[ansible-project] Trouble with ec2_vpc_vgw

I am trying to run ec2_vpc_vgw just to attach a vpc to a vgw (virtual private gateway). The vgw and vpc both already exist. I don't need to create them. Here's what I run: - name: attach vpc to virtual private gateway ec2_vpc_vgw: region: "{{ openshift_aws_region }}" vpc_id: "{{ vpcout

Re: [ansible-project] Trouble with ec2_vpc_vgw

My reasoning on that was that I don't need to set up a whole VPN connection. It's already set up. I just need to attach the VPC to the gateway. But maybe you're right. It's hard to tell from the documentation on docs.ansible.com. -- Todd On Friday, August 3, 2018 at 6:31:16 PM UTC-4, Karl Au

[ansible-project] AWS Playbook says "NoCredentialsError: Unable to locate credentials"

** A heads up: the following post is very detailed, and I eventually figured out the problem. So if you're not up for wading through it, that's cool. I have an Ansible playbook that I'm trying to run. It creates an AWS VPC, so it requires AWS credentials. I've set up a couple of environment va

[ansible-project] Explain ec2_group module rules section?

I don't understand the rules section of the ec2_group module. I wish the documentation explained it, but it doesn't. I says "see example". The description right now, Ansible 2.6, is: List of firewall inbound rules to enforce in this group (see example). If none are supplied, no inbound rules wi

[ansible-project] Re: Updating an IAM cert

On Friday, May 19, 2017 at 1:09:43 PM UTC-4, Josh Smift wrote: > > We uploaded an IAM cert to AWS, and now need to update the certificate > (the contents). On the theory that a lost of this stuff is idempotent, I > thought this task, which we used to upload it in the first place, would > work to

Re: [ansible-project] How to validate the results for with_items?

You probably want a pipe before "list" and after the parens. -- Todd On Monday, August 27, 2018 at 2:43:26 PM UTC-4, Brian Coca wrote: > > Just use the jinja2 filters that operate on lists: > > failed_items: '{{ output.results|selectattr('failed', 'equalto', True)list > }}' > > > -- > --

[ansible-project] Re: Why does Ansible not run under Windows hosts natively?

I'm not an Ansible developer, so I can't speak for the project, obviously. But I'd guess the reason is that Ansible uses a whole lot of things that are found only in Unix/Linux/BSD operating systems. As a very basic (and fundamental) example, SSH isn't typically available on Windows. Ansible not

[ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

I've run a playbook that creates an EC2 instance. The AMI used to create the instance is using CentOS and installs an SSH key so that I can ssh in as username "centos" without a password. It works fine. But now I've created a subsequent playbook that configures the new server. One of the things

[ansible-project] Re: Same host in multiple host groups

What is the play that uses ssl_certs_dir? -- Todd On Tuesday, August 28, 2018 at 9:12:40 AM UTC-4, payam@divider.net wrote: > > Hi, > > I am experiencing something similar to this issue Ansible group_vars from > inventory don't support repeated hosts >

Re: [ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

The public keys are already there, since it's re-using the /home/centos directory. But it's not using those keys when logging in as the new user, the keys that are (theoretically) in the new user's home directory. -- Todd On Monday, August 27, 2018 at 4:18:52 PM UTC-4, Jonathan Lozada De La Ma

Re: [ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

Interesting. I know that SSH is strict about the permissions applied, but I've never heard of it checking the owner/group of the files. -- Todd On Tuesday, August 28, 2018 at 10:00:38 AM UTC-4, Kai Stian Olstad wrote: > > On 28.08.2018 15:49, ttw...@gmail.com wrote: > > The public keys are al

Re: [ansible-project] Created Users on EC2 Instance, Now I Can't SSH There

Okay, I get that. I actually hadn't thought about that aspect of it. But there's still a couple of things that don't make sense to me. One is that the authorized keys file is still read-writable by the "developer" group, which the existing user *and* the new users are in. And that's the only on