependencies should
> be taken care of at the playbook level, but I am having a difficult time
> justifying why nesting roles is not necessarily a good idea, so I am
> looking for some feedback to help me here.  I welcome your thoughts on
> this...
>
> --John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAPAjob8sDH_4Sz23MFPTsBiB0wzmokOKmyJdfkGdsPY6nTZchQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAPAjob8sDH_4Sz23MFPTsBiB0wzmokOKmyJdfkGdsPY6nTZchQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> h

[ansible-project] nested roles

[John Petro]

I have a question regarding nested roles.

Back Story:  I am doing some code reviews for some ansible code a coworker
has done.  I noticed that they are importing other roles into the role they
are working on.

Question:  I feel like this is not a good idea, that dependencies should be
taken care of at the playbook level, but I am having a difficult time
justifying why nesting roles is not necessarily a good idea, so I am
looking for some feedback to help me here.  I welcome your thoughts on
this...

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8sDH_4Sz23MFPTsBiB0wzmokOKmyJdfkGdsPY6nTZchQ%40mail.gmail.com.

Re: [ansible-project] How do you keep your ansible collections and roles from the galaxy current ?

[John Petro]

If I am understanding the requirement here.   You want to be able to grab a
specific version of a role or collection for some reason.If that is
what you are asking for, then what about cloning the collection or role to
a personal git repository.

--John

On Wed, Jun 1, 2022 at 3:30 AM Norbert Klamann <
norbert.klam...@klamann-software.de> wrote:

> Hallo all,
> what is the best way to keep the ansible collections and roles current
> which you use ?
>  I think about parsing the output of `ansible-galaxy role list` or
> `ansible-galaxy collection list` but this is not very elegant.
>
> I think I overlook a very simple solution, can somebody point me in the
> right directione, please ?
>
> Many thanks
>
> Norbert
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/df51ba2e-2900-4de3-ba1f-a4e625296003n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-Emi%3DTXm6yWragEU40ONyZp5dEw9X9aQWYraZef%2Bma5A%40mail.gmail.com.

Re: [ansible-project] question on LVM exists or not

[John Petro]

Well,
  Someone else might have a clearer answer, but the way you coded it, the
task would be skipped if ln_mysql is not defined.  Did you try adding some
verbosity to the ansible-playbook command?  When something like this
happens to me, I go right for the - and that will usually point me in
the right direction.

--John

On Wed, Mar 16, 2022 at 7:08 PM subbamma natla 
wrote:

> why am I getting output when " when:
> ansible_facts['lvm']['lvs']['lv_mysql'] is not defined"
> ---
> - hosts: database
>   gather_facts: yes
>   tasks:
>   - name: check lv_mysql exists
> debug:
>   msg: "LV_MYSQL not there"
> when: ansible_facts['lvm']['lvs']['lv_mysql'] is not defined
>
>   - name: check lv_mysql exists
> debug:
>   msg: "LV_MYSQL is there"
> when: ansible_facts['lvm']['lvs']['lv_mysql'] is defined
> output:
> TASK [check lv_mysql exists]
> **
> ok: [mhost5] => {
> "msg": "LV_MYSQL not there"
> }
>
> TASK [check lv_mysql exists]
> **
> skipping: [mhost5]
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAJVhugJz5Wn%2BjokOWtAcN2p2guHTqM%2BrxV%2BztLYpQ-Zy%2BtYD_A%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-EvJoi4fWg2QG0PFtDivsR_hZ%2BCg1SvGTyVnmYH1BQpA%40mail.gmail.com.

Re: [ansible-project] Apt behaviour

[John Petro]

Usually I tend to see this when the apt cache isn't current.  I am sure
there are other reasons as well, but more than 80% of the time for me, that
usually fixes my issue.

--John

On Sun, Mar 6, 2022 at 9:11 PM Igor Cicimov 
wrote:

> Hi all,
>
> Anyone knows why is apt behaving differently here? I have this var
>
> fonts_packages:
>   - ttf-wqy-zenhei
>   - fonts-takao-mincho
>   - fonts-indic
>   - ttf-wqy-microhei
>
> and simple task:
>
> - name: install additional fonts
>   apt:
> name: "{{ fonts_packages }}"
> state: present
>
>  passing the list to apt.
>
> That works in Ansible 2.4.4 as expected:
>
> "invocation": {
> "module_args": {
>
> "name": [
> "ttf-wqy-zenhei",
> "fonts-takao-mincho",
> "fonts-indic",
> "ttf-wqy-microhei"
> ],
> "only_upgrade": false,
> "package": [
> "ttf-wqy-zenhei",
> "fonts-takao-mincho",
> "fonts-indic",
> "ttf-wqy-microhei"
> ],
> ...
>
> But in 2.5+ fails because:
>
> fatal: [hostname]: FAILED! => {
> "changed": false,
> "invocation": {
> "module_args": {
>
> "name": "['ttf-wqy-zenhei', 'fonts-takao-mincho',
> 'fonts-indic', 'ttf-wqy-microhei']",
> "only_upgrade": false,
> "package": [
> "['ttf-wqy-zenhei'",
> " 'fonts-takao-mincho'",
> " 'fonts-indic'",
> " 'ttf-wqy-microhei']"
> ],
> ...
> },
> "msg": "No package(s) matching '['ttf-wqy-zenhei'' available"
> }
>
> I'm passing a list to apt "name" parameter as per the documentation.
>
> Thanks
>
>
>
>
> Know Your Customer due diligence on demand, powered by intelligent process
> automation
>
>
> Blogs   | LinkedIn
>   | Twitter
> 
>
>
>
>
> Encompass Corporation UK Ltd  | Company No. SC493055 | Address: Level 3,
> 33 Bothwell Street, Glasgow, UK, G2 6NL
>
> Encompass Corporation Pty Ltd  | ACN 140 556 896 | Address: Level 10, 117
> Clarence Street, Sydney, New South Wales, 2000
>
> This email and any attachments is intended only for the use of the
> individual or entity named above and may contain confidential information.
>
> If you are not the intended recipient, any dissemination, distribution or
> copying of this email is prohibited.
>
> If received in error, please notify us immediately by return email and
> destroy the original message.
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/13465a54-4216-450c-a9f9-a079495425f3n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-psyniU9Fs3sFQNvxrVcYCQ0ks4gCaH7MZMJRErm3wZg%40mail.gmail.com.

Re: [ansible-project] ansible-galaxy vs. ansible-galaxy collections

[John Petro]

Maybe you have a formatting issue with your requirements.yml.   Mine looks
like this, and it worked no problem.

collections:
   - name: theforeman.foreman

On Fri, Mar 4, 2022 at 10:36 AM Hiero-nymo  wrote:

> Hi everyone,
>
> On the ansible documentation, I found the collection "the foreman.foreman"
> here's the link: theforeman.foreman
> 
>
> This collection can manually be installed like:
> ansible-galaxy collection install the foreman.foreman and all seems ok.
>
> So, now I need to do the same things but automatically through the 
> requirements.yml
> file, like this:
> ---
> collections:
> - theforeman.foreman
>
> Unfortunately this collection will not be find and when I do a search into
> ansible-galaxy I don't find it.
>
> Is the collection something else than ansible-galaxy?
> I've the feeling that something goes wrong but I don't know what.
> Has anyone an idea about my issue?
> Could someone explain me the difference between these both repo?
>
> Thank you in advance for your help,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c9118723-986e-44fa-9a36-59a559b6f201n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9KwPG5g%2BwLU3T%2BL77gN%2Bd5nRQ7tfbFJyvLv0C2rcrsCw%40mail.gmail.com.

