mmercerhey guys -- running into a slight conundrum with ansible + packer interaction -- we normally use packer to build our images... and recently I decided to simplify our args by adding the an ansible_ssh_private_key_file since each of our vpcs would normally use a different keyfile.... but in the case of packer, this keyfile hasnt been deployed yet, and the ansible playbook invocation is overriding it, changing it to this keyfile --
mmerceris there a way of disabling this variable manually during execution during specific criteria without having to get fancy, or ?
mmercerto clarify, i now have a group_vars/all that is being read in, setting the ansible_ssh_private_key_file, which ansible picks up when the packer build invokes ansible, and thus overrides the packer ssh key.... which is amusing since its the packer build steps that deploy that very key xD
mmercerhrum.... cannot come up with a workaround for this one without having to go through a ton of headaches.
rvrublevskiyhi everyone! Could someone please tell me what is the best way to get list of disks from ansible_facts?
rvrublevskiyI can of course get it with command like this "lsblk | grep disk | awk '{print $1}'", but it looks unnatural
mmercerrvrublevskiy: those should already be available assuming you have facter/ohai installed
flowerysongThey should already be available even if you don't have those installed.
fairuzmoritz It took my machine 23 seconds
fairuzreal 0m23.318s
mmercerhmm, i thought the blkid part was from one of those two, flowersong knows better than me xD
fairuzI wonder what can cause such slowness
mmercerhah, i have a solution to my issue. off i go for now. later folks
rvrublevskiyI'm probably missing something. Here's an example
rvrublevskiyThe question is how can I get dm-0, sda, sdb from it?
rvrublevskiyideally only sda and sdb
fairuzHi guys. I've just installed ansible using brew. but even ansible --v is very slow to respond (23 seconds).
nevermindHow about ansible --version
rvrublevskiyOK, I got it. works like this:
rvrublevskiy when: ansible_devices[item]['scheduler_mode'] is defined and (ansible_devices[item]['scheduler_mode'] != "")
rvrublevskiy with_items: "{{ ansible_devices.keys() }}"
rvrublevskiyin case someone was interested =)
flowerysongYou can drop the .keys(); iterating over a dict returns the keys.
jlacroixI'm hoping someone can help me with ansible-pull. I'm playing around with it to learn it in a test VM. It seems as though it requires an inventory file, because it works fine if I give it an inventory file (which only has 'localhost' in the file) but if I remove that, it complains about "no hosts matched" is it possible to use ansible-pull against localhost, and not have an inventory file?
idlemindglance_show_multiple_locations: "{{ glance_default_store == 'rbd' }}" is this saying set "glance_show_multiple_locations" to the bool of the conditional statement, true if glance_default_store == 'rbd'?
ingy`make tests` is failing for me in the ansible repo. Is that the right way to run tests? I get this output:
chigginsAnyone have issues with Windows clients over WinRM and ConnectionTimeoutErrors?
GestahltHi, i have some issue with set_fact - I have a condition that actually should skip the the set_fact module (when: var is defined). Now the var it validates is not defined and the "set_fact" module is still executing and causes an error (which is expected)
iTeVGestahlt, there is something probably wrong with ur when conditional
iTeVcould you post a snippet?
iTeVmake sure the indents are correct
dubeyis there a way to detect new patch available, os package upgrade, security patch etc. on servers and fix them automatically ?
survietaminefrom what I've seen, ansible is not event driven.
survietamineso, you have to run play against hosts to know
rvgatedubey, alternatively, just add a cron?
rvgatealthough it might break your setup unexpected
petn-randalldubey: Most OSes have tools for that. You _can_ set those tools up with ansible. I now that the Debian/Ubuntu world has unattended-upgrades, which works well with apt-listchanges.
eoli3nwhy ansible xenial -b --become-user=jkirszling --become-method=su -m shell -a "echo $USER" print me "root" ?
rvgateeoli3n, try whoami?
rvgateeoli3n, i think $USER is the user you originally login with, not the current user you switched to
eoli3nhuhu, how funny could be ansible ->
eoli3nwhoami only print jkirszling, $(whoami) prints 'root'
rvgateeoli3n, its actually quite logical
rvgateeoli3n, ansible wraps your become flags/shell into 1 single command in the end...
rvgateeoli3n, if you do -vvvv you can see what it does
rvgateeoli3n, basically it is doing: as root: su jkirszling -c "quota -f /auto_home/$(whoami)"
rvgatein that case whoami resolves to root
rvgateeoli3n, just wondering.. since you already typed the become user.. you might as well just type the user in the end as well
zoli__hi. how can I run 2 module with a oneliner ad-hoc ansible command?
RydekullAll I gotta say is, quotes, " will execute $(whoami) as the user you are running as, ' will pass $(whoami) on to the next stage
Rydekullzoli__: yeah, it's called a playbook :-)
zoli__if i run ansible -m -a ".. " -m -a "..", it seems the first one is not ran, or maybe neither but returns a changed state and no error
zoli__Rydekull: yeah i know but something i dont need to create it it is just a short onetimer
Rydekullzoli__: ansible --help | head -4 -> "Define and run a single task 'playbook' against a set of hosts
jcaHello, I'm new to Ansible. I have to deal with a tool (pgbackrest) relying on ssh to perform automatic backup. I managed to publish public keys with ansible but I would like to deal with the ssh "strict host key verification" in order *not* to disable it but to have something quite smooth. What would you advise me ?
