robinwhen running ansible -i ec2.py -m ping 'tag_Name_stagingBastion' I get: https://pastebin.com/xJRGkQ3a
robinBut I can use python ec2.py --list and it works
flowerysongBut can you run ec2.py directly? Running it via python and executing it directly have different permission requirements.
agaffneyrobin: you likely need to 'chmod a+x ec2.py'
robinyes that was it. Sorry :). Thanks!
robinI'm modifying an ansible playbook to be able to use dynamic inventory with aws. As it is now the playbook is ran on "hosts: WebApp" which is an inventory group that is set manually. How can I make this dynamic to use aws instances which has the tag WebApp instead?
Ashyrobin: you might not have to change it, if you run the aws dynamic inventory script with "--list" you will see all the instances and their tags: http://docs.ansible.com/ansible/latest/intro_dynamic_inventory.html#example-aws-ec2-external-inventory-script
robinAshy: ok, so how can make a playbook run on some hosts which have a tag?
Ashyi havent used dynamic inventories with aws yet but with azure in the provision playbook i specify the following on the instances:
Ashytags: \n role: somerolename
Ashyand then in the configure playbooks later to specify those matching hosts:
agaffneyrobin: the ec2.py script puts hosts in groups of the form tag_<tag name>_<tag value>
agaffneyso if you have an instance with tag 'foo' with value 'bar', you could do 'hosts: tag_foo_bar'
Ashyhosts: role_somerolename
robinwow, amazing. That's so convenient :)
robinthanks guys!
iintheskyPraxi -- if your running ansible-pull with your repos as you said.. what does your command line look like?
PraxiWe use jenkins to pull the repo's, sorry @iinthesky
Praxisorry
iintheskyPraxi -- do you understand git very well?
robinI'm running ansible from my localhost accessing a bastion host, when using the ansible ec2 script I only get the public bastion host. Is there anyway to get the private instances to without running ansible on the bastion host?
Aluminis there a reliable way to reboot a server without generating a failure on the task? I know about "async" and the "sleep && shutdown" trick, but none of that works (they all successfully reboot, but they all make the task fail, thus invalidating any post-reboot followup tasks)
mackermanrobin: You can connect with a jump host once you manage to get them in inventory. http://docs.ansible.com/ansible/latest/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to
robinmackerman: how would I get the bastion host in the inventory after the playbook has started? Also ec2.py is used as inventory.
mackermanAlumin: ignore_errors: True
mackermanAlthough, completly ignoring errors may mean your reboot command failed and it continues anyway.
Aluminmackerman: that doesn't work...that will only suppress "procedural" errors like failure conditions. It won't stop a failure that's due to a connection drop
Alumin(that's the first thing I tried :))
mackermanrobin: I don't know, I don't use cloud inventory.
robinmackerman: ok, thanks alot!
mackermanAlumin: Then try not shutting down now, but something like "shutdown -r +1"
Aluminyup, tried that too :) gimme one sec, I'm working on a pastebin with all the info
mackermanReboot has long been hacky, its not graceful how it disconnects and there's usually no way to know it comes back to to poll.
mackerman (On not-Windows, although I haven't really tried win_reboot module)
Aluminhttps://bpaste.net/show/e6dcafc1f81b
Aluminit's like Ansible is ignoring async
Aluminwhat it should be doing, as far as I can tell, is invoking "/bin/sh -c" with my command line and backgrounding it with no delay ("async: 0") but instead it's waiting around for the sleep to elapse, then running the shutdown command, then trying to establish a new SSH connection for some unexplainable reason, which fails because the shutdown command closes new logins. When this second SSH...
mackermanUnrelated to anything, you can print arbitrary things like so: "- debug: var=server_reboot"
Alumin...connection fails, it chokes and fails the step
Aluminyeah, for this that would work. I got in the habit of using with_items because if you need to print a value for a whole list of hosts (especially if it's something short like the output of uptime) the with_items trick is _much_ prettier
Praxiyou need a local action
Praxiyou are trying to run a command against something is down
Praxisee local_action on this page https://docs.ansible.com/ansible/latest/playbooks_delegation.html @Alumin
Aluminoh snap you're right. I was doing different permutations earlier and the actual reboot step was failing, but in what I pasted it's the output step that's failing
Aluminno, no I totally know what you're talking about, I just spaced
Praxiroger, its late :)
Aluminand since I'm using my clever with_items trick instead of debug, it's running it on the server
Aluminor not running it, as it were
Alumincurse you cleverness!
Aluminhmm so maybe the sleep trick worked after all
mackermanHuh, so debug vs. command for that output would matter.
Aluminwell, if I had delegated the command to localhost it still would have worked
Alumin(assuming I'm running a local sshd)
Aluminor if you delegate to localhost does it actually use SSH? never actually tested that
Alumin'cause obviously I run SSH on my workstation, I'm not some kind of filthy casual
mackermanIts interseting seeing the evolution of this pattern. https://stackoverflow.com/questions/29955605/how-to-reboot-centos-7-with-ansible
Aluminno, sleep by itself still doesn't work. So I didn't completely hallucinate the last 30 minutes. Once the box comes back up I'll try "shutdown -r +1" instead of "now" and see how that works
Aluminyeah, that's one of the best resources on the subject
AluminI still say async by itself should do the trick, but it demonstrably doesn't so here we are :)
mackerman s/resources/people with their own slight varient on the hack/
mackerman* variant
Aluminwhen it's as hacky as this, that's what a "resource" is heh
maldridgeis there a way to suppress AnsibleUndefinedVariable errors for a particular template?
maldridgeI have a large nested dictionary and all of my template entries have defaults
Aluminhere's a fun fact: server broadcast messages (e.g. what you get with wall(1) and what the shutdown command generates) generate warnings in Ansible about "junk after the JSON data". I guess ultimately it's just showing up on stdout. I wonder if it's theoretically possible for Ansible to juggle FDs to prevent that situation
Aluminnot terrible since it's just a warning, which I guess you could suppress, but what if the junk data happen to _be_ JSON (and what if they show up first)?