Re: [ansible-project] issue in installation of ansible

[John Petro]

Is python 3.8 installed?  If not, you might want to try that

--John

On Thu, Feb 3, 2022 at 9:08 PM Kevin Y  wrote:

> Hi Ubuntu is installed at windows10 and then the below commands are
> entered in the Ubunto. It looks like the installing ansible is successful
> without error message.
>
>
> $ sudo apt-get update
> $ sudo apt-get install software-properties-common
> $ sudo apt-add-repository ppa:ansible/ansible
> $ sudo apt-get update
> $ sudo apt-get install ansible -y
>
>
> However, the installation mayby unsuccessful because we can see below
> message with command "ansible -v". Please see the below. Did I miss some
> step for the installation? Anyone can help for this?  Thank you
>
>
> admin1@Le:~$ ansible -v
> Traceback (most recent call last):
>   File "/usr/bin/ansible", line 44, in 
> from ansible import context
>   File "/usr/local/lib/python3.8/dist-packages/ansible/context.py", line
> 18, in 
> from ansible.module_utils.common._collections_compat import Mapping,
> Set
> ModuleNotFoundError: No module named 'ansible.module_utils'
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/981a6842-ce60-4b79-bcca-5236900eae4en%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9fHGOHJyK-tp97F13%2BfxfLZMqm55uK28vmc85o7Nb8oQ%40mail.gmail.com.

Re: [ansible-project] Re: Getting Timed Out Error when running the playbook using `vagrant provision`

[John Petro]

ALso, what version of virtualbox are you using?  The newer versions don't
support the 172.* subnets out of the box anymore.  So it could be that as
well


On Thu, Feb 3, 2022 at 12:42 PM arjungoel 1995 
wrote:

> Can you please tell me how to fix this issue?
>
> On Thu, Feb 3, 2022 at 7:16 PM Stefan Hornburg (Racke) 
> wrote:
>
>> On 03/02/2022 14:39, arjungoel 1995 wrote:
>> > This is the output I am getting after running `vagrant ssh-config`
>> >
>> > image.png
>> >
>> > Also want to know why I am experiencing the timeout error while running
>> the ansible playbook using ansible-playbook command.
>>
>> Vagrant uses 127.0.0.1 and port .
>>
>> Ansible uses 172.30.240.1.
>>
>> Again: *Vagrant didn't setup **172.30.240.1 properly*
>>
>> Regards
>>
>> Racke
>>
>> >
>> > On Thu, Feb 3, 2022 at 6:59 PM Stefan Hornburg (Racke) <
>> ra...@linuxia.de> wrote:
>> >
>> > On 03/02/2022 14:22, arjungoel 1995 wrote:
>> > > `vagrant ssh` is working but when I tried to run the playbook
>> using `ansible-playbook ` command I am getting a timeout error
>> again.
>> > >
>> > > image.png
>> > >
>> > > I have checked the /etc/ansible/hosts file and the IP address is
>> there. How I can fix the timeout issue with both ways?
>> >
>> > What does `vagrant ssh-config` say?  Does it use the IP
>> 172.30.240.1?
>> >
>> > I don't think so. Looks like Vagrant didn't set up the IP properly.
>> >
>> > Regards
>> >
>> >   Racke
>> >
>> >
>> > >
>> > > Thanks
>> > >
>> > > On Thu, Feb 3, 2022 at 6:21 PM Stefan Hornburg (Racke) <
>> ra...@linuxia.de> wrote:
>> > >
>> > > On 03/02/2022 13:47, arjungoel 1995 wrote:
>> > > > Hi, I tried to ping the port and IP address using SSH and
>> getting timeout error. Can you please help me how to fix this?
>> > > >
>> > > >
>> > > > image.png
>> > > >
>> > > Does "vagrant ssh" work?
>> > >
>> > > Regards
>> > >
>> > >   Racke
>> > >
>> > >
>> > > > On Thu, Feb 3, 2022 at 5:37 PM Roberto Paz <
>> rjr...@gmail.com> wrote:
>> > > >
>> > > > Have you tried to manually run an *ssh *command to that
>> IP address and port? If ssh command also returns a timeout, then that is
>> the main source of the issue.
>> > > >
>> > > > El miércoles, 2 de febrero de 2022 a la(s) 14:29:08
>> UTC-3, arjung...@gmail.com escribió:
>> > > >
>> > > > Hi,
>> > > >
>> > > > I am trying to run a basic ansible playbook using
>> vagrant provision but while doing so experiencing this error:
>> > > >
>> > > > I even added the ip in my Vagrantfile:
>> > > >
>> > > > # -*- mode: ruby -*-
>> > > > # vi: set ft=ruby :
>> > > > Vagrant.configure("2") do |config|
>> > > >   config.vm.box = "centos/7"
>> > > > *  config.vm.network "private_network", ip:
>> "172.30.240.1"*
>> > > >   config.vm.provision "ansible" do |ansible|
>> > > > ansible.playbook = "playbook.yaml"
>> > > >   end
>> > > > Also I am not able to install ansible on windows
>> using pip and like you know git bash won't support installation of ansible.
>> > > > While I am getting version compatibility issues
>> while trying the same using WSL.
>> > > > Please help.
>> > > > Thanks
>> > > > Arjun Goel
>> > > > But still experiencing the
>> issue.ansible_timeout_error.PNG
>> > > > end
>> > > >
>> > > > --
>> > > > You received this message because you are subscribed to
>> the Google Groups "Ansible Project" group.
>> > > > To unsubscribe from this group and stop receiving
>> emails from it, send an email to
>> ansible-project+unsubscr...@googlegroups.com > ansible-project%2bunsubscr...@googlegroups.com> > ansible-project%2bunsubscr...@googlegroups.com > ansible-project%252bunsubscr...@googlegroups.com>>.
>> > > > To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/ac2f697a-ee8d-483f-b9df-c08f8142a182n%40googlegroups.com
>> <
>> https://groups.google.com/d/msgid/ansible-project/ac2f697a-ee8d-483f-b9df-c08f8142a182n%40googlegroups.com?utm_medium=email_source=footer
>> <
>> https://groups.google.com/d/msgid/ansible-project/ac2f697a-ee8d-483f-b9df-c08f8142a182n%40googlegroups.com?utm_medium=email_source=footer>
>> <
>> https://groups.google.com/d/msgid/ansible-project/ac2f697a-ee8d-483f-b9df-c08f8142a182n%40googlegroups.com?utm_medium=email_source=footer
>> <
>> https://groups.google.com/d/msgid/ansible-project/ac2f697a-ee8d-483f-b9df-c08f8142a182n%40googlegroups.com?utm_medium=email_source=footer
>> >>>.
>> > > >
>> > > 

[ansible-project] Keeping directory content in sync

[John Petro]

I am working on a role for work, and it needs to keep the source directory
( that lives on the ansible controlnode ), and the destination ( lives on
teh remote ) in sync. I know that the copy module can keep the
changes/additions in sync.  I am not so much worried about that part.
Where I am getting stuck, is how to handle if we delete a file at the
source, and want that delete carried forward to the remote.

Is there a good way to do that, other than stat the files, loop through the
variable, and delete anything that doesn't exist?