RydekullIts literally made for a single task, if you want to do more, do a playbook or repeat the ansible command :-)
zoli__Rydekull: ok thanks, yeah that was my expectation then, i have to repeat it after a ';'
jackdthello! I'm trying to update an AWS lambda function via a S3 bucket. AFAIK the lambda module is able to CREATE or DELETE a lambda, while lambda_alias is not able to update the function's zip file?
jcaok, got my answer :) module known_hosts
escI have a list of public key files, how can I generate the appropriate variables file automagically?
rvgateesc, hmm.. i dont see the relation to public key files and generating appropriate variables... can you elaborate what you are trying to do?
kassavhello guys
kassavi have a question
rvgatekassav, congratulations :P
kassavwhat is the easiest way to store some relational data
miscmhh a file ?
kassavand use it in ansible, and write the result data on it
misccan you be more precise ?
miscit kinda seems to be not the common stuff you would do in ansible
miscwhat are you trying to achieve ?
kassavi think of a database, but it would be not easy to read/write using ansible
kassavmisc: write playbooks that depends on a lot of parameters that i will store on database
misckassav: depend in what way ?
kassavand store deploy status, war versions etc
misclike, using the db as source for variable using a lookup ?
kassavmisc: dependance in environment, relation between servers, java versions, etc
kassavi think more on a database
miscyeah, a db would do the trick
kassavi'm looking for methods to simplify it
miscbut you will need code to write to it (like a callback plugin, or a custom module)
miscand likely a lookup or a module to read from it
kassavmay be best practice, external modules
rvgatekassav, there is a lot you can do with host vars and group vars... however depending on the size of your inventory it might get messy very quick :P
kassavrvgate: the inventory will not be simple
kassavthusands of hostname :D
rvgateis there an example of using inventory_ignore_patterns somewhere?
rvgateIf i have this inventory structure: how can i force people to explicitly do "-i inventory/platform1/prd" and not allow "-i inventory/platform1" and "-i inventory" im trying to use the inventory_ignore_patterns and inventory_ignore_extensions, but it is not behaving as i expected
rvgateim actually thinking about adding an executable in every parent directory that will make the inventory plugin fail
kassavrvgate: force people depending on what
rvgatekassav, dont allow them to run the playbook on all inventory items from all platforms and all environments
kassavrvgate: what i do actually, is to create the inventory file on demend
rvgatekassav, sweet, if you add an executeable that returns a non-zero exit code, the play stops :D
shapsI think that's the only way you have to stop people from deploying everywhere
kassavrvgate: do you mean an executable on top of the playbook?
Lionel_Please, I have a litlle question about jinja templates
Lionel_I have the foloowing line
Lionel_{% set _includes = domains["xxx"] %}
Lionel_{% set _include_metadata = filter(lambda path: path.startswith("metadata"), _includes) %}
Lionel_Do you know why this is not working ?
ertes-wis there a filter to JSON-string-escape a string?
ertes-wi.e. turn 'a"b' into 'a\"b'
AndreasLutro"mystring" | to_json
rvgatekassav, like this: note the denied files (+x) in the inventory... they exit with code 1... failing the run from that specific spot :)
shapsrvgate: +1 to that
Lionel_ @ertes-w: try something like this : {{ 'a"b' | replace('"', '\"') }}
shapsLionel_: what doesnt work?
Lionel_@shaps : "msg": "AnsibleError: template error while templating string: expected token ',', got 'path'.
Lionel_I got this error
Lionel_It seems like jinja can't evaluate the python expression
Lionel_"lambda ..."
ertes-wLionel_: thanks, but i prefer AndreasLutro's solution =)
shapsLionel_: yep, I don't think you can pass python functions to that
rvgateshaps, kassav, this is the result: works like a charm! :D
rvgateprobably dont need the comment anymore
rvgateshaps, kassav, appearantly for using this method, [inventory] unparsed_is_failed=True needs to be set in ansible.cfg
rvgateelse it will just ignore it :P
shapshm, probably if you just return "{}" + exit 1 it won't consider it unparsed
rvgateshaps, if you do that, it will continue to find the child directories and parse the ini files
rvgateshaps, which is something i want to prevent
shapsYeah, I was hoping it would stop if you returned an empty inventory and rc != 0
shapsCouldn't be bothered to go check if/why it does not :P
rvgateneither can i.. seems to work with the denied files and config change
dmrI have this issue with ubuntu 14.04 "Failed to validate the SSL certificate for"
dmrI have 12 vm's with ubuntu 14.04 and only one has this problem
lulakCan anyone help with with_nested loop and dict? Thanks
rvgatedmr, ssh to the machine, try to curl the url you try to access...
rvgatelulak, what is it you need help with exactly? expected results? actual result? missing a lot of information here to answer your question
lulakrvgate: sry. I want to msg: House1 and table, House1 and fridge, House2 and table, House2 and fridge, House2 and dishwasher, House2 and N
lulakLoop inside foo: , then loop inside each element of foo:
Pistahhis there a way to force ansible to use color output when piped into e.g. less?
petn-randalldmr: How is this related to ansible? It might be better to ask in #ubuntu. I'm guessing you might not have "ca-certificates" installed.
eoli3ni got an error when running my playbook -> ERROR! Unexpected Exception, this is probably a bug: [Errno 12] Cannot allocate memory
rvgatelulak, thats actually quite tricky to do.. ansible usually does only 1 loop i believe... there are some tricks you can do with an include with_items, then on the included file do another with_items again
mgedmineoli3n: too many --forks?
eoli3nlets decrease it to test
eoli3nthe errors occurs when i added strategy: free
Kim^Jeoli3n: Did you check how much RAM you have available?
mgedminI think ansible's memory usage is proportional to the number of --forks
eoli3ni try without
eoli3nKim^J: i did
eoli3nhtop is open
Kim^JAnd what does it say?
eoli3n7G/12G used
Kim^JAnd on the target machines?
eoli3nwithout strategy: free it work
eoli3nthe problem seems to be server side
eoli3ni push 800 nodes a playbook with a single tasks which is ansible-pull
eoli3nyep, problem seems to comes from strategy free
lulakrvgate: huh, that is too complicated
lulakrvgate: maybe with_subelements will help?
rvgatelulak, you probably looked at this already: but that should provide you enough information about loops and what you can and what you can not do (i dont know this from the top of my head)
rvgatelulak, +1 for providing the solution on your own question :) much better then "solved it, thx, bye"
iTeV`test: "{{ test }} + ['{{ item['msg'] | replace() }}']"` - somebody who has a idea how to replace singequote characters?