Aluminwhat if I use wall in some kind of obscure yet deviously clever race condition to inject alternate JSON?
infra-guyhey folks, I am wondering if anyone is quite familiar with Ansible vault and could answer a question for me.
eruditehermithey, how can I see which version of python ansible is using and how can I set it?
infra-guyWith regards to ansible vault, I am wondering if you have a vault encrypted string is it possible to use that string without requiring a vault password, I noticed that a vault file can be used but I assume it would require that the vault password be kept in clear text which would defeat the purpose of the security. What is the best way to configure a fully secured playbook run so that anyone
infra-guycan run the playbook but not have to have the credentials? Or is there?
maldridgethe fundamental principles of crypto state you can't get away with that one infra-guy
maldridgeif you have the ability to deploy secret content then you have access to the secrets themselves, you could maybe get away with it by using Tower/AWX, but that is really just moving the problem somewhere else
infra-guyThanks Maldridge, I've been struggling with this one especially if you want things to be automated but at the same time not have access to the secrets (for security of course)
maldridgesounds lke you want AWX then
maldridgethe way you solve this problem is by not having any single person do the push, but rather have your infrastructure do the push. ofc ability to make config changes to hosts is effectively full root and a dedicated actor could still get the secrets again
Arahaeleruditehermit: The defautl is /usr/bin/python, but it can be overriden in the inventory file.
eruditehermitArahael: I was googling and they said if I install via pip it would use /usr/local/bin/python that isn't happening. I tried overriding in the inventory but it still ended up using /usr/bin/python
eruditehermitArahael: I followed this page: https://www.zigg.com/2014/using-virtualenv-python-local-ansible.html
jborean93euditehermit: if you are running ansible it will use whatever is in the path (or the venv if activate), when running a module through SSH it will use `/usr/bin/python` unless it has been overriden
jborean93what issue are you having?
jborean93there was an issue with 2.4 where running on localhost with `localhost` defined in the inventory it won't use the current one but I believe 2.4.2 fixed that issue
eruditehermitjborean93: It is using /usr/bin/python but my /usr/local/bin/python has the correct boto3 lib installed. It isn't finding it.
jborean93and you are trying to run the tasks on localhost?
eruditehermitjborean93: yes
jborean93cool, you should be able to just set `ansible_connection=local` in your inventory for localhost if you have it set
eruditehermitjborean93: I'm using the s3 module to run aws commands on localhost
jborean93If you run with `-vvv` it will tell you what Python is being used to run the module
eruditehermityeah it's using the wrong one
eruditehermitlocalhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
eruditehermitso some things need to run on remote hosts
eruditehermitbut the s3 module needs to run on localhost
eruditehermitlets say task 1 runs on localhost but task2 needs to execute remotely
jborean93ok, so in your inventory you should set `[localhost]\n127.0.0.1 . ansible_connection=localhost` and in your task, put `delegate_to: localhost`
jborean93see if that works
jborean93please ignore the `.` i had between the ip and ansible_connection it shouldn't be there
eruditehermitjborean93: ah, it's working now. This is kinda wonky because it makes it hard to write something that works with both mac and Linux
eruditehermitjborean93: thank you!
jborean93you shouldn't need that entry but 2.4 had a bug where a connection set for all hosts would also be applied to the implicit localhost. This should work regardless of OS though so it's best to keep it set
Guest72929>>> youtube.com/watch?v=X8qL6cAI0zQ
ArahaelSpammer.
Alumin!ops spammer (don't know if that works in here but it's worth a go I suppose)
xmjunlikely
xmjbut maybe jborean93 is still around
jborean93can you still see the post now?
jborean93sorry I'm pretty fresh to IRC so not 100% on the commands
xmjthe post doesn't vanish (that's IRC), it's about getting rid of the poster :)
xmjjborean93: https://meta.wikimedia.org/wiki/IRC/Instructions#Channel_operator_commands
jborean93thanks xmj
xmjnp
DalekSecjborean93: If I may ask, what client? There's certain scripts that can make it easier to manage.
jborean93irccloud for me
jborean93other people use different things though
DalekSecAh, yep no ideas for that one. :)
dinJust started using irccloud on my phone. irssi on my laptop.
Aluminok I'm off...thanks for the help earlier mackerman / Praxi :)
robinI got the dynamic inventory to get all the hosts for aws. The problem now is that I need to add the bastion host to .ssh config to make all the private hosts tunnel through the bastion host. Does ansible have an easy way of adding this dynamicly when the playbook has been started or do I have to add it with a bash script before?
coleHi
coleI'd like to execute a command through ansible.
coleI'd like to execute a command at remote server through an ansible.
coleBut it doesn't work.
coleWould you help me?
coleThe command is: ansible -i delivery-private-api "local" -m command -a "/home/deploy/workspace/delivery-migration/gradlew desc"
coleThe command just runs "/home/deploy/workspace/delivery-migration/gradlew desc"
coleWhen I set a command like "/home/deploy/workspace/delivery-migration/gradlew", It works.
coleBut, Adding an argument case is not work.