Any advice you have here would be much appreciated.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8UvQuOSCGMUqiO--vM6dVAB27aa_-RMmYegbCtcCninw%40mail.gmail.com.

[ansible-project] Ansible Control Node Configuration

[John Petro]

Good Afternoon,
  My team is in the process of doing a review of our current environment.
The question came up, that since the ansible control node has the "keys to
the kingdom"  that it should not live on public IP space.  So I thought I
might ask, what are you folks doing in terms of where your control node
sits.  Are you exposed to the internet, are you on either private IP space
( ie. 10 net or 192.168 space ), or are you behind a firewall, or some
other kinds of network security type devices/technologies.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-8vVrK0KqjgiETt786XfRZNtUwvSWaOznDoyFH4M4doA%40mail.gmail.com.

Re: [ansible-project] Question about template module

[John Petro]

Thanks Matt!!   That is the answer I was looking for.

--John

On Wed, Nov 10, 2021 at 9:42 AM Matt Martz  wrote:

> The template is always generated locally where ansible is executed from.
> Then we call the `copy` action internally, which will call the `stat`
> module to get the checksum of the remote file and determine if it exists.
> If the local checksum and remote checksum matches, the file is not copied
> to the remote.  Afterwards we call the `file` action/module, and
> potentially modify permissions/ownership/mode on the destination file.
>
> On Wed, Nov 10, 2021 at 8:36 AM John Petro  wrote:
>
>> Good morning!!
>>
>> I have a quick question about how the template module works under the
>> hood, that I wasn't able to find any information on, and was asked about by
>> a coworker.
>>
>> So, let's say I have a role where I created a config file from a
>> template.  If I run that role a second time, the result comes back having
>> not making any changes, which is what I expect.   So the question I have is
>> when I run a playbook against that role multiple times, how does ansible
>> check the value to determine if a change needs to be made or not.
>>
>> --john
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_ikZ60_ijHj9hA%3DLoGVc-7Yy-tzh1m8Dfkm1YHSSX_yQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_ikZ60_ijHj9hA%3DLoGVc-7Yy-tzh1m8Dfkm1YHSSX_yQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>
>
> --
> Matt Martz
> @sivel
> sivel.net
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAD8N0v-Prdkn9POzfw3prtZ5AcrBN4-fpd4zF1p8n%2BLC-ugS-A%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAD8N0v-Prdkn9POzfw3prtZ5AcrBN4-fpd4zF1p8n%2BLC-ugS-A%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_Kr8uE7SAXV1x3OTAEtS9YqFD%3D3U9KVWAWZkVLLcyzLg%40mail.gmail.com.

[ansible-project] Question about template module

[John Petro]

Good morning!!

I have a quick question about how the template module works under the hood,
that I wasn't able to find any information on, and was asked about by a
coworker.

So, let's say I have a role where I created a config file from a template.
If I run that role a second time, the result comes back having not making
any changes, which is what I expect.   So the question I have is when I run
a playbook against that role multiple times, how does ansible check the
value to determine if a change needs to be made or not.

--john

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_ikZ60_ijHj9hA%3DLoGVc-7Yy-tzh1m8Dfkm1YHSSX_yQ%40mail.gmail.com.

Re: [ansible-project] Determining the primary IP address

[John Petro]

Ok.. so some more info...  I think I have a workable solution.  I"ll be
testing it tomorrow, but I am 99% sure I have it figured out.  The code
above, actually didn't work as I thought..  so, I changed this:

  when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] |
select('match', '^10.[0-9]+')

to this:
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] |
regex_search('^10.[0-9]+')

That seems to have gotten me the result I was looking for.

As for the "default ipv4" not being consistent, I went back and re-read the
article.  Basically, the author said that if you don't set a default route,
then the default.ipv4.address will be empty.  I decided this was not a huge
deal, since I can't think of a situation where I have installed a server
without a default route.  :)

So anyway, thanks again for the help, I do appreciate it.
--John

On Thu, Oct 21, 2021 at 7:43 PM Dick Visser  wrote:

> I don't know about any such unreliability.
> As for determining if the address is in a specific prefix, I would
> definitely use the ipaddr filter:
>
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters_ipaddr.html
>
> On Fri, 22 Oct 2021 at 00:06, John Petro  wrote:
>
>> Good afternoon.
>>   I have this snippet of code, that sets a proxy variable if the default
>> ipv4 IP address is in 10 net space.  I had read somewhere that using the
>> ansible_default_ipv4 fact, wasn't always reliable.  So is there a better
>> way to grab the primary IP other than what I did below?
>>
>> - name:  PreTask | Configure proxy
>>   set_fact:
>> _zabbix_proxy: "{{zabbix_http_proxy}}"
>>   when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] |
>> select('match', '^10.[0-9]+')
>>
>> Thanks for the help!!
>>
>> --John
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_VTLnFFUannftz9cgMbdGj7etHN8TtmA%2B%2B7M7aA7L8qg%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_VTLnFFUannftz9cgMbdGj7etHN8TtmA%2B%2B7M7aA7L8qg%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAL8fbwMpKBNdfM1FtH4-FemVx_FW1hNk03uwXeLW%2Bv5esTiGcQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAL8fbwMpKBNdfM1FtH4-FemVx_FW1hNk03uwXeLW%2Bv5esTiGcQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-pyQvn3qhyK0aWtKi0YX7O3bSbJVKd5Cd4P2LHBvZ2_Q%40mail.gmail.com.

Re: [ansible-project] Determining the primary IP address

[John Petro]

I hadn't heard about any inconsistencies either, which is why I figured I'd
ask here.  I thought about the ipaddr filter, but you need to install a
python module for it to work. (netaddr I think) and I was just trying to
figure it out using the base set of modules, etc.  Thanks for the info
though, I appreciate it

--John

On Thu, Oct 21, 2021, 7:43 PM Dick Visser  wrote:

> I don't know about any such unreliability.
> As for determining if the address is in a specific prefix, I would
> definitely use the ipaddr filter:
>
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters_ipaddr.html
>
> On Fri, 22 Oct 2021 at 00:06, John Petro  wrote:
>
>> Good afternoon.
>>   I have this snippet of code, that sets a proxy variable if the default
>> ipv4 IP address is in 10 net space.  I had read somewhere that using the
>> ansible_default_ipv4 fact, wasn't always reliable.  So is there a better
>> way to grab the primary IP other than what I did below?
>>
>> - name:  PreTask | Configure proxy
>>   set_fact:
>> _zabbix_proxy: "{{zabbix_http_proxy}}"
>>   when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] |
>> select('match', '^10.[0-9]+')
>>
>> Thanks for the help!!
>>
>> --John
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_VTLnFFUannftz9cgMbdGj7etHN8TtmA%2B%2B7M7aA7L8qg%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_VTLnFFUannftz9cgMbdGj7etHN8TtmA%2B%2B7M7aA7L8qg%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAL8fbwMpKBNdfM1FtH4-FemVx_FW1hNk03uwXeLW%2Bv5esTiGcQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAL8fbwMpKBNdfM1FtH4-FemVx_FW1hNk03uwXeLW%2Bv5esTiGcQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob922AxOR0_mS-G230o33_i6HD9bhPDxxjEN3Sg%2BKtKLzQ%40mail.gmail.com.