iTeVwith the `replace()` function ^
shapsis this the right way to access 'cloudformation_facts' things? hostvars[inventory_hostname]['cloudformation'][stack_name]
mgedminiTeV: '\'' ought to work
iTeVmgedmin, that doesnt sadly work
mgedminor possibly '\\'', if yaml's " quotes eats one level of \-escaping
iTeVansible is crying about formatting
shapsprobably \\
rvgatemgedmin, iTeV, dont use '\'' in yaml, they plan on removing support for this in pyyaml on the next release
rvgatejust saying :P
rvgatethere was a dude coming over in this channel stating that
iTeVah noted rvgate =)
mgedminbut no, this is " .... \\ ... " in yaml
mgedminwhich becomes '\'' in jinja
mgedminjinja is not going to remove \'
iTeVmgedmin, \\ didnt work either :/
shapsjust keep adding \ until it works :P
mgedminchr(39) ?
rvgatewhy not just do item.msg ?
mgedmindoes jinja support chr()?
lulakrvgate: ups, still not solved :/
lulakits hard...
iTeVrvgate cuz the value of item['msg'] has a `'` in it..
shapsitem.msg | quote
rvgateiTeV, replace item['msg'] with item.msg
iTeVrvgate, that would make no difference
rvgateless quotes to worry about
iTeVquote filter doesnt work either
iTeVlemme drop the content of item['msg'] so u guys have a understanding what is going on :P
shapsanyway, it probably breaks here :*'*{{ item[*'*msg'] ...
mgedminoh, good catch
shapsthe single quote in msg will close the one before
shapsiTeV: ^
iTeVcontent of item['msg']: No package matching 'pyython-perf-3.10.0-693.17.1.el7.*' found available, installed or updated
iTeVshaps, it works flawless when the value of item['msg'] does not contain a singelquote char
shapsAh, yes it does because it's wrapped in doublequotes
mgedminiTeV: I'm sorry for not paying attention to what you're actually doing
mgedminyou want `test: "{{ test }} + [item['msg']]"`
mgedminno extra {{ }} and no quote replacements needed
mgedminsorry, my byad
iTeVwait wut
shaps"test | default([]) " probably
mgedmintest: "{{ test + [item.msg] }}" is what I meant
iTeVah that makes more sense mgedmin :P
shapslulak: house1 content is not dict, so won't have key/value
mgedminirc is a medium with this ... pressure to reply fast, so other people don't break your flow, and this hurry leads to errors
iTeVmgedmin you are a hero x)
iTeV`[item.msg]` fixed it
rvgate+1 for heroes
iTeVthanks for ur time guys :D
rvgatei prefer ++rvgate :P
lulakshaps: here is my example
tinitarvgate: which dude said '\'' is going to be removed from pyyaml?
rvgateit was in ansible-devel, yesterday i believe
agaffneylulak: I'm not that familiar with with_nested, but I don't think the second param is supposed to be a jinja expression
tinitarvgate: I only remember a girl saying that "\'" will be invalid in libyaml, and that was me
tinitaso: pyyaml vs. libyaml, dude vs. girl, and '\'' vs. "\'"
agaffneyeverybody is male on IRC, at least until proven otherwise
mgedminACTION stares at agaffney
tinitabtw, '\'' is perfectly find in yaml, it's a backslash and a singlequote enclosed in singequotes
mgedminis pyyaml breaking the yaml spec by interpreting backslashes in single-quoted strings or something?
tinitaagaffney: i thought everybody was female unless proven otherwise. can you prove your statement? :-P
lulakagaffney: :/ Can not figure out, how to handle this...
agaffneymgedmin: escaped single quote in double-quoted strings
tinitamgedmin: why do you think so?
shapslulak: I believe the easiest way would be having 2 separate loops + include. You need to loop mydict.users ( which is a dictionary ), then mydict.users.<user>.groups ( which is a list )
agaffneytinita: that's true for development in the womb, but not so much for IRC :)
asyds/ 21
agaffneyof course, these are very different times from when that "rule" was created 20+ years ago
tinitaagaffney: I've been around IRC since 2002 and this was the first time someone told me that. I'd rather prefer to be seen as a woman, at least after I said so, even if I cannot prove over the network that I am one.
crestthere is a special value to delete a parameter given to an ansible module, but what is it?
crestmy google foo is weak today
miscomit ?
agaffneytinita: heh, no need to prove. the point of the statement is just that it's "easier" to assume that everyone is male on IRC until someone says otherwise. nothing against women :)
larsksagaffney: it's easier to just not assume, I think. I mean, does it even matter?
shapslulak: Something like this
agaffneylarsks: nope, not really
crestmisc: that sounds right. i was looking for nothing/bottom/None
rvgateagaffney, you're saying you are a male? you just shattered my dream
larsksThat is why we have nick completion. I I can say agaffney all the time instead of using pronouns :)
mgedminagaffney: when you're in a hole, stop digging
crestmisc: thx
agaffneymgedmin: but I've still got my shovel!
selckinthat was a common thing in the past, its like how its always morning when you join a channel
miscif you dig deep enough, you would dig up while having the impression of digging down
agaffneyheh, there was a Gentoo dev back in the day that referred to that as UGT (universal greeting time)
AndreasLutrowhoa, deep
selckinagaffney: aye stil common named that
miscAndreasLutro: I know, right. Mind blown
agaffneyup and down are meaningless at the center of a gravity well
agaffneyon a completely unrelated note, I wonder if Ansible has taken any part in the Falcon Heavy launch today
agaffneyI'd like to think that they coordinate the entire launch process with an ansible playbook
shmem.oO( there's no such thing as a free launch )
iTeVfor a moment I tough u where saying "there is no such thing a free lunch"
shmemiTeV: you got it ;-)
lulakshaps: thanks, i will try
hbfWhat's the best way to force an error with a template, since {%error%} does not exist? I want to write {% if foo %} ... {% else %} {% error "forgot to implement this alternative" %} {% endif %}
rvgatehbf, custom jinja filter?