Pistahhcole: are you sure? try running something simpler, -a "echo moo"
ramesh132Hi Ansible Experts, quick question ... using ansible playbook how to copy module a file from server to the localhost ?
ramesh132Will that be possible ? How to do so ? Any advise or direction ?
jborean93ramesh132: you are pretty looking for the fetch module http://docs.ansible.com/ansible/latest/fetch_module.html
cole@jborean93 Hi.
coleCould you help me? I have a problem.
jborean93Hi
jborean93I'm not 100% sure how commands work on unix, but you might be able to get it to work with the shell module instead
coleUm
coleThen
coleShould I use a shell module?
coleShould I have to use as shell module?
jborean93give it a try
jborean93I've been able to run a gradlew script in Ansible before but it was ages ago
coleOk. Thank you It mighe be a solution .
coleThnanks jborean93!
pierreactHello everyone, I have a question about json_query and JMESPath, I have a data set like this: https://pastebin.com/22L02R7H and I try to find the auth_type of the server with a given inventory_name. For this, I use this query: *.[?inventory_host == 'test_media1'].auth_type which returns nothing. If anyone has an idea or even a pointer, I'd very grateful, thanks.
badtechstuff(dataset|from_json).mse01.auth_type <= will this work?
pierreactNo, because I cannot know mse01
pierreactI only know inventory_host
pierreactWhich is why I turned to the json_query filter as per http://docs.ansible.com/ansible/latest/playbooks_filters.html#json-query-filter
dummyshello
dummysquestion about line in file, I'm trying to capture "options" in the kernel line and append some parameter to it
dummysbut my regexp doesnt seems to capture the correct groups
dummysregexp='(^options.*)$'
dummysthis is my regexp and then my line: line='\1 myotherparams'
badtechstuffdummys: Is there a kernel opts module?
badtechstuffOr you are using sysctl.conf ?
pierreact@dummys, Why the dollar sign if the wildcard takes anything till end of line?
badtechstuffdepends on what's needing to be changed. I use the sysctl module
dummysyou are right pierreact
dummysbadtechstuff: it's a line in systemd-boot config file
dummysbadtechstuff: I just have a script to create swapfile and add it to the kernel line
dummyslike this:
badtechstuffI don't think you'll need the ()
dummys- name: Get the swap offset for kernel
dummys shell: filefrag -v /swapfile | awk '{print $5}' | awk 'FNR == 4 {print}' | sed 's/.$//'
dummys register: swapoffset
dummys- name: Set the resume offset in kernel
dummys lineinfile: dest=/boot/loader/entries/arch.conf
dummys regexp=(^options)
dummys state=present
dummys line="\1 resume=/dev/mapper/{{ fs.root }} resume_offset={{ swapoffset.stdout_lines }}"
dummyssee what I mean
badtechstuffah
dummysmy idea is to grab the swapoffset and add it to the resume_offset
dummysthe grabbing script is working
dummysit's just the regexp stuff no working
dummysso I think I need the () for grouping
dummysto capture it and reuse it in line=
badtechstuffI'd use just line: "options .."
dummysno
badtechstuffinstead of using the regex lookup?
dummysbecause you will not capture old params right ?
dummysI dont want to replace, I want to append to the options line
badtechstuffbut your replacing, not appending
dummyshmmm
dummyscan you help me then ?
badtechstuffwhat's the original line look like?
tr0uba_xycould it be that the sytanx is regexp: '(^options.*)$' ???
tr0uba_xyno equal sign
dummyshmm original line looks like this
dummysoptions cryptdevice=UUID=myuuid etc
dummystr0uba_xy: it's like this when you use no - name etc
dummyslike - lineinfile:
badtechstufftry indenting under 'lineinfile:' using ":" for each opt
dummysit will change nothing
badtechstuffalso verbose modes could show more
dummysok I will try verbose mode wait
dummysit didnt show the captured group
dummysoh
dummysdo I need to use this
dummysUsed with state=present. If set, line can contain backreferences (both positional and named) that will get populated if the regexp matches. This flag changes the operation of the module slightly; insertbefore and insertafter will be ignored, and if the regexp doesn't match anywhere in the file, the file will be left unchanged. If the regexp does match, the last matching line will be replaced by the expanded
dummysline parameter.
dummysI think I need the backrefs=true parameter
dummysto capture groups
dummysbut then how to debug if the regexp match ?
dummysuseing -vvv it showes nothing
dummyslike this example
dummys# Yaml requires escaping backslashes in double quotes but not in single quotes
dummys- lineinfile:
dummys path: /opt/jboss-as/bin/standalone.conf
dummys regexp: '^(.*)Xms(\\d+)m(.*)$'
dummys line: '\1Xms${xms}m\3'
dummys backrefs: yes
dummysok working
halberomdummys: please use a paste/gist site for multiline code
dummysok
leitzIs it possible to set a var in a playbook, have a task check for a directory with that var, and if the directory exists to stop?
halberomyes
tuxick:)
halberomleitz: e.g stat or find module, followed by an assert/find/meta module
leitzhalberom, thanks! I'll have to read up on the assert, find, and meta modules. Will let you know what I come up with.
TuxmeHello
TuxmeI want to import_play┬┤s. Can i asume the if one imported play fails the next wont be executed?
halberomyes
Tuxmehalberom: thx.
pierreactRepost: Hello everyone, I have a question about json_query and JMESPath, I have a data set like this: https://pastebin.com/22L02R7H and I try to find the auth_type of the server with a given inventory_name. For this, I use this query: *.[?inventory_host == 'test_media1'].auth_type which returns nothing. If anyone has an idea or even a pointer, I'd very grateful, thanks.
ansiblethisdoes anyone know the best place to put ec2.ini and ec2.py? there not great guidance on this. also is it best to be gitt'ed
jborean93ansiblethis: I kept them in a folder called `inventory` and then ran my playbooks with `-i inventory`. I also kept it in version control as well
halberompierreact: afaik that's not currently possible, see also https://stackoverflow.com/questions/41579581/filter-object-by-property-and-select-with-key-in-jmespath
pierreactActually, I found
pierreact@halberom: *|[?inventory_host == 'test_media1'].auth_type
pierreacthalberom, Note the pipe instead of the dot.
pierreactthanks for your attention :)
halberomhuh, interesting
halberomnice find
JustASlackerI try to disable nfs common like this: service: name=nfs-common enabled=no state=stopped
JustASlackerthis will always be in state "changed" tho.
JustASlackerits yellow
JustASlackerI dont understand why
halberomthe init script is not designed well
halberomtry running it manually, and check the output and rc result. you can use ansible's changed_when to modify whether it 'actually' changed.