[ansible-project] Determining the primary IP address

[John Petro]

Good afternoon.
  I have this snippet of code, that sets a proxy variable if the default
ipv4 IP address is in 10 net space.  I had read somewhere that using the
ansible_default_ipv4 fact, wasn't always reliable.  So is there a better
way to grab the primary IP other than what I did below?

- name:  PreTask | Configure proxy
  set_fact:
_zabbix_proxy: "{{zabbix_http_proxy}}"
  when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] |
select('match', '^10.[0-9]+')

Thanks for the help!!

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_VTLnFFUannftz9cgMbdGj7etHN8TtmA%2B%2B7M7aA7L8qg%40mail.gmail.com.

Re: [ansible-project] Ansible IDE with syntax help

[John Petro]

I have used it before I knew about the Ansible extension, and it supports
YAML right out of the box, so that might help.  Also, I use an extension
called Indent Rainbow which has been REALLY helpful in debugging
indentation errors.

On Wed, Oct 6, 2021 at 4:52 PM simon clarke  wrote:

> will the RedHat Ansible extension assist with syntax and indentation
> errors?
>
> On Wednesday, October 6, 2021 at 9:49:34 PM UTC+1 simon clarke wrote:
>
>> Thanks for the advice Pat much appreciated
>>
>>
>> On Wednesday, October 6, 2021 at 6:25:17 PM UTC+1
>> pat@networktocode.com wrote:
>>
>>> During Ansiblefest 2021, multiple presenters said they were now using
>>> Microsoft Virtual Studio Code (VSCODE available at no cost on Win10, Mac, &
>>> Linux) with the no-cost RedHat Ansible extension. Of course that is one of
>>> many options but VSCODE has been well received by many.
>>>
>>> On Wed, Oct 6, 2021 at 11:44 AM simon clarke  wrote:
>>>
 Hi,

 I wondered if someone could advise me what the best IDE to use for
 Ansible is?

 I want to be able to use a plugin for syntax/indentation help

 I am a begineer so appologies if this is a basic question and
 appreciate any help

 Simon

 --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-proje...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/662f52fd-6821-4f53-ae6e-3b4f3d915d8dn%40googlegroups.com
 
 .

>>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/11d8ceac-4c46-44fa-baaf-17bd4ebadfc4n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8S9%3DcKgrLiu-bdvOXZ1TOJ0izBbMjE34shnzHWxv-ong%40mail.gmail.com.

Re: [ansible-project] How do you organize ansible roles?

[John Petro]

So, this may not answer all of your questions, but hopefully it hits on a
few.  I have a git repo for the "project" directory structure, and then a
repository for each role.I then use the requirements.yml to grab the
roles I need for a particular project, and it shoves them into the roles
dir for the project.

--John

On Tue, Sep 28, 2021 at 4:03 PM holod...@int.pl  wrote:

> Hey! I'm curious about how do you organize Ansible roles. I want to share
> a few roles in the public Git repository.
> - What do you think about storing roles in the ~/ansible/roles directory?
> - Do you recommend pushing the entire ~/ansible directory together with
> playbooks and other stuff in the git repository or execute git init in the
> directories with role-related stuff like ~/ansible/roles/role1,
> ~/ansible/roles/role2, etc.?
> - If I decided to go the first way, what's the best method to share a
> single ansible role?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/kojifsvxikqamoyxhgjy%40cfgn
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_%2Bq6QaZe0u32WGro_jk61BBBARKH0N%3DKLE%2B2up-KpN_w%40mail.gmail.com.

Re: [ansible-project] AWX dependency on machine's Ansible

[John Petro]

I believe that the ansible that AWX uses is contained in one of the
containers, so your locally installed instance shouldn't impact it.

On Sat, Sep 11, 2021, 12:29 PM Jatin Garg  wrote:

> Hi Team,
>
> I have AWX setup on minikube cluster on Ubuntu machine. I have also got
> Ansible installed (Version2.5.1 with python2.7) on this ubuntu machine.
>
> Using this ansible, I am running some playbooks through CLI. Now, I need
> to upgrade ansible (uninstall then install the new version of Ansible with
> Python3) to execute my some playbooks.
>
> So, please let me know if does AWX use ansible which is installed on my
> ubuntu machine?
> And, if I uninstall or upgrade Ansible on my Ubuntu machine, will it
> impact AWX functionality?
>
> Please suggest.
>
> Regards,
> Jatin Garg
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/be8bfbab-1f77-4c52-973a-9ca6a83b4f34n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-YZY-OxUMuzQQYr7dCpSy0w14_%3DnMc6C%2BDx9JXThQuLQ%40mail.gmail.com.

Re: [ansible-project] Permission Denied error

[John Petro]

Are you able to ssh from the control node to the client as that user? If
so, does it fail, or are you able to log in.  If you are able to log in,
then you might have a problem with your ansible command syntax.
Personally, when I run a playbook, I have to specify the user ( -u ) and I
also have to tell ansible-playbook to ask for the password (--ask-pass )

So, for me, an execution would look something like this:   ansible-playbook
playbook.yml -u username --ask-pass

Of course, I am just guessing at this right now, since I am not sure I have
seen how you are calling the playbook, etc.   Adding the verbose options (
- ) would also be helpful in figuring out what is going on as well.

good luck!!

--John

On Thu, Sep 2, 2021 at 7:55 AM aman kumar chagti 
wrote:

> when I try to run the playbook on a remote VM using password-based
> authentication, I'm getting the following error:
>
> *fatal: [X.X.X.X]: UNREACHABLE! => {"changed": false, "msg": "Failed to
> connect to the host via ssh: x...@X.X.X.X: Permission denied
> (publickey,password).", "unreachable": true}*user and password are
> present in the inventory file.
> but when I try to connect to the VM manually by SSH and using that same
> password: I'm able to log it. Can anyone figure the solution?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/622ba01f-b89b-49f0-91e2-319f6daee852n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob98%2ByPKLsyX4pE_-_hm7U1gZF2Zz6LMZ3QYvWkrRR1ofw%40mail.gmail.com.

Re: [ansible-project] question about tags

[John Petro]

oh, that is cool.  I didn't know about that one.  Thanks, I will check it
out.

--John

On Mon, Jul 19, 2021 at 3:48 PM Doug Hunley 
wrote:

> You could inspect ansible_run_tags and see if those three tags are not in
> it.
>
> On Mon, Jul 19, 2021 at 3:44 PM John Petro  wrote:
>
>> I have a bit of a problem, and was wondering if anyone has ever done
>> something like this.  I have a playbook I am working on, where it updates
>> firewalld rules for some kubernetes clusters we have.  Rather than have a
>> playbook per cluster, we elected to use tags, one for prod, one for
>> nonprod, and one for beta.
>>
>> What I am trying to do, is have task, that if it isn't one of the three
>> mentioned tags ( Prod, Non-Prod, Beta) then it executes, basically
>> outputting a debug message that the only accepted tags are those three.  Is
>> there a way to say something like "If tags !=[Prod,Non-Prod,Beta] then
>> output text"?
>>
>> I was fairly sure that at some point I saw that there was a way to do
>> that, and I can't seem to find the example anymore so any help anyone can
>> offer wold be greatly appreciated.
>>
>> --John
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAMiM3L3uLqzCzrrtoOwhs8e2_sk2wUmXt%3DSrPjJEnWy%2BHN%2B%2B7w%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAMiM3L3uLqzCzrrtoOwhs8e2_sk2wUmXt%3DSrPjJEnWy%2BHN%2B%2B7w%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob80eSNVG5d3XG3vmFKr5LtPE%2B4k0pH8mAHqye3eZyefPw%40mail.gmail.com.