lulakshaps: seems its working. ;]
petn-randallhbf: I'd put an "assert" with the right conditions at the the beginning of the role.
hbfThanks. I'll go with /0, plus maybe an assert. custom jinja filter sounds a bit excessive just for an error catch.
bardhiHi guys
iTeVOla o/
bardhiI am quite new in ansible and i dont have much experience with it. I have been requested from my work to use ansible to automate creation of vms on azure and vms should have the option to authenticate by key. I am trying to do that but i get an error code every time.
bardhi"changed": false, "msg": "Error creating or updating virtual machine testvm002 - Azure Error: InvalidParameter\nMessage: The value of parameter linuxConfiguration.ssh.publicKeys.keyData is invalid.\nTarget: linuxConfiguration.ssh.publicKeys.keyData"}
agaffneybardhi: I would assume that you passed bad/invalid SSH pubkey data
bardhithat is the section that i use
bardhithat is what i assume too but i cannot find anywhere online how to do it correctly
mgedmingoogle google O M G wat
mgedminwhat's this ---- BEGIN SSH2 PUBLIC KEY ---- ... nonsense????
mgedminMicrosoft, are you drunk?
agaffneyiirc, that's a valid ssh pubkey format, but not one used by openssh
mgedminhm, looking at the comments, a regular openssh pubkey format should work too
shmemmicrosoft has always been drunk.
mgedminmaybe it insists on having a non-blank comment field?
asydballer peak!
mgedminbardhi: what if you try key_data: "ssh-rsa AAAAB3Nz{snip}hwhqT9h uselesscommenthere" ?
agaffneybardhi: try adding " foo" (any old key comment) to the end of your key data
bardhimgedmin: hmm let me try that
bardhistill the same error
tuxickis there no sane way to keep lineinfile from adding same line again on next run?
agaffneytuxick: if it adds the line again, that's probably because it thinks the line isn't there. without seeing your task, I'd guess you're using a 'regexp' param that doesn't actually match the line you're adding
bardhithe thing is that i used the same public key to create a vm from the azure portal and it worked no problem
agaffneybardhi: it doesn't actually have `{snip}` in your playbook, right? :)
bardhiit has my full public key
agaffneyalso, SSH pubkeys aren't really sensitive, so there's no need to sensor it
bardhii tried adding it as variable
bardhiand also pasting it as an --extra-vars on cli
bardhistill the same error
agaffneyif it doesn't work when pasting it in directly, adding complexity probably won't help
bardhii also tried without the quotes and again the same error
mgedminwhat if you use double quotes and add a trailing \n?
mgedminI'm clutching straws
agaffneyif it wasn't already clear, it's the Azure API that's rejecting the data. do they have some requirements about key type/length?
bardhii tried the same key from the azure portal and it works no problem while creating a vm
tuxickagaffney: hmm, bit hard to combine with for example insertafter then?
bardhiafter a few retries it seemed to work and the vm is being created
bardhiafter this vm creates i will try creating another one to see if it will work directly with no retries
mgedmin... a few retries ....
mgedminI'm scared
brankoRepetition is mother of all learning! As long as it's idempotent...
petn-randallbranko: In the case of learning, you don't want it to be idempotent ...
rvgateACTION always gets confused with the word idempotent
rvgateeverytime i open the dictionary for it its like "ahh yes, now i remember" and then forget it 5min after
tuxickagaffney: ah got it, just add the regexp anyway :)
lulakshaps: one more question.. how to test when: ( mydict.users.john.groups is defined ) and ( mydict.users.john.groups | length > 0 ). I have really mess between dicts and lists... Thanks
JEEBdoes it seem like python3 should start being relatively safe to use with ansible?
JEEBwith ansible 2.4.3
Gilouon the (few) modules I use it just works...
JEEBI should probably check the test coverage on the modules I use
Alboim a bit confuse with ansible. I have a list of string. I have an another list of string including the first one. I would like to iterate over the second list filtering with my first list and get the result (aka a list of string). I dont know if im clear ^^
mgedminnot really -- what does filtering with a list mean?
Alboi have treid shell: "echo {{ ca_certificates_autorite_path[item] }}" with_items: "{{ sup_ca_certificates }}" register: certicate_auhorities_list
Albobut i get a list of result..
mgedmindo you want an intersection of two sets? a subtraction?
mgedminhm, one of those things that would be easy with a python list comprehension but JINJA FORBIDS THOSE GRR
mgedmincustom filter plugin?
Alboi have tried instead in my group_var : filebeat_certificates: "{{ ca_certificates_autorite_path[item] for item in sup_ca_certificates }}".
Albobut doesnt work. im pretty sur that my syntax is wrong but can i do something like this ?
Albo@mgedmin its more like an intersection
mgedminI've once solved a similar problem by constructing a json list literal as a string
mgedmin"[{% for item in sup_ca_certificates %} '{{ ca_certificates_authority_path[item] }}', {% endfor %}]"
mgedminI felt dirty for hours afterwards
mgedminand of course this breaks if any of your strings has a ' or a \ in it
Joelcouldn't you accomplish that with the in test?