JustASlackergah
JustASlackerok
halberom(that's assuming something else isn't starting it, so you are actually stopping it every time)
KyrremannHi all. Throwing out a question here about maven_artifact, before I make an issue on Github.
KyrremannWhen I try to download a SNAPSHOT version, spescified with timestamp and buildnumber, I get a 400 Bad Request error, because maven_artifact builds up the variable wrong. It looks like it's missing a "is_snapshot" key in the ansible config. Any thoughts?
KyrremannSee below for a longer example.
Kyrremannmaven_artifact:
Kyrremann extension: zip
Kyrremann classifier: standalone
Kyrremann group_id: "com.artifacts-my.{{ component }}"
Kyrremann artifact_id: "{{ component }}-assembly"
Kyrremann version: "{{ version }}"
Kyrremann repository_url: "https://my-artifacts.com/repository/{{ maven_repo }}/"
Kyrremann dest: "/home/{{ component }}/{{ component }}-assembly-{{ version }}-standalone.zip"
KyrremannGives me an URL that Nexus dosen't support:
Kyrremannhttps://my-artifacts.com/repository/maven-snapshots/com/my-artifacts/component-integration/component-integration-assembly/1.36.1-20171130.110803-12/component-integration-assembly-1.36.1-20171130.110803-12-standalone.zip
KyrremannNexus returns:
tumblewhat value does version have?
Kyrremannits "1.36.1-20171130.110803-12"
Kyrremannso I think the main problem is that it thinks that it's a normal version
asydappend -SNAPSHOT ?
Kyrremannhum...that may work, but I'm afraid I would end up with "1.36.1-20171130.110803-12-20171130.110803-12"
tumblecan you put the supposedly broken URL next to a working one so I can see the difference, please? put it on dpaste or something
Kyrremannok
Kyrremannhttp://dpaste.com/34KVP7R
Kyrremannthere you go
KyrremannI can also make a populated ansible-example
Kyrremanninstead of the substition variables
tumblefor a possible github issue that would be nice, yeah. I understood the problem and gonna have a look at the logic if I can easily spot the issue/a workaround
tumbleelse I'd vote for the issue
Kyrremannthanks!
tumbleI never had the use-case myself, that I needed a specific snapshot version. Only used latest in that case.
tumblesuch specific versions I only have with releases and then they're more semver-like and not with -SNAPSHOT suffix :)
Kyrremannwe're not 100% sure we need the use case, but we found it when we asked Nexus for latest snapshot, as it gives us a specific version
KyrremannI think the problem is with this line in the code: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/packaging/language/maven_artifact.py#L218
Kyrremannas it only validates SNAPSHOT's as versions ending with "-SNAPSHOT"
tumbleyeah it's quite optimistic to see that SNAPSHOT suffix in there :s
Kyrremannhehe, true
tumbleoh but looking at the maven-metadata of my snapshots now
tumblein there, you have the version written as 1.0.15-SNAPSHOT
tumbleand in that folder there are the artifacts with the timestamp
Kyrremanntrue
tumbleso I guess you can request the latest thing of a certain snapshot version
tumblebut not drill down to the timestamped one
Kyrremannthat's how maven_artifacts manage to get the latest snapshots
Kyrremanncorrect
tumblethe relevant question would be
Kyrremannthe "simple" fix is to as a argument that says it's a snapshot, and then just split the version on "-", and add "-SNAPSHOT" the first part of the URL
Kyrremann*have a argument
tumblecan you do what you want, when using maven on the command line, using the dependency:copy plugin or whatever
tumbleif yes - then maven_artifacts should also support that. If not, I'd argue that this is not how maven works :)
Kyrremannhum...that's a good point!
KyrremannI'll try that first
tumblethinking about it, with such precise information about the version, there's no point in using the maven_artifacts at all. Its benefit is that it's parsing the metadata for you etc. You might just as well use the get_url module with a parametrized url
tumblebecause you got all the parts (it also supports auth)
Kyrremannhum...haven't thought about that at all
Kyrremannbut true
tumbleyou could wrap that in a role with two cases, such specific version and the usual way
admin0hi all .. my ansible_hostname is in the format : host-domain-ext .. how do i rewrite it in the template as host.domain.ext ?
tumbleadmin0, checkout the regex_replace filter
Kyrremannsounds like a good idea tumble
loekentumble, if you do a hostname -f on the system does it show host.domain.ext ?
tumbleloeken, yup
loekenthat is odd ;)
tumblebut I actually have no idea where it takes that info from
loekendo you do gather information?
tumbleI just tried on another system and got localhost
loekeni thought it gets it through hostname -f
tumbleit's for sure not coming from /etc/hostname
loekenthe hostname is whatever you set in /etc/hostname
loekenand the fqdn then is generated based on what you have in your /etc/hosts
loekendo you maybe have a hosts entry with "-" in them?
tumbleloeken, http://dpaste.com/3S0P0S5
tumbleit seems to take the first entry for 127.0.0.1
tumblethat's localhost on the machine on which I tried
ilivwhy would I be seeing this error: https://dpaste.de/Ooa8/raw ? this playbook has been run against dozens of various hosts in different environments, runing different Linux distributions, including RHEL 7 as is in this case, and it always worked without any problems. until now that is. the problem seems to be happening on control machine?
tumbleloeken, oh even more weird - I just tried on the machine which probable resolves hostname -f to my fqdn. There in /etc/hosts at first comes 127.0.0.1 localhost followed by 127.0.1.1 <correct fqdn here>
elricsfateAnyway to make ansibles output on errors not look so crappy?
petn-randalliliv: Same ansible version? Same dependencies?
elricsfateIt's often almost completely unreadable
agaffneyiliv: the only time I've seen an error like that is when I was screwing around with doing ssh+chroot with ansible
ilivpetn-randall, yeah, same ansible version. same playbook. same environment of the control machine. only different remote/managed environment/hosts.
