[ansible-project] If/when should playbooks manage concerns across multiple hosts / groups?

*Scenario:* Application A needs 1) SSH access to Application B hosts and 2) database privileges to database on Database C hosts. *Solution 1: Application A's SSH access and database privileges managed with Application B and Database C playbooks* playbooks/a.yml --- - hosts: a tasks: ...

[ansible-project] Arguments for/against using vault password files

Hi everyone, I would appreciate hearing peoples' various arguments for/against using vault password files versus manually entering passwords. I've been manually entering in vault passwords as I didn't want to leave keys on my laptop in case stolen / compromised. I've seen posts about

Re: [ansible-project] How to point `vars` to matching `vault_`?

com wrote: > > Confirmed, works! > > Thank you to both! > > >> On Friday, September 23, 2016 at 10:59:51 AM UTC-5, Andrew Feller wrote: >> Within group_vars there needs to be a directory named after the group which >> contains vars(.yml) and vault(.yml

Re: [ansible-project] How to point `vars` to matching `vault_`?

Within group_vars there needs to be a directory named after the group which contains vars(.yml) and vault(.yml) Kai's example uses the group named webservers and works -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from

Re: [ansible-project] Trade offs regarding installing control machine via rpm versus pip

Thanks for the addendum there, Brian! I think though that "require more work and overhead" might be underselling the effort and ongoing maintenance cost of corralling OS distributions for anything but containers. The other significant difference is only the latest version of Ansible is available

Re: [ansible-project] accessing variable defined in a role from another role not working

from standard > variable exposure for roles listed under the rolesheader or import_role as > they are exposed at playbook parsing time, and available to earlier roles > and tasks as well. > > > > On Thursday, 11 July 2019 15:11:26 UTC+5:30, Andrew Feller wrote: >>

Re: [ansible-project] accessing variable defined in a role from another role not working

This behavior is expected. The variables defined in Role A should be scoped for A unless defined within your inventory or any of the other places outside the role that variables are defined. If variables from a role were implicitly available broadly through their declaration, you can have

[ansible-project] Testing Ansible roles with Molecule on OpenShift?

I've spent a few hours digging around for solid documentation on the molecule site or examples of people doing this, however I've come up with nothing definitive. OpenShift documentation

Re: [ansible-project] set, read, and use vars from csv or csv2yml file

Consider creating a custom vars plugin https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html Sent from my iPhone > On Aug 4, 2019, at 10:13 AM, gerard moisset wrote: > > i'm trying to write playbook to downlaod packages from repo. > > here is my try. > > csv data >

Re: [ansible-project] Eliminate /bin/sh -c environment from any ssh command sending.

It might be prudent to study the Ansible modules in source code if you know you need to go this route: https://github.com/ansible/ansible/tree/devel/lib/ansible/modules Specifically the network category as most network devices don’t allow SSH access or have Python installed. HTH, Andy Sent

[ansible-project] Testing whether kubectl/oc context is valid

Does anyone have a novel way to test kubectl/oc login context explicitly in a playbook to fail instead of waiting to lower in roles? I'm familiar with k8s_auth module for handling explicit Kubernetes/OpenShift login, however

Re: [ansible-project] Re: Need Help for REST API integration with Ansible

You really should consider developing a plugin for this rather than twisting YAML to make it happen. Check out https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html for writing this in Python in a way that’s callable from Ansible Sent from my iPhone > On Jul 30, 2019, at

Re: [ansible-project] Ansible callback

Hey Jegan, I’ve had some luck building a custom ansible-runner plugin rather than building a custom callback. https://ansible-runner.readthedocs.io/en/latest/external_interface.html Only other way I know especially high degree of control and visibility Sent from my iPhone > On Aug 5, 2019,

Re: [ansible-project] Best way to organize your playbooks

You might re-examine whether it is appropriate for a role and a playbook as it feels like your playbooks are too heavy. Roles ideally should be reusable logic for a given context you can apply to multiple situations. For example, you might have multiple kafka/mysql/etc clusters for different

Re: [ansible-project] How do I reduce the debug output to just the message with this playbook ?

https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#limiting-loop-output-with-label Sent from my iPhone > On Jul 28, 2019, at 8:55 AM, ryan prihoda wrote: > > > TASK [debug] >

Re: [ansible-project] Re: set, read, and use vars from csv or csv2yml file

If you’re having to write Python code already, you’re most of the way to having a custom plugin. You’re simply doing it in a way that natively hooks into how Ansible works. Sent from my iPhone > On Aug 4, 2019, at 1:08 PM, Dan Linder wrote: > > What is the exact error message you're

[ansible-project] Understanding use cases behind k8s and openshift inventory design

I’ve been working on an Ansible role to facilitate managing OpenShift projects, secrets, etc for applications under the notion that projects correlate to inventory hosts similar to what k8s and openshift inventories generate. I can model inventories of projects across multiple clusters and

Re: [ansible-project] Directory to store ansible's playbooks

Your collection of playbooks, roles, etc can live anywhere on the filesystem you want. Yes, ansible has conventions on specific places on the filesystem it will check, however I think most house their collection where it makes sense for the operators and/or processes they have. Rather than an

[ansible-project] How are your developers managing individual vaults for a given project outside of repository?

I see plenty of commentary on how Ansible vaults can be organized by inventories, however I haven’t heard how developer-specific vaults work for a given project as I wouldn’t want those checked in to SCM not to mention some of the things in said vault would be used in multiple projects. So

[ansible-project] Ansible's plans regarding Python 2 EOL

We've all seen the warnings about Python 2 support ceasing on January 1st, 2020 from various projects including pip for months now. I hoped Ansible blog