[ansible-project] question about tags

[John Petro]

I have a bit of a problem, and was wondering if anyone has ever done
something like this.  I have a playbook I am working on, where it updates
firewalld rules for some kubernetes clusters we have.  Rather than have a
playbook per cluster, we elected to use tags, one for prod, one for
nonprod, and one for beta.

What I am trying to do, is have task, that if it isn't one of the three
mentioned tags ( Prod, Non-Prod, Beta) then it executes, basically
outputting a debug message that the only accepted tags are those three.  Is
there a way to say something like "If tags !=[Prod,Non-Prod,Beta] then
output text"?

I was fairly sure that at some point I saw that there was a way to do that,
and I can't seem to find the example anymore so any help anyone can offer
wold be greatly appreciated.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_d_GP-4z6E5LvcU3z78ezrXB_P%3DsDgg2WEUrtdEpa95A%40mail.gmail.com.

[ansible-project] Documenting Playbooks

[John Petro]

All,
  we are in the process of switching from another product to ansible at
work.  So we are working on our "how we want to operate" type stuff, to
fill in gaps we currently have.  So, we are documenting roles in a README
with each role, which makes sense, so that you have all the options, etc
right here.  So my question, is do any of you document your playbooks?  If
so how are you organizing that inside a project structure.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_waEnTqQhz1YkO9v_CDaoBZuy2FSrU-K2wPxgDTRuB0A%40mail.gmail.com.

Re: [ansible-project] **Urgent Need ur suggestion expect module

[John Petro]

I did some poking, and one solution I saw, was to uninstall the RHEL
installed version of pexpect, then install the version maintained in
EPEL.The other option I saw, was to run expect directly using the
command or shell module.

I have not tried either of these, but hopefully it points you in the right
direction.

--John

On Fri, Jun 11, 2021 at 5:15 AM Abdulrazzaq shaik <
shaikabdulrazza...@gmail.com> wrote:

> Hi All
>
>
>
> Am trying to use expect module in the ansible, where am getting error to
> have pexpect 3.3 version
>
>
>
> As I have tried to install am able to get pexpect 2.3 version, how to
> install 3.3 as per ansible docs it must be pexpect 3.3
>
>
>
> Below is installed tried to update same it showing as update to date.
>
>
>
>- Upgrade pexpect package version to 3.3
>- Where can I get pexpect 3.3 ?
>- How to install pexpect 3.3 ?
>
>
>
> Redhat linux 7
>
>
>
>
> Regards
>
> Razzaq
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2B5G-C8i-fkDJND%2Bgk%3DvmrVhu0Kr%3D%3Dt5e4XsOkkvu%3Dwuk7MPCA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9KGFxsYxptZ_qdjLTSjZxyjdHQ1WDwFMFVYX3MNYDKxw%40mail.gmail.com.

[ansible-project] ansible become user failing due to shell execution restrictions

[John Petro]

I am running into an interesting issue, and wondered if anyone has hit the
same thing as I have.  We have our sudo configs locked down pretty tight,
and don't allow users to do execute a shell directly using sudo.  So,
basically, things like sudo /bin/sh are not permitted.  I found a 5 year
old stacktrace article with a workaround, and I am not particularly fond of
the suggestion, which was to make a copy of /bin/sh as a different
filename, then tell ansible to use that via the ansible config.  (
https://stackoverflow.com/questions/33529850/ansible-have-sudo-but-no-root)

Has anyone seen this before, and if so, I am curious as to what your
workaround was.

--john

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob91%3DqAwxMYzRi56%2B%2Bwo83JYB-bijMyc%3D-v8U_y6g3ck8A%40mail.gmail.com.

Re: [ansible-project] Ansible Organization - When to split out projects

[John Petro]

Interesting...   I hadn't thought about the versioning thing.  Most of the
stuff we are doing, is either package installs, or basic server
administrative operational type tasks.  We are just getting started using
ansible ( I have been using it for my fleet of Pi's for about 2 ish years
now ), so I don't have a good handle on how many roles we are going to
have.  I would like us to implement some sort of testing environment, using
molecule or some other method as part of this, so hopefully any versioning
issues we hope we can catch in test, but I know that won't be 100%
effective.  I definitely keep going back and forth between a single repo
for all the roles, or a repo per role.

Thanks for the insight, I appreciate it!!

--John

On Thu, Jan 28, 2021 at 9:17 AM William McKenzie 
wrote:

> One repo per role is the general advice, but it does depend a bit. We
> built a body of over 200 roles at my last job, and over time we found that
> managing a 'package' of know good versions got very unwieldy, and people
> had trouble managing their requirements.yml. Our first solution was to
> build a 'bundle' of roles. So, the devops central team published a package
> of all 200+ roles once per PI, and projects just unzipped the whole thing
> into their build folders as part of CI/CD pipeline. In my new job, I'm
> taking a different approach and using a mono-repo of all the roles and it
> seems to be working well. It has a lot to do with who will use the roles.
> In our case, we have a ton of devs who dont have the time or inclination to
> keep track of versions, or deug issues. They just want a bundle that has
> been tested and is know to work.
>
> On Tuesday, January 26, 2021 at 1:21:04 PM UTC-6 jcp...@johnpetro.com
> wrote:
>
>> Thanks!!  There's definitely a lot to think about here for sure.  I
>> appreciate the information!!
>>
>> --John
>>
>> On Mon, Jan 25, 2021 at 5:19 PM Jean-Yves LENHOF 
>> wrote:
>>
>>>
>>> Le 25/01/2021 à 16:03, John Petro a écrit :
>>> > Good morning,
>>> >I am working on setting up an ansible repository, for work.  We are
>>> > going to be using AWX eventually ( sooner rather than later ).  What I
>>> > am wondering, is how people decided to split up their ansible project
>>> > directories. My first thought was to just have a single project with
>>> > all of our playbooks in that but I am starting to question whether
>>> > that is the correct path or not.
>>>
>>> Not so obvious to answer !
>>>
>>>
>>> >
>>> > Along with that, when it comes to source control, are you storing your
>>> > roles in a separate repo per role, or all in one repo.  For myself
>>> > personally ( homelab ), I have a single project, and all of my roles
>>> > have their own repo, but I am not sure how that scales to a larger
>>> > organization.
>>>
>>> One role per repo with version tags !
>>>
>>> Like this you can use version in your requirements file and decide which
>>> version is working for you in your context. Periodically you need to
>>> update versions and make some adjustments to code after testings !
>>>
>>> The more a role is going to be used by different people, the more you
>>> will need a concensus about changes and decide what change can be done
>>> in in a minor and in a major release version !
>>>
>>> Regards,
>>>
>>> JYL
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/b8e10d84-4a41-dc3c-52c8-99433327c2a6%40lenhof.eu.org
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7d172c6b-9253-4937-98e2-c8520455e027n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/7d172c6b-9253-4937-98e2-c8520455e027n%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-eH0g3DbudZKAuD0HqCFm45t7ZRYTXSU41fPrLY3QJow%40mail.gmail.com.

Re: [ansible-project] Ansible Organization - When to split out projects

[John Petro]

Thanks!!  There's definitely a lot to think about here for sure.  I
appreciate the information!!