agaffneyelricsfate: there are different stdout callback plugins. setting ANSIBLE_STDOUT_CALLBACK=debug may do what you want
petn-randallelricsfate: If you add a few -vvvv, it should output the full error in multiline output.
elricsfateagaffney: petn-randall Any reason NOT to do that?
elricsfateSeems like it should be default behavior
petn-randallelricsfate: It is a *lot* more verbose, not everyone wants to scroll through pages of output per task.
agaffneythe default task output is in the form of JSON, which can be hard to read when there's a lot of text
elricsfateagaffney: So this is a different setting than the one mentioned by petn-randall ?
agaffneyyes
elricsfateThanks agaffney
elricsfateWill take a look
elricsfateAlways appreciate the help when I ask a question here
elricsfateYou're often one of the first to answer
elricsfateNot sure why you aren't voiced :P
loekentumble, check query
elricsfatehttps://docs.ansible.com/ansible/devel/plugins/callback.html
elricsfateThis is a really cool feature
elricsfateIs it possible to use multiple callback plugins?
elricsfateIt says you can only have one as the "main manager"
elricsfateBut that would seem to entail that you could have another callback plugin
halberomelricsfate: yes - http://docs.ansible.com/ansible/latest/intro_configuration.html#callback-whitelist
Kyrremanntumblr: I manage to download the specific snapshot-version with maven-dependency-plugin:get
Kyrremannhttp://dpaste.com/1AKMP6W
KyrremannSo I would say there is something missing/wrong with maven_artifact
KyrremannI'll create an issue, and start looking at making a pull request
leitzCan you use a "when" with a block?
halberomyes
leitzhalberom, I'm getting a yaml syntax error here. https://github.com/LeamHall/Ansible_Test/blob/master/playbooks/deploy_tomcat.yml#L66
halberomindentation is wrong
leitzTried indenting the code under the block, to no effect.
leitzSet them in another 2 spaces.
leitzAh, indent the when
halberomwhy worry about the code under the block? your error is on line 66
loekenwhen has to align with block
halberomleitz: easier to see the problem if you move the when to between name and block
leitzSorry, "indented the code under the block statement"
Adri2000what's the best way to exclude a pattern using the find module? would like to match all *.tgz files except those containing "foo"
halberomi'd filter them outwards
halberoms/outwards/afterwards
Adri2000halberom: using a jinja2 filter you mean? which one?
halberomreject springs to mind
Adri2000thanks
nixhedthis question may be really noobish but curious if anyone does day to day ansible on a windows10 machine? I've been running on a mac until a few months ago and now I'm in a VM. Just wondering if there is an easier way
halberomas controller?
nixhed@halberom. Yes (I realize bash on windows/cygwin or something necessary)
arturmartinsHello here. I am trying to combine inventory directory and combining one ini file with all the hosts (a list with only host_name ansible_host=IP and no groups) and using groups_vars to create groups and host_vars to specify variables to each host. Unfortunately, I am unable to target any group.
halberomnixhed: i imagine that cygwin or ubuntu on windows or something would be necessary, no guarantee. i'd probably stick with a vm
arturmartinsis there a way that I can see which inventory files were loaded when running a playbook?
nixhedlikely will be moving to a cloud instance anyway for this kind of stuff but just curious
halberomarturmartins: the group has to be defined in your inventory file(s).
halberomarturmartins: having a group_vars/ file means nothing if you have no host added to the group.
halberom(except in the case of group_vars/all, because all hosts are automatically in that group)
arturmartins@halberom: perhaps this would help to illustrate how I am doing it https://pastebin.com/axy3Pun2
boutcheee520hey everyone, I had a question that I believe I know the answer to but just wanted to confirm. I have a monthly Linux patching role. It performs the simple yum update, reboots the server then executes some post_tasks to ensure services are up and running as expected. This is running in serial, so one server at a time. My question is, if for some reason one server fails to come up then will Ansible fail hard and
boutcheee520completely quit? Not attempting to proceed to the next server in the list. Or will Ansible fail for that server but then continue onto the other ones?
boutcheee520there are no ignore_errors since it would be for production use
halberomarturmartins: you also can't have nested groups like that. the way ansible works is it expects you only have group app-demo, which will get vars from all files in the folder
halberomarturmartins: perhaps also show your hosts file contents
boutcheee520or do I need use a fail module that will force Ansible to stop running if a certain task does not work correctly?
halberomi've not tried max_fail_percentage with serial, but you could give it a go
mario_anyone ever experimented with dynamic playbooks where you dont know ahead of time how many roles youll load?
leitzI try to keep my playbooks simple so others can use and expand them. With "clarity" and "ease of use" as parameters, how would you improve: https://github.com/LeamHall/Ansible_Test/blob/master/playbooks/deploy_tomcat.yml
aliasHello I'm trying to delegate to a group of hosts like so: delegate_to: "{{ groups[rabbitmq_group] }}"
aliaswhy do I get an error:unhashable list?
aliasI already have a with_items statement in that task so I cannot use that
arturmartinshalberom: this is what I have https://pastebin.com/0Dh4Kp4T
arturmartinshalberom: missing `:` at the end of the hostnames in app-demo-(web|worker).yml
halberomarturmartins: so your hosts aren't in any groups
halberomarturmartins: might pay to (re-)read http://docs.ansible.com/ansible/latest/intro_inventory.html#id6
robinwhen I set a groupname in an ansible hosts file to f.e [bastion] 10.10.10.10. And then in the ssh config file make an entry called bastion do they connect somehow?
halberomalias: afaik you can't delegate to a list
bcocarobin: no, as ssh has no clue about ansible group names
bcocarobin: it would match on hostnames/ansible_host passed though
guillemsolaHi, did some recent installation on ubuntu1604. On a recent one got this error almost following the same procedure
guillemsolaERROR! Unexpected Exception, this is probably a bug: 'module' object has no attribute 'SSL_ST_INIT'
guillemsolalooks really like a bug worth to report it?