Joelansible supports union
lulakcan anyone help? how to test when: ( mydict.users.john.groups is defined ) and ( mydict.users.john.groups | length > 0 ). I have really mess between dicts and lists... Thanks
Joeland intersect
JoelAlbo did you look at the ansible filters doc?
bcocaalso 'is defined' only checks on the 'last part' ('groups') if any other part of the variable is undefined you'll get an error
Albomy bad. I have a list and a dict
bcocayou have at least 3
Alboi want to iterate over my dict with my first list as filter
bcocamydict, users and john
bcocagroups is the list
bcocaAlbo: look at select/selectattr
bcocaor even map, select will give you subset , map will give you all
mgedminjinja's map can't look up the value in a dict, can it?
mgedminit can only call a jinja filter or take an attribute
bcocaattribute is the way to lookup values in a dict
bcocamakes a list of that attribute from a list of dicts
Albo@bcoca i will take a look of attribute
winem_hi, is there an issue with the current master branch? whenever I use ansible-vault edit filexxx I have to change the current and set a new vault password
lulak@bcoca something like when:
lulak ( vmware_common.fusers.root.groups is defined ) and ( vmware_common.fusers.root.groups has attributes ) ?
lulak( vmware_common.fusers.root.groups.items() | length > 0 )
lulakdo not know how to write it
bcocalulak: no, the one you did before is fine (.. groups|lenght) > 0
bcocaor just groups , if 0 it already will return 'false'
bcocawhen: vmware_common.fusers.root.groups is defined and vmware_common.fusers.root.groups
bcocaor you could when: vmware_common.fusers.root.groups |default(False)
lulakdoes not work
bcocawhat does 'does not work' mean?
lulakwell, nvm, vmware_common.fusers.root.groups |default(False) works
mgedminI would |default({}) to make it clearer that blahblah.root.groups is a dict
mgedminan empty dict is false-ish
lulakmgedmin: +1 ty
bcocamgedmin: i thought groups was a list
bcocawhich would mean default([]) but i think False is clearer than 'empty complex base type'
mgedminyou're right! the .groups.items() bit confused me
mgedmin(I didn't look at the original paste)
___JustinIm having a hell of a time figuring out the chdir option for the win_command module.
___Justin- name: CWLA | Install CWLA win_command: powershell.exe -ExecutionPolicy ByPass C:\AmazonCloudWatchAgent\install.ps1 chdir: C:\AmazonCloudWatchAgent
___Justinthat chdir: errors out saying mapping values are not allowed. So I try to single quote, and double quote it, and that just returns " It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of q"
___Justinim an idiot. i see it :/
shmem___Justin: nobody isn't an idiot.
___JustinI spent 30 minutes starting at it
___Justinand at no point, did i use the 'args' portion of the command lol
shmem___Justin: rule #1 in bugfixing: you don't fix your own bugs. You don't see them.
shmemlet someone else fix your bugs, and fix someone else's
survietamineis there a more correct syntax for this? msg: "ssh users list: {{ ssh_users|default(['foo','bar'])|join(',') }}"
agaffneysurvietamine: depending on your goal, probably not
agaffneyalthough, if you're defining a var there, you should use underscores (or something) instead of spaces in "ssh users list"
kassavhi again
kassavi have two dicts in yml format
kassavthat have a common var
kassavi need to perform a loop using the common var to get to the other dict
survietamineagaffney: my variable has _ (ssh_users), "ssh users list" is just a test message I'm using with debug module
kassavit's like joining two tables in sql
agaffneyah, I missed the 'msg:' part of that
kassavare there a way to do that
agaffneykassav: can you show a gist/pastebin with an example?
kassavagaffney: there are not accessible now
kassavto explain more
kassavi have a component
kassavthis component is part of a group of component
kassavand i have hosts that could contain groups of components
kassavthe purpose is to get hosts starting from a component
agaffneyeven if you don't have access to the exact code right now, you could put together something that illustrates what you're trying to do
kassavagaffney: did you understand my explanation?
agaffneynot at all
kassavagaffney: i have a jar and i need to know in which host i should deploy it
kassavthe jar belongs to a logic component with another number of jars
kassavin the other part
kassavi have a list of hosts
kassaveach host can store a number of logic components
kassavagaffney: same thing?
agaffneyshow some code, even if it's made up. I really have no idea what you're talking about
kassavsuppose i have a jar as input
kassavand i need the hostname as output
mgedminooh, I wonder if that's doable without writing a custom filter plugin
agaffneykassav: what is that top structure supposed to be? it's either a list without the - or a dict with keys and no values (and missing the :)
kassavit's without -
kassavthere is another top structure but it's not difficult to reach
agaffneyso, given an input of 'jar1', you want to determine that it exists under the keys NL1 and NL2 in the top dict, and then find the key under the 'ctx' dict that contains both of those values?
agaffneythat is probably not possible in a single jinja pipeline without a custom filter
kassavagaffney: that's right. are there minor change that can make that possible
agaffneyit depends on whether you consider rearranging your data structures minor
agaffneybut without knowing what that data is and what you're actually trying to accomplish with all of this, I can't really offer any meaningful recommendations
kassavit's an organisation of a deploymnt at large scale, it let us customize the input during deployment
kassavi can do that i two steps i think
agaffneythere's a new 'in' test in jinja 2.10 that could probably help on the first step
kassavi got the first one
kassavany idea to deal with loop
kassavif i have to use the worditem
craftytechhello Folks: I'm getting the following error when running ad hoc command: "Failed to connect to the host via ssh: command-line line 0: garbage at end of line; \" has anyone come across this one?
kassavin nested loops
rvgatecraftytech, what command are you trying to run
agaffneycraftytech: do you have a ~/.profile or ~/.bashrc on the remote host that runs a command that produces output?
agaffneykassav: I'm not sure what you mean
sivelcraftytech: I think that happens if your ssh command is broken, causing the argument parser to believe you have multiple positional arguments (hosts)
craftytechhmm, let me check... I'm running a basic 'ansible -i hosts all -m setup --user tomcat'
sivelcraftytech: seeing the verbose output (-vvvv) would likely help
craftytechahh, of course, let me check that
craftytechfound the culprit.. somehow it doesn't like that env var lookup for the var key in the ansible.cfg file
fairuznevermind same thing
fairuzit took 21 seconds
agaffneyansible.cfg doesn't support jinja
bcocatis ini
fairuzI've installed ansible using brew btw, if it does make a difference
agaffneyit *might* work in some cases due to the way that vars are lazily evaluated
bcocafairuz: brew mangles certain things so it wont work as 'expected'
bcoca^ reason we dont list it as recomended install method
fairuz@bcoca ah
fairuzso better to use pip?