--John

On Mon, Jan 25, 2021 at 5:19 PM Jean-Yves LENHOF 
wrote:

>
> Le 25/01/2021 à 16:03, John Petro a écrit :
> > Good morning,
> >I am working on setting up an ansible repository, for work.  We are
> > going to be using AWX eventually ( sooner rather than later ).  What I
> > am wondering, is how people decided to split up their ansible project
> > directories. My first thought was to just have a single project with
> > all of our playbooks in that but I am starting to question whether
> > that is the correct path or not.
>
> Not so obvious to answer !
>
>
> >
> > Along with that, when it comes to source control, are you storing your
> > roles in a separate repo per role, or all in one repo.  For myself
> > personally ( homelab ), I have a single project, and all of my roles
> > have their own repo, but I am not sure how that scales to a larger
> > organization.
>
> One role per repo with version tags !
>
> Like this you can use version in your requirements file and decide which
> version is working for you in your context. Periodically you need to
> update versions and make some adjustments to code after testings !
>
> The more a role is going to be used by different people, the more you
> will need a concensus about changes and decide what change can be done
> in in a minor and in a major release version !
>
> Regards,
>
> JYL
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b8e10d84-4a41-dc3c-52c8-99433327c2a6%40lenhof.eu.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8KqQqPZ7kn9Fka-ao7qEYESVe5_CXWwpOg6dt%3DrdLQyQ%40mail.gmail.com.

[ansible-project] Ansible Organization - When to split out projects

[John Petro]

Good morning,
   I am working on setting up an ansible repository, for work.  We are
going to be using AWX eventually ( sooner rather than later ).  What I am
wondering, is how people decided to split up their ansible project
directories. My first thought was to just have a single project with all of
our playbooks in that but I am starting to question whether that is the
correct path or not.

Along with that, when it comes to source control, are you storing your
roles in a separate repo per role, or all in one repo.  For myself
personally ( homelab ), I have a single project, and all of my roles have
their own repo, but I am not sure how that scales to a larger organization.

Thanks in advance!!
--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob9m8QfVtCpc5Okky3G97ovx5ae8JfqKywWGKGXBpL%3DjiA%40mail.gmail.com.

[ansible-project] Running a master playbook against different hosts

[John Petro]

Hey everyone. We are having a weird problem trying to get something to
work, so I thought I might ask the question.  We have two playbooks, one
that deploys a virtual machine in vmware, using the vsphere_guest module.
This playbook, is run using connect_local.  We then have a second playbook,
that does all the initial setup stuff we need for teh host that was just
deployed.

What we would like to do, is have something like a main.yml that calls both
playbooks.  Is there a way to do this, and pass the newly created hostname
to the second host so that it runs against that host?

Basically, the goal, is to run a single playbook, that creates the VM, then
performs all the host specific tasks to the new host.

We have tried setting the hostname as a variable over to the setup
playbook, but ansible doesn't seem to be happy with that one.

Any thoughts here would be greatly appreciated.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-GW_5t2zfe9ZtQKxdfZmYvVwm7JP%3D2o_AQxXaYphC8zQ%40mail.gmail.com.

Re: [ansible-project] Error when trying to run win playbooks after ansible update to 2.10

[John Petro]

Do you know what version of python you are using?  Quick search seems to
point out that people switching to python3 may have had better results.

Here is where I found it:

https://github.com/ansible-community/molecule-ec2/issues/13

which lead me here:

https://github.com/ansible-community/molecule-ec2/pull/14/commits/3321771adda1a3eca2ff15a9412dbc113178881e

Hope this helps

--jp

On Wed, Sep 30, 2020 at 5:59 PM Laurie Wilson  wrote:

> We were using ansible 2.5 running on Ubuntu 18.04.  I was able to upgrade
> to ansible 2.10 and run linux based playbooks.  When I try to run playbooks
> for my Windows hosts I get the following error:
>
> Invalid type for configuration option plugin_type: connection plugin:
> winrm setting: remote_password : Invalid type provided for "string": 321321'
>
> Can someone help me?  I kinda new to ansible.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c1498337-7d88-4c04-850f-2711bb74dc83n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob--A89W6DEw-dfO0KDrTq%2BfrNA9YqyreGF4VEtFnBJ8Eg%40mail.gmail.com.

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[John Petro]

Do you have ssh keys set up between the ansible control node and the host
you are running this against?  If not, you need to specify the username and
password as well.  -u is the switch for user and then you would need -k or
- Kk as well, depending on whether you have sudoers set up to allow you to
execute passwordless root access or not.

On Wed, Aug 19, 2020, 7:18 AM giob...@gmail.com  wrote:

> For sure i'm making some mistake
>
> however the *secure.yml*  file i have:
>
> *- name Secure*
> *  become: yes*
> *   hosts:*
> *   secured*
> *  roles:  -  ubuntu18,04-desktop.cis  (downloaded by github)*
>
> in the hosts file i put
>
> *[secured]*
> *192.168.1.126*
>
> *fatal: [192.168.1.126]: UNREACHABLE! => {"changed": false, "msg": "Failed
> to connect to the host via ssh:"*
>
> but for the user account i  use i don't have any problem to ssh manually
> in that workstation, even without password because i have exported the key.
> however the problems seems that the ssh connection via ansible is not
> permitted. I suppose i have something to configure. but what?
>
> Il giorno lunedì 17 agosto 2020 alle 23:13:07 UTC+2 jcp...@johnpetro.com
> ha scritto:
>
>> Can you post the output with the error message you are getting?
>>
>> --John
>>
>> On Mon, Aug 17, 2020 at 5:05 PM Mauricio Tavares 
>> wrote:
>>
>>> On Mon, Aug 17, 2020 at 4:58 PM giob...@gmail.com 
>>> wrote:
>>> >
>>> > Sorry i made a mistake..i used the command
>>> >
>>> > ansible-playbook path_to_my_playbook.yml
>>> >
>>> > and in the hosts files i added the hostname and then the IP address of
>>> the remote Computer where i want apply the configurations. But does not
>>> work:-(
>>> >
>>>
>>> Below are real files of mine. Only difference is that I changed the
>>> hostname:
>>>
>>> file: hosts
>>> [test]
>>> testcentos
>>> testfedora
>>>
>>> File: host_vars/testcentos.yml
>>> ---
>>> # File: host_vars/testcentos.yml
>>> # OS: CentOS (for now? Make this so it does not care)
>>>
>>> ansible_host: testfedora.example.com
>>> ansible_port: 2022
>>> ansible_ssh_private_key_file: ~/.ssh/ansible-test
>>> ansible_user: root
>>>
>>> File: test.yml
>>> ---
>>> # file: test.yml
>>> #
>>>
>>> - hosts:
>>> - test
>>>
>>>   vars:
>>> # - some_var: "roles/test/handlers/duck.yml"
>>> # - some_var: "wrongability"
>>> - user_test: "Yes"
>>> - file_test: "Maybe"
>>> - string_test: true
>>>
>>>   roles:
>>>   - test
>>>
>>> >
>>> > Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com
>>> ha scritto:
>>> >>
>>> >> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi 
>>> wrote:
>>> >> >
>>> >> >
>>> >> > I'm new of the Ansible World, and for the moment i used just to
>>> hardening some linux systems using every time the command locally:
>>> >> >
>>> >> >> ansible path_to_my_playbook.yml
>>> >> >
>>> >> >
>>> >> > There is a way to run this commant to a remote computer? i tried
>>> adding a remote computer in the hosts files but or i make a mistake or it
>>> does not work
>>> >> >
>>> >> Try
>>> >>
>>> >> ansible-playbook path_to_my_playbook.yml
>>> >>
>>> >> instead
>>> >>
>>> >> > could you recommend some links that can help me? as far i will have
>>> time i will start more in details how ansible works..but now i have to
>>> hader lots of Linux systems :-|
>>> >> >
>>> >> > A.
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>> send an email to ansible-proje...@googlegroups.com.
>>> >> > To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com
>>> .
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>> > To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com
>>> .
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAHEKYV7J%2BGCsSr%3DSA1WFw2tSSR7HPiC8b5D6N_t%3DYYa9a%3DQF2w%40mail.gmail.com
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> 

Re: [ansible-project] Using ansible to hardening Linux Systems Remotely

[John Petro]

Can you post the output with the error message you are getting?