robinbcoca: ok, thanks!
halberomguillemsola google foo suggests that's a pyopenssl error
guillemsola@alberom seen it but what could I do?
guillemsoladue to this issue I've decided to ping in IRC first https://github.com/ansible/ansible/pull/28905
petn-randallI'd like to do "import_playbook:" + with_items + when: clause. Apparently import_playbook doesn't work with with_items. Any way around?
sivelguillemsola: Ansible v2.4.2 was released yesterday, I believe your bug may go away if you upgrade
guillemsolaI'm on 2.4.2 already
guillemsolaactually tried to do pip install --upgrade pyOpenSSL
guillemsolaand now it works
guillemsolaso funny
MarbugHi, I'm using the lxc_ssh modules you can find through google. But for all those connection_plugins I'm getting the following error on alpine and gentoo: https://apaste.info/JGWb
guillemsolasivel, I've just left a comment to you to a recent github issue from someone with a similar issue :)
MarbugIs this an error which could come from ansible originally? As I can't find what I'm doing wrong, it is quite short their readme, so I don't see much which can be done wrong
robinI'm using a custom ssh config file with a bastion host in my playbook directory but it doesn't work. When I use the default .ssh/config it works. Does it have something to do with the "ProxyCommand ssh bastion -W %h:%p" command?
robindoes the ProxyCommand try to use bastion from .ssh/config instead of the custom ssh config file?
MarbugI'm earching for an lxc connection plugin to manage lxc-containers on remote hosts. Up until now I have being searchng for weeks and still can't find any working one. All those I find are for older versions. I can't imagine there arn't any to manage lxc? As the lxc_container is already so poor to use..
MarbugOr is everyone quitting lxc or something?
JustASlackerna
JustASlackerthey just had a nice release, no?
bcocaMarbug: lxd connection plugin works remotely iirc
bcocalxc one is for 'local' lxc commands
bcocayou need some kind of transport to work remote, lxd provides that
Marbugso I can use the lxd connection plugin to manage hosts running lxc bcoca? :o
MarbugI've read that somewhere, but I do find that really strange
bcocalxd is a wrapper on lxc, provides a deamon that can be put on network to allow remote mgmt
Marbugso I suppose I jsut need to isntall lxd on the host and then the containers can be accessed, lets try that
ImuMotiveGood morning! I'm having an issue with a handler that really shouldn't be running since the service doesn't exist and the task that would notify that handler isn't running due to a tag exclusion. Is this one of those things that even thought I didn't notify the handler it's still going to check and see if the service exists?
ImuMotiveThis should include everything being run: https://gist.github.com/jhughes-mc/ad54cf9c3141751dd83ca33e4e8bade3
ImuMotiveResult of run: https://gist.github.com/jhughes-mc/799aa1a1f7b90861beb08e2a6fa8fb60
flowerysongHow are you running the playbook?
halberomImuMotive: how do you know it wasn't run? you've not exactly made it obvious with the task names all being the same
ImuMotiveansible-playbook -i aws/dev00 kernel_update.yml --diff --skip-tags jrun
ImuMotivehalberom: I just updated the names to help with that, still, I don't understand why it's running when in the playbook I specified a tag
ImuMotiveex. - { role: kernel, tags: tomcat }
halberomzend rolling restart is part of tags zend and handler
halberomnothing to do with jrun
ImuMotiveIgnore the jrun part
ImuMotiveIf I call a role like that above, am I not running that role with the tomcat tag?
halberomyou're not specifying a tag, you're _adding_ a tag in a play
halberomthe cli is the only way you can specify which tags are actually run or skipped
halberom(the docs really need to be improved, this always comes up)
ImuMotiveDamn
ImuMotiveYou see what I'm trying to do though. Certain services don't exist on certain hosts so I'd like to exclude those handlers vs just adding a ignore_errors
ImuMotiveThe other way I could do this I suppose is only include the handlers that should be present for that host
ImuMotiveRight now I just included them all via dependency inside the kernel role with the hope that I could trigger only certain ones
halberomor use when conditionals
halberomwhen: "{{ ansible_os_distribution == 'xyz' }}" etc
halberom(i almost never use tags)
ImuMotiveI would get ugly since that this really isn't based on the distribution, it's based on if that host has a service installed on it or not. I could base it off the name but thats brittle and will need to be updated each time we change what's installed on a specific host
ImuMotiveI could pipe in a custom variable to the kernel role and base the conditional off that
ImuMotiveThanks for chiming in halberom. I'm gonna go with a custom variable for now
ImuMotiveAlso came across the listener feature of handlers, gonna start incorporating that
halberomImuMotive: also consider breaking your role up - one service/app per.
TuggaNationcan set_fact_module be used to append an existing variable?
ImuMotivehalberom: That would work too
halberomTuggaNation: ansible uses constants, so you'd need to overwrite your original with the appended var
dinis it possible to use host_vars/host variables inside a playbook or are those designated just for roles?
halberomTuggaNation: which is possible
halberomdin: definitely possible
dinhalberom: got a link i can read? :)
halberomwhy not just try it?
dini did. can't seem to get it to work.
halberomthen your roles wouldn't work either
dinif i build a role using them it seems to work great.
halberomsuggest you look into that then, and ask (with a paste/gist) if you still need help
halberomthe main docs for playbooks and variables give you the main info
dini'll have another read through them.
agaffneydin: they are vars like any other, assuming that ansible actually sees them. ansible will only look for the host_vars/ directory relative to your playbook or inventory file
infernixif i have a play that runs on some box as remote_user: foo, and I want to run a role locally using - {role: some_role, delegate_to: 127.0.0.1 } - how do I get that delegation to use the current user that executes the play?
infernixright now it's running as user 'foo' even on localhost
infernix(and foo == root by way of bad example)
youssaMorning/Afternoon y'all.
youssaI had a quick question regarding the win_package module; would it accept with_item or some form of recursive items? I'm trying to figure out the best way to install multiple packages on Win7 without relying on a third-party program (i.e, silent install builder, ninite, etc).
youssaTried to search online for a "definitive" answer, to which there weren't anything
Praxi@halberom so I did some more testing with that async/retries thing. All from ansible 2.3. So the command module worked, but the win_shell module did not :)
youssamaybe a win_package: name: "{{ item.name }}" path: "{{ item.path }}" with_items: etc
Praxiok even more testing, it doesn't work at all lol. the error time just happened to line up with my retries on one of the runs.