sivelI've debated trying to get homebrew to remove ansible, but I think that would be a useless battle
sivelfairuz: yes
bcocai just dont use OS X as a work machine ... so cannot recommend an install method
sivelThe recommended install method on Mac is pip
agaffneyI use OSX for my work machine....with a Lubuntu VM for doing anything in the terminal
fairuzah damn
fairuzI've removed ansible from brew and installed using pip
fairuzbut still too slow
sivelfairuz: what are you doing specifically?
fairuz@sivel just ansible --version
sivelyou said it is taking 21 seconds?
erratichey I was wondering if anybody here might have some like short term programming contract work I'm looking email me
agaffneyerratic: "cold calling" a large IRC channel isn't exactly the best way to go about that
fairuz@sivel yes
agaffneyerratic: and the fact that your domain only serves up the "Welcome to nginx" page and you've provided no way to find out any information about you isn't exactly helping, either
sivelfairuz: you might be able to use dtruss to try and determine where it is hanging
sivelsudo dtruss /usr/local/bin/python /usr/local/bin/ansible --version
sivelsomething like that
erraticagaffney: kthx
siveldtruss is basically strace on mac
erraticso if anybody besides agaffney has some short term contract programming work for me email
fairuz@sivel I don't understand the output of it, can I pastebin it here?
sivelfairuz: sure, but unsure if I can look at it immediately
agaffneyfairuz: I'm fairly certain that there were more than 39 lines of output from that command
fairuzhm that's all that it gave me though
sivelthen maybe it is having issues with getattrlist("/usr/local/bin\0", 0x7FFF699E6814, 0x7FFEE84AA2B0) = 0 0 or whatever would come after that
agaffneyfairuz: did it exit there, or is that just where it paused for ~20 seconds?
sivelmy output had 2612 lines
fairuzthat's the weird thing I just about to ask
fairuzwhen I run using the dtruss command, it didn't hangs
fairuzit just ends after this line getattrlist("/usr/local/bin\0", 0x7FFF699E6814, 0x7FFEEACAE2D0) = 0 0
rewilliamsGM, i am using vmware_guest to create vm's from template. The template currently has 1 disk built into it /dev/sda/ . I would like to add a second disk on spin up. How do i specify the second disk. The playbook is trying to reduce the /dev/sda instead of creating sdb
ingybcoca: I came up with a small python patch that allows people to enter {{...}} jinja values in yaml without quotes. Would this be of interest, to add into ansible?
bcocaprobably, patch to pyyaml?
ingyno, patch to ansible
ingyI could make a PR
sivelingy: I'm not sure. Something to note is that we use other tools, such as yamllint to validate YAML
sivelingy: I'd guess that with the patch in ansible, ansible would work, but other YAML tools would fail
ingyI got stopped because I couldn't quite get the entire test suite to pass
bcocasivel: the problem is not that it is invalid/valid yaml, but that it gets read as dict vs string
ingysivel: well {{foo}} is valid (albeit insane) yaml
sivelI get that, but if we encourage it's use like that in ansible, then other tools that may read the same YAML, will not end up with the same results
ingybcoca is correct
sivelit may technically parse, but wouldn't meet our schema needs, and could cause further confusion
ingythen we "fix" the linter?
bcocasivel: i would still like to see PR and then deal with possible drawbacks
sivelwhat if someone uses ruby to generate and lint there playbooks?
pi__Hi I have problem with fact delegation from module route53_facts, on Xhost while using 'delegate_to: localhost' and 'delegate_facts: true', facts are still saved on Xhost. do you have any idea how i could manage that?
sivelwe would need to fix every yaml implementation everywhere
bcocasivel: depends on patch, could still work, depends if it is a 'forgiving' vs mandating patch
zamolxishi all. is it supported to set multiple facts from lookups, but each subsequent fact to get info from the previous?
ingythe patch simply looks to see if a mapping has 1 key-pair and the key is a mapping and the value is null, then it wraps the inner key string with "{{%s}}"
ingybcoca: the code guidelines say that `make tests` should pass. It took me over an hour to get down to 15 fails. (on mac py2.7.10) Did I miss something simple?
bcocaingy: unsure, but they 'should' pass, otherwise it means patch is probably breaking many things
DerDuddleif I install a version of ansible via pip, what release of which branch of the github repo do I get?
sivelDerDuddle: right now stable is 2.4.3, which is created from the stable-2.4 branch
ingybcoca: I'll gist the results in a minute
sivelDerDuddle: we don't have branch like master, that is continuously the stable version, we cut stable branches at release
bcocaingy: going into meeting, bbl
DerDuddlethanks, sivel
oss_fanHi - I seem to be having some quoting issues with a task I'm working on, using ansible_pkg_mgr to generalize my packaging module use.
oss_fanA key/value (key=value) syntax seems to work for ansible_pkg_mgr but not a "key: value" syntax.
oss_fanHere's the specific code in question:
oss_fanWould anyone be able to shed some light on what I'm missing, please?
siveloss_fan: you need to do something like:
siveloss_fan: but you might be better using the `package` module instead
maxamillionsivel: +1
oss_fansivel: Thanks so much! None of the examples I'd seen have the call to module.
maxamillionoss_fan: when you do the "args as a string" version, the first parameter is inferred to be the module, but when using key/value pairs you have to set it explicitly ... but also +1 to using the `package` module
oss_fanmaxamillion: Thanks for the detailed explanation!
oss_fanmaxamillion/sivel: It's not a major concern in this case, but I understand 'package' doesn't currently do a combined installation, right? And that this could lead to dependency failures for complex lists of packages?
oss_fanNot to mention less-efficient installation due to multiple calls to package managers?
siveloss_fan: what do you mean by "combined installation"?
siveloss_fan: in the end, all that `package` does, is call the real module needed for that system, such as calling the `apt` module or `yum`
siveloss_fan: if you are talking about "sqaushing" when using `with_items`, `package` is not enabled for that, but it's not needed
oss_fansivel: Sorry for the vague speech. I guess 'squashing' is exactly what I mean. Will all installations still be handled in a single transaction with all dependencies resolved?