--John

On Mon, Aug 17, 2020 at 5:05 PM Mauricio Tavares 
wrote:

> On Mon, Aug 17, 2020 at 4:58 PM giob...@gmail.com 
> wrote:
> >
> > Sorry i made a mistake..i used the command
> >
> > ansible-playbook path_to_my_playbook.yml
> >
> > and in the hosts files i added the hostname and then the IP address of
> the remote Computer where i want apply the configurations. But does not
> work:-(
> >
>
> Below are real files of mine. Only difference is that I changed the
> hostname:
>
> file: hosts
> [test]
> testcentos
> testfedora
>
> File: host_vars/testcentos.yml
> ---
> # File: host_vars/testcentos.yml
> # OS: CentOS (for now? Make this so it does not care)
>
> ansible_host: testfedora.example.com
> ansible_port: 2022
> ansible_ssh_private_key_file: ~/.ssh/ansible-test
> ansible_user: root
>
> File: test.yml
> ---
> # file: test.yml
> #
>
> - hosts:
> - test
>
>   vars:
> # - some_var: "roles/test/handlers/duck.yml"
> # - some_var: "wrongability"
> - user_test: "Yes"
> - file_test: "Maybe"
> - string_test: true
>
>   roles:
>   - test
>
> >
> > Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com
> ha scritto:
> >>
> >> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi 
> wrote:
> >> >
> >> >
> >> > I'm new of the Ansible World, and for the moment i used just to
> hardening some linux systems using every time the command locally:
> >> >
> >> >> ansible path_to_my_playbook.yml
> >> >
> >> >
> >> > There is a way to run this commant to a remote computer? i tried
> adding a remote computer in the hosts files but or i make a mistake or it
> does not work
> >> >
> >> Try
> >>
> >> ansible-playbook path_to_my_playbook.yml
> >>
> >> instead
> >>
> >> > could you recommend some links that can help me? as far i will have
> time i will start more in details how ansible works..but now i have to
> hader lots of Linux systems :-|
> >> >
> >> > A.
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an email to ansible-proje...@googlegroups.com.
> >> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com
> .
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAHEKYV7J%2BGCsSr%3DSA1WFw2tSSR7HPiC8b5D6N_t%3DYYa9a%3DQF2w%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_kazAXfge0GWW6mHiW_hWqJfK%3D4isZgpUqWdSWdEKBaQ%40mail.gmail.com.

Re: [ansible-project] Tags or Variables, not sure which way to go

[John Petro]

Thanks for the response.  I did see that this morning, but hadn't had a
chance to test it out yet.  I"ll give that option a shot and see if it's
better than the variable method I ended up writing.

--John

On Mon, Aug 17, 2020 at 1:18 PM alicia  wrote:

> Hi John,
>
> The opposite of “- -tags my_tag” is “—skip-tags my_tag” - see the updated
> documentation on tags at
> https://docs.ansible.com/ansible/devel/user_guide/playbooks_tags.html.
>
> You would, of course, need to add tags to your task, block, or play before
> you could select or skip those tags at runtime.
>
> Hope this helps,
> Alicia
>
>
> On Aug 16, 2020, at 3:32 PM, John Petro  wrote:
>
> So I am having an issue about not knowing what the best thing to do is.
> Here's what I am trying to accomplish...
>
> I have the following sanitized tasks:
>
> - name: Set authorized key ( prod)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="Prod control node IP"'
>
> - name: Set authorized key ( test)
>   authorized_key:
> user: ansible
> state: present
> key: "{{ lookup('file', 'ssh public key file) }}"
> key_options: 'from="testlab control node IP"'
>
> The key option specifies that only the ansible control node can use ssh
> keys to the ansible account.
>
> So is there a way to say execute the prod task unless a "test" tag is
> passed?  At the same time, I want to do the opposite with the test task,
> and say only execute if the "test" tag is passed.  (I know how to do this
> second part),
>
> My other option, would be to just set a variable, and I know I can do it
> that way, but wasn't sure if I could do the same thing with a tag.
>
> --John
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2b8b6e09-b998-48fb-9096-00050012e4d9n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/2b8b6e09-b998-48fb-9096-00050012e4d9n%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/801C0B34-637E-411D-B010-D72E0AE9AE72%40redhat.com
> <https://groups.google.com/d/msgid/ansible-project/801C0B34-637E-411D-B010-D72E0AE9AE72%40redhat.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob8C7DUFX6VYXB-Qh8dqBm_64N-ZgJx4bqj%2BE-WMXOxTFg%40mail.gmail.com.

[ansible-project] Tags or Variables, not sure which way to go

[John Petro]

So I am having an issue about not knowing what the best thing to do is.  
Here's what I am trying to accomplish...

I have the following sanitized tasks:

- name: Set authorized key ( prod)
  authorized_key:
user: ansible
state: present
key: "{{ lookup('file', 'ssh public key file) }}"
key_options: 'from="Prod control node IP"'

- name: Set authorized key ( test)
  authorized_key:
user: ansible
state: present
key: "{{ lookup('file', 'ssh public key file) }}"
key_options: 'from="testlab control node IP"'

The key option specifies that only the ansible control node can use ssh 
keys to the ansible account.  

So is there a way to say execute the prod task unless a "test" tag is 
passed?  At the same time, I want to do the opposite with the test task, 
and say only execute if the "test" tag is passed.  (I know how to do this 
second part),  

My other option, would be to just set a variable, and I know I can do it 
that way, but wasn't sure if I could do the same thing with a tag.

--John


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2b8b6e09-b998-48fb-9096-00050012e4d9n%40googlegroups.com.

Re: [ansible-project] setting up a new system with Ansible

[John Petro]

Oh, that's a good idea, thanks for the suggestion.  I hadn't thought about
that one

On Thu, Jul 23, 2020, 2:53 AM Gildas Cotomale 
wrote:

>
>
> Le mercredi 22 juillet 2020 21:37:03 UTC+2, John Petro a écrit :
>>
>> That is pretty close to what I am doing.  The only thing I want to do
>> differently, is that I want to lock the automation account, so that it's
>> only accepted from a specific host.  ( ie. the ansible control node)
>>
>> Just tailor the authorized_keys file to restrict to the control node IP
> and you're done
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6746f6bb-1816-4d8d-84cd-d6bd66771ca0o%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/6746f6bb-1816-4d8d-84cd-d6bd66771ca0o%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-tsQ4zfFvGNbhok4pz5-qk-NPnGB9Pgp8EkyfhEkYUqQ%40mail.gmail.com.