Praxiit should work! :)
PraxiI should submit that as a feature request
cpamahi all. i'm trying to figure out when roles/roleA/vars/main.yml is loaded. Is it just automatic? when the system loads the roles/tasks/main.yml... it will check the vars folder?
cpamaright now I'm reading this: http://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html#role-directory-structure
metavoidcpama: yes its automatic
metavoidI never declared anything special, it automatically picks up my variables from that vars/main.yml
Praxithat is my experience as well
cpamaok cool metavoid thanks. that's what it "felt' like after i've been grepping our code.
cpamajust want to make sure i didn't miss a search / mess something up
PraxiI think as far as precedence goes, vars/main.yml is the lowest, pretty much anything else will supercede variables there
EverspaceAm I missing something? It says that lookup is not a filter: https://hastebin.com/vacaterewe.yaml
cpama+1 Praxi
Everspacecpama: Praxi: http://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
Praxibeautiful, my memory still worked
cpama:)
cpamathanks guys
Praxi@Everspace | map('lookup', 'file') that looks wrong?
EverspaceYup, I just realized that map isn't lookup friendly. Hmmmmmmm.
Praxican you simplify it as a test and remove some of that to figure out what lookup is failing?
Praxihaha k
tibbsIs there an accepted pattern in ansible for handling a bunch of hosts which are exactly the same in a number of ways, except for one host which differs slightly?
Everspacetibbs: You can make a variable on the host itself
EverspaceThen put them all under a group
tibbsRight now I have inventory groups, then playbooks for groups and playbooks for individual hosts which just list the various roles, and then basically every task is part of some role.
tibbsI can just not list that one odd host as part of its normal group and instead give it a per-host playbook, but then I have to remember to keep it synchronized.
tibbsI can't recall if you can conditionally include a role in a playbook.
Everspaceinclude_role + when totally works
tibbsWell that would seem to be one reasonable option, then.
metavoidhow would I run taks on multiple servers and when I'm done I want to assemble the output (saved as a textfile) from all servers?
metavoidby running a separate play afterwards?
metavoidand this separate play assembler all textfiles and mails me a complete log
metavoidassembles*
Everspacethere's the ansible log if you like?
metavoidEverspace: but those wont use my nice templates
metavoidI'm basically collecting lists of available patches from several servers, then emailing all of them in a single file
metavoidbut I have to find the correct ansible logic to assemble this list when all the patch lists has been collected
metavoidmaybe somemthing in the play definition
Everspacemetavoid: Perhaps setting facts then inspecting {{hosts[hostname]}}
metavoidEverspace: hmm, interesting idea. So maybe only asssemble + send mail when all the facts meets a certain condition
metavoidneed to think about that, thanks
EverspaceNo idea, but at the end of a run you can look at what facts are there from every machine you've encountered
zoredacheIs there some fact or something to see how I authenticated to a remote host? (ssh key vs password) I am having trouble trying not break things during my initial setup of a new system where I need to create accounts, setup keys, and change passwords. In my playbook I can't setup keys until I create all the accounts. In the account creation, I set passwords though, which means I will probably break my connection when default
zoredacheimage password is changed to the strong one in my vault.
youssaAny of y'all have worked with multiple software installation on the windows side?
youssatrying to figure out the best route and deal with anything hardcoded/static
EverspaceI try very hard not to touch windows at all
jborean93youssa: the best bet is to use win_chocolatey so you don't have to deal with any special software
Mitigatinghey everyone
MitigatingI asked this once before but I forgot what was said, in pip there's this thing you can do when you install a package
Mitigatingpip install package[module,module]
MitigatingI don't think it works in pip module right now, is that true?
MitigatingI don't see any other variable to use to set additional modules
EverspaceLike multiple modules at the same?
Mitigatingeverspace, it's not other pip packages , it seems you are specify options
MitigatingYou can also install Airflow with support for extra features like s3 or postgres:
Mitigatingpip install "airflow[s3, postgres]"
Mitigatinghttps://airflow.apache.org/installation.html
Mitigatingthis is an example but I know other packages use it
EverspaceInteresting, I don't know pip, but to me that's setting something like an environment variable or passing stuff to the install script that you could do after the pip-install itself
EverspaceIs there any way to specify merging behavior for just a single playbook or include_vars task? I have a series of credentials that I have separated by group that have a list structure that I would like to iterate over all together. How would I go about this?
EverspaceUsing lookup('file') | from_yaml is not working due to having vault strings in the files
Mitigatingnot sure what you mean about merging behavior
Mitigatingyou mean host group?
ifish12hello I have a question regarding the expect module and return codes. Specially in regards to failed message "command exceeded timeout"
EverspaceMitigating: I have a list of websites in a "websites.yml" under a key called "websites:" rather than replace it would be nice if they were joined instead.
Mitigatingjoined as a
EverspaceSmooshed together into one list
Mitigatingfrom multiple lists?
EverspaceMutiple different files with the same key
Mitigatinger
Mitigatingwow :D
Mitigatingcause you can just do {{ lista + listb }}
Mitigatingwhat about {{ lookup(blahlbha) + lookup(blahlbha) }}
Mitigatingbcoca :D
Mitigatingagaffney :D
ifish12I'm not sure why my ansible script isn't working. (the script: https://pastebin.com/uupLBhvJ) It "works", as in, it replies yes to the question and the migration gets run (output: https://pastebin.com/HHyTdqdm ) but still says failed due to no return code, so it says it timed out
ifish12when in reality it worked
ifish12and running it from the console I do get a return code
Justin___I am using an external role from ansible-galaxy, which specifies a template. Is there a way to call a new template file from a group_vars configuration?
Mitigatingit's not waiting for an input?
Mitigatingdo you have to hit enter or anything after it stops to get a prompt?
ifish12after you hit yes, it just does its thing
ifish12and hit enter of course
ifish12but it does that part
ifish12lemme double check once more
boutcheee520If I have an Ansible role for patching my Linux servers that does "yum update", reboots, then some post_tasks running in serial 1 server at a time then if for some reason a task fails Ansible will fail for the rest of the tasks specific to that server right? It will then proceed with re-running the code to server2. Or will Ansible fail hard and stop executing for the remaining servers in my inventory file?
EverspaceMitigating (or anyone else): how do you join these? Those passwords are vault strings though https://hastebin.com/huruyuhoke.yaml
EverspaceJustin___: Unless they put the template name in a variable... then no?
ifish12Mitigating: nope. just "yes", enter, then it's done
Justin___Everspace: They do not. The template is defined in a task in the role.
EverspaceJustin___: You're probably just going to have to either fork the role or something similar. Make a pull request perhaps? You can also do something like stomp over it after the role runs (although you get that ugly changed every run regardless if it did or not).
Justin___Everspace: Ill go with the pull request. Should not be too difficult. I just didnt want to create one to find out I could do it without their end. Thanks!
ifish12I just find it super odd that ansible isn't even getting a return code when I definitely get one when I manually run it
Joelifish12 hitting the timeout?
ifish12yeah but i'm not sure why, it completes in < 30 seconds
ifish12do you see my script / output or should I relink? i'm sure it's something really silly
EverspaceIf anyone is curious I've solved the problem for now: https://hastebin.com/zefetobofi.yaml
ifish12Joel (just pinging in case you didn't see my reply)
ImuMotiveAnybody ever take the approach of placing all your handlers in a single role?
ImuMotiveJust to simply having to call them individually and deal with issues like trying to execute handlers for two different roles in a very specific order
Mitigatingcan I ask a undocker question?
JoelImuMotive gross, no.
ImuMotiveHah
ImuMotiveTime to duplicate handlers :(
bcocaImuMotive: handlers execute in 'defined order' not in 'call order'
bcocayou can also have a handler call another handler (but it must be defined afterwards)
ImuMotiveRight, I know about that part. I just need to update our handlers so I can call these separate role handlers in a specific order
ImuMotiveA1
ImuMotiveI'm just gonna have to duplicate, it's a product of odd design
ImuMotivejrun and tomcat being different roles but I wanna stop jrun, stop tomcat, then start jrun, start tomcat. Can't do that when the handlers are in different roles. Gonna make a common handler role for both of them to use
MixerHello all, I am having a bit of trouble with using the yum module, would someone be so kind as to assist me?
zoredacheGo ahead and ask a question.
MixerOk thanks, so i use yum: "name=openssh-server state=present" and register that result in pkg_version, but I cannot figure out how to search the result to find if it matches a string "openssh-server-5".
Mixer when: pkg_version.rc == {{ "0" }} works but is not the test I need. i have tried 'in | search| find' to no avail.
MixerI noticed in my results output that there is a message about not using the Yum API because of rhnplugin and certificates naughtyness.
bartmonMixer: the rc property is short for return code. Being 0, it indicates success
MixerYes @bartmon, yes I understand that. That is not really the parameter I want to search.
Mixerpkg_version.results should have name of the package in it, however instead I get the following:
Mixerok: [soctxqanc01] => { "pkg_version": { "changed": false, "msg": " Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.", "rc": 0, "results": [ "openssh-server-5.3p1-122.el6.x86_64 providing openssh-server is already installed" ] } }
Mixerugly I know, the results are simply this: results": [ "openssh-server-5.3p1-122.el6.x86_64 providing openssh-server is already installed" ]
asydMixer: if "openssh-server" in variable.results
MixerThat doesn't look like the result I would expect. I half think that is an stderr thing and thus that parameter is actually undefined.
Mixer@asyd , Yeah I tried that , didn't work, I am running ansible 2.3.1
asyddefined didn't work
flowerysongasyd: .results is a list that does not contain 'openssh-server', so it returned false.
zoredachegist/pastebin are usually good for pasting. It might be useful to do a debug: var=pkg_version I do see that `openssh-server-5.3p1-122.el6.x86_64` in what you pasted, can you just search for that?
asydah yes so results[0] ;p
Mixerwait, results[0] ???
flowerysongOr pkg_version.results | join | search('openssh-server-5')
flowerysongMixer: Yes. It's a list.
Mixerlet me try that.....ugh
MixerHoly Cow!! @aysd and @flowerysong that worked, oh my gosh, I didn't know it was a list, and nowhere I searched told me it was either. ugh Thank you so much!!!!! :-)
flowerysongThe output told you, though it's easy to miss with a single line; square brackets denote a list in YAML/JSON.
Mixerwell I guess I just didn't know what I was looking at, your absolutely right there are brackets .
k6nHi, I am trying to "import yaml" into a module to parse a file. But for my PR shippable is complaining: "No module named yaml". Does Ansible provide an abstraction for yaml parsing?
mattclayk6n: For module development, I recommend asking questions in #ansible-devel
mattclayk6n: What PR?
k6nmattclay: oops. I wasn't paying attention to the channel I am in.
k6nhttps://github.com/ansible/ansible/pull/33436
k6nI'll jump over to ansible-devel
Mixer\quit
Mixerugh
EverspaceMixer: you can never leave
Praxi@k6n ansible reads yaml in everything it does?
Praxijust natural assumption is part of the ansible module boiler plate I guess :)