siveloss_fan: see the conversation at
sivelusing with_items on package manager tasks, is probably the wrong way to do it, directly giving `name` a list, is the better way
CamusenseiHello just passing by as a courtesy, 'erratic' ( would like to be unbanned (he won't try to offer his services without authorization). Feel free to ignore me if you think I'm not supposed to help him.
agaffneyoss_fan: installing multiple packages at once and dependency resolution *shouldn't* be related, unless the packages you are installing have "bad" dependencies
CamusenseiHave a nice day, and you'll maybe se me come back in a year or so when I will switch to ansible :)
agaffneyat least he didn't just try to evade the ban
tgerczeioss_fan: as sivel said, if you use with_items, you'll basically invoke the package manager multiple times, whereas giving a list to name for a single package module will have your list passed on to the package manager in a single call which ought to process and handle all deps
oss_fansivel/agaffney: I see what you mean now - dependency resolution should of course be handled by the package mgr itself, so there should be no need to call out dependencies manually.
agaffneyoss_fan: aside from that, doing 'apt: name=["foo", "bar"]' is functionally the same as using 'apt' and 'with_items' together
tgerczeioss_fan: that said I've done the iteration method as well with specific named packages in order of dependency when I had to network connectivity to a repo, only a bunch of package files at my dispoal
agaffneyfor modules that support the automatic squashing
tgerczeiso it boils down to your use-case, really
tgerczeiwhen I had no network connectivity*
tgerczeisorry, flu impact
agaffneyoss_fan: and doing 'package: name=["foo", "bar"]' should work fine once it passes it to the underlying package manager module
sivelI'll likely work toward adding a deprecation notice to tasks that would use squashing in 2.7
agaffneysivel: that may just serve to confuse the (probably) greater number of people who are utilizing the squashing without even realizing it
sivelagaffney: well, we plan on removing squashing, so we have to deprecate sometime
agaffneyI just meant the deprecation notice, not the actual deprecation
agaffneybut that's probably the case for most deprecation notices
sivelI think the wording is important, in all deprecation notices
sivelgetting that right, will make it less impactful
sivelhopefully my deprecation for using tests as filters (e.g. |failed) in 2.5 is helpful in understanding
oss_fanSo as someone who's getting more into Ansible, I should avoid using squashing and expect it to be unavailable entirely at some point? Which is to say any with_ looping will always call the invoked module multiple times, right?
oss_fanSorry - working to keep pace with the conversation here (by the way, the referenced discussion helped, thanks sivel).
siveloss_fan: well, deprecations take a long time. If it's deprecated in 2.7 (release in about 1 year), it will be gone in 2.11 (release in about 3 years)
sivelrough ball park figures
oss_fanThat makes sense, sivel.
oss_fanbtw - thanks so much for the prompt and in-depth help! Best IRC experience I've had so far. Hope I can help with something in return.
agaffneyoss_fan: in general, it's "better" to avoid implicit features in favor of explicit ones
oss_fanagaffney: That makes sense, and is a good reminder. I appreciate the reminder. :)
tinitaingy: what about: foo: {{ prefix }}/path
tinitasounds like that can't be patched the same way
agaffneyzamolxis: you can, but it won't work in the same 'set_fact' task like that, and it would be {{ lookup("pipe", "echo " ~ vartest ~ "_" ~ ext) }}
ingytinita: yes it only works with valid yaml
tinitaingy: also: bar: "{{ 'foo' + foo }}"
zamolxisthanks, agaffney. is there any place I can find more info about that tilde expansion?
agaffney~ is just the jinja operator for string concatenation. you can generally also use + there, but it doesn't work "out of the box" when both sides aren't strings
tinitaingy: {{ 'foo' }} would end up as "{{ foo }}"
zamolxisthank you
ingytinita: true, but why would you do that? :)
ingyI think even if you can solve the common {{foo}} and {{foo | bar}} cases it's a good thing.
ingyalso thinking on a patch to give better error messaging for such things...
ingytinita: how's the \' stuff sorting out?
tinitaingy: didn't get any more feedback on it
tinitaat least it's now mentioned explicitly in the docs (when the docs will be live)
ingyI hope in general we can get the legacy nonsense out of yaml 1.3 without finding out production depends on it
tinitawe can write a 1.1/1.2 -> 1.3 converter
ingya general schema-x to schema-y converter would certainly be valuable.
tinitamy parser would be able already to replace yes/y/no/... to false, at the token level
tinitaso all formatting and comments will be kept
ingybcoca: I get 11 `make tests` fails on stable-2.4 on OSX on python-2.7.10. Here's a gist of my test script and output:
ingyWith fail info starting here:
ingyI'm heading out for some fun in the sun (cycling vacation in sunny Arizona), but will check back later, and make that PR...
naftulikayIs there a recommended way of a lookup and rendering of another template?
naftulikayI'd like to replace the file lookup with a template rendering
EverspaceHow do I guard against things like really long git pulls and timely syncs in loops? I've found I still end up going "unreachable" even with retry and such.
agaffneyEverspace: afaik, UNREACHABLE should only ever apply to the first SSH connection that creates the temp dir. a failure after that should show up as MODULE FAILURE, or just a "failed" task
agaffneybut I'm not absolutely certain about that
agaffneyand retries/until will only apply to expected failures
agaffneyEverspace: it's possible that 'ssh' is dying unexpectedly during long operations due to a NAT firewall somewhere in the path
EverspaceIt should just be me to AWS
EverspaceAlthough this connection I find is hella flakey
agaffneyyou don't have a device doing NAT between you and the internet?
EverspaceThere's a home-grade router
agaffneymost NAT firewalls have some sort of idle timeout on connections before they get evicted from the NAT table, and a long-idle SSH connection can trigger that
agaffneyyou can try using SSH's ClientAliveInterval (and friends) options to avoid that
EverspaceWill give that a whirl agaffney in the ssh_args of ansible.cfg
Everspacefor ansible.cfg can you break lines with \?
FlorianKI am trying to use ansistrano.deploy to deploy my app to my webspace with ssh. It seems that ansible can connect to the server, but it can not create its temp folder. I changed it via remote_tmp parameter to a writeable position. I am able to create the folder with the given debug output. Whats wrong? I do not have root credentials nether do I have sudo rights
FlorianKlogs are here:
agaffneyEverspace: it's INI, so it's whatever python's INI parser (ConfigParser?) supports
Everspace"Values can span multiple lines, as long as they are indented deeper than the first line of the value."
EverspaceBut the question is does ansible do something like .strip().replace('\n', '')
FlorianKDoes ansible absolutely need sudo? I don't think so!
agaffneyFlorianK: nope, only if you are performing operations that need root access
agaffneyyou can use it entirely as a non-root user without sudo, as long as everything you want to do can be done by your non-root user
FlorianKhmm strange, why can't it create its temp folder then? :/
agaffneyFlorianK: check for something like selinux getting in the way
FlorianK'ESTABLISH CONNECTION FOR USER...' that means the connection is up right?
agaffneyFlorianK: "exited with result 2, stderr output: umask: 1: umask: Syntax error: Unterminated quoted string" <-- actual error, not permissions
agaffneyI see no obvious error in that string. what is the default shell for your user? it may be interpreting the command incorrectly
FlorianKseen that, wasn't sure about its reason...
FlorianKGNU bash, Version 4.3.30
FlorianKif I copy the command and run it manually, the folder will be created as expected
naftulikayI am trying to load a template relative to the same template:
naftulikayI get a file not found
naftulikaywhich shouldn't happen
EverspaceSo yea, I get "failed: [ip] (item) => {unreachable: true}" that gets followed up with UNREACHABLE!
Everspaceagaffney: The most infuriating thing is that it succeeded at doing the command I told it to do (stdout is in full glory).
mmercercan anyone think of a way of disabling a single variable at time of execution? like overriding a group_vars/all/access.yml ( which has a specific public key for a given environment ) ... i have yet to come up with a way past this
agaffneymmercer: what do you mean by "disable"? you can't completely remove the var, but you can override its value to something that you can detect/ignore
rewilliamshey is anyone online?
rewilliamsdoes the unarchive module copies tar file over and untar?
rewilliamsor does it have to be copied over first and then untarred with the remote_src option?
agaffneyit supports both. the `remote_src` param controls which
rewilliamsso if i use remote src then the file will need to exist
rewilliamson remote server
sivelrewilliams: yes
bkero-Hi all. I'm trying to use the haproxy module in, but am getting an error trying to drain hosts. "TypeError: 'bool' object is not callable".
bkero-This seems like it might be a bug.
bkero-self.drain is both a param and a method of the HAProxy class
bkero-Looks like there's a PR for this. How can I help this get merged?
agaffneybring attention to it in #ansible-devel or during a core meeting
bcocabkero-: change is backwards incopat
bcocamaking an additional choice and stressing its use in docs while deprecating the other ... that might get merged
bkero-bcoca: the backwards never worked afaict
bcocaalso note in docs 'version in which choices changed'
bcocafrom my read of the change, new wouldnt work either since you are just changing the names
bcocayou are not changing code
bkero-Ugh, that's true
bcocaer ...logic
bkero-I hadn't actually noticed that. Guess I need to open a new PR.
bcocachanging vars name is techinically changing the code, but you are not chaging 'program flow' so if drainging didnt work, drain wont work either
bcocabkero-: you can push to same PR
bkero-The var just needs a different name than the method
bcocadef drainit!
mmerceragaffney: its an interesting situation - i use packer to build images, and packer executes the playbook that places the very key that ansible is trying to use to authenticate, its a chicken/egg situation. the key cant exist until the image is built, but i cant build the image as long as the group var is defined
mmercersince the group var sets a keyfile that doesnt exist and overrides packer's temporarily inserted key
bcocayou can a)update group var, b) not use group var (lookup seems more apt for this case) c) group_vars are 'lazy loaded' in >=2.4 so you could set/generate before connecting to host
agaffneymmercer: an empty value doesn't work?
bcocaagaffney: shoudl be 'null value' ~
agaffneynull value isn't the same as not defined
bcocanot sure if empty would be ignored
mmerceragaffney, bcoca: see :
mmercerif the null value will work, i just supply it as an -e in this case or ?
agaffneyyou could, but you'd probably need to use JSON: -e '{ "ansible_ssh_private_key_file": ~ }'
agaffneyI'm not sure if ~ works in JSON, though
agaffneynull might instead, though
mmercerbut the weird part is that packer does already pass --private-key, id have thought that would have taken precedence over the group var, since its a cli option ?
mmercerand i thought those took highest priority...
agaffneyCLI options don't necessarily override vars for connection params
agaffneypeople commonly run into that with 'ansible_user' vs. --user
mmercerACTION nods
mmercerthats why i tend to just code all my playbooks with user: "{{ USER | default('some_user') }}" and specify user as a variable
mmercermuch easier to control that way, as well as predict
mmercerbcoca -- can you clarify how lookup would be different than group var in this circumstance and how it would be implemented ?
mmerceri hadnt thought to try something like a lookup, but seems interesting, if theres already a builtin method for the lookup, ill definitely give that a look
bcocalookups happen on specific consumption, group_vars happen during 'first access to host that has them' and get 'cached' after that
bcocaso varname: '{{lookup(x}}' executes the lookup everytime you use varname
bcocayou CAN have a groupvar that points to lookup
bcocait will evaluate to '{{ lookup string}}' when read initially, and only will run the lookup when evaluating that varname again in the specific context it is used in
bcocatest this now: '{{lookup("pipe", "date")}}
bcocato get a 'static' now, you need to save the value, like via set_fact: reallynow: '{{now}}'
bcocabut any