Re: [ansible-project] setting up a new system with Ansible

[John Petro]

That is pretty close to what I am doing.  The only thing I want to do
differently, is that I want to lock the automation account, so that it's
only accepted from a specific host.  ( ie. the ansible control node)

--jp

On Tue, Jul 21, 2020 at 9:23 PM Ed Wong  wrote:

> Hi,
>
> I've played with Ansible before but hadn't really done much in terms of
> maintaining a whole infrastructure.  I'm hoping to restart my foray into it
> in hopes to migrate off of the old way of standing up systems.  I wish to
> migrate to using Ansible to manage the whole infrastructure.  That said,
> I'm starting off simple.  I'm not touching the existing systems.  I have a
> basic control node and just set up a minimal CentOS 7 system.
>
> Here is where i"m a tad bit confused in what I need to do and if someone
> can clarify things, I'd be appreciated.
>
> Is the following process correct?
>
> 1) Log on to Alpha and create a new user, say automation.
> 2) create ssh keys for automation.
> 3) allow automation to have sudo access w/ no password.
> 4) copy ssh credentials to control node.
>
> Is this the very first thing one does for every new system?  (Granted, I
> won't need to create new ssh-keys as I just need to copy the original ones
> to the new system).
> My understanding of this process is that in order to manage any system, I
> need  a user that can have access to said system.  Once I have that user
> set up properly,
> I won't need to even log in manually to do things.
>
> Thanks for the clarifications.
>
> Ed
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a03a88cf-d05a-42b9-81ff-e594085d3b0bo%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-LE-5ji_kYSbMrSfn7o%3DSg9j-OSvqBFYvn9vXXMMxEAQ%40mail.gmail.com.

Re: [ansible-project] Reboot servers strategy.

[John Petro]

Hmm...  I have seen where someone put a delay in the task that does the
reboot.  So you could probably do something like that, to make sure that
the node is back up before moving on, or you could do some sort of check
and register a variable, so that a node would only reboot if that node is
set.

On Wed, Jul 1, 2020 at 6:36 AM Rafael Tomelin 
wrote:

> Hi,
>
> I get all servers from Azure and created inventory in memory by ansible.
> After get server and created inventory, connect in all servers collection
> facts and execute update of servers.  This moment I need to create a
> process to reboot my servers by custom facts.
>
>
> On Tue, Jun 30, 2020 at 4:53 PM John Petro  wrote:
>
>> Are you using ansible to apply updates and reboot now?  If so, what does
>> your current process look like?
>>
>> --john
>>
>> On Mon, Jun 29, 2020 at 3:26 PM Rafael Tomelin 
>> wrote:
>>
>>>
>>> Hi Guys,
>>> I have periodic updates on all RedHat servers at the same time, I need
>>> to create a strategy to restart my clusters because I can't stop my
>>> application and services.
>>>
>>> How to create the reboot strategy server-per-server in clusters?
>>>
>>>
>>> --
>>> Atenciosamente,
>>>
>>> Rafael Tomelin
>>> Tel.: 51-984104084
>>> Skype: rafael.tomelin
>>>
>>> LPI ID: LPI000191271
>>> Red Hat Certified Engineer
>>> Puppet Professional 2017 Certification
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAGEUqbAwBVcpuWsULocMZ2ts4-298wqjmkkEvhRhRSDaFdnHPQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CAGEUqbAwBVcpuWsULocMZ2ts4-298wqjmkkEvhRhRSDaFdnHPQ%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob-WzDS9BXVnGCvhS%3DXS%2B179f7mf-nJEbMQA-5-4_kZtmA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob-WzDS9BXVnGCvhS%3DXS%2B179f7mf-nJEbMQA-5-4_kZtmA%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>
>
> --
> Atenciosamente,
>
> Rafael Tomelin
> Tel.: 51-984104084
> Skype: rafael.tomelin
>
> LPI ID: LPI000191271
> Red Hat Certified Engineer
> Puppet Professional 2017 Certification
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAGEUqbCehhAhS6c-H40Dx5bPLfX5mJEF9Zkc%2BdocnpKnpYB8SQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAGEUqbCehhAhS6c-H40Dx5bPLfX5mJEF9Zkc%2BdocnpKnpYB8SQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-GOCjJF_V_KZo5-YUW77eP9v0Up6nfUdRPSAqKH-8gaQ%40mail.gmail.com.

Re: [ansible-project] Reboot servers strategy.

[John Petro]

Are you using ansible to apply updates and reboot now?  If so, what does
your current process look like?

--john

On Mon, Jun 29, 2020 at 3:26 PM Rafael Tomelin 
wrote:

>
> Hi Guys,
> I have periodic updates on all RedHat servers at the same time, I need to
> create a strategy to restart my clusters because I can't stop my
> application and services.
>
> How to create the reboot strategy server-per-server in clusters?
>
>
> --
> Atenciosamente,
>
> Rafael Tomelin
> Tel.: 51-984104084
> Skype: rafael.tomelin
>
> LPI ID: LPI000191271
> Red Hat Certified Engineer
> Puppet Professional 2017 Certification
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAGEUqbAwBVcpuWsULocMZ2ts4-298wqjmkkEvhRhRSDaFdnHPQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-WzDS9BXVnGCvhS%3DXS%2B179f7mf-nJEbMQA-5-4_kZtmA%40mail.gmail.com.

[ansible-project] Problem with ansible_interfaces and idempotency

[John Petro]

I am having a bit of a problem, and haven't found a way around it, and my
google searches thus far have come up with solutions that haven't worked.


Task:
 i am writing a role to install/manage our iptables rulesets on our linux
servers.  I am creating the file with the rules using a jinja2 template.
Some of our servers have more network interfaces than others,  so I am
trying to use the ansible_interfaces fact to list out the interfaces (
minus the loopback) and have a for loop in the jinja template to create the
rule for that interface.

Issue:
When I run the playbook for a particular host, the first, time everything
looks as expected.  When I run it a second time, the task still gets marked
as "changed" even though nothing has changed.  I do know that the output of
the ansible_interfaces isn't in the same order each time, so I tried using
a sort filter as well, which didn't help.  (see jinja code below)

{% for testinterface in ansible_interfaces|difference(['lo'])|sort %}
Some rule with the interface labled: {{testinterface}}
{% endfor %}

Question:
Am I going about this the wrong way?  Is there a better way to do this so
that idempotency can be achieved?

Thanks for your help on this!!

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob-zc3cfuhSiw%2BP%3DVkC%3Df-N_0wJxE7TqoV9gdaEmhUPZaA%40mail.gmail.com.

[ansible-project] Question about Ansible Directory Layout

[John Petro]

I am in the process of setting up a centralized ansible server for my
organization.  i have been using ansible myself for my home projects for a
few years now,  so I am not really new to the product.  I am thinking about
using the "Alternate" layout, from the Ansible Best Practices page.  Is
anyone using this layout, and if so have you found any issues with having
the playbooks in the root of the project structure, or did you end up
separating them into their own playbooks folder.  We do plan on kicking the
tires on AWX/Tower as well, so when I set this up, I want to try and keep
that in mind.

Any advice you have would be much appreciated.  Like I said, I have used
this for myself, but this is the first time I am setting up an instance for
a multi-tenant environment, so I wanted to make sure I avoid as many
landmines as possible here.  :D  Thanks in advance for taking the time to
respond.

--John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPAjob_7%2BzsnjYy_V9%2BkLBG%2BjCHZnu3nt918tkfckahn0GEF1w%40mail.gmail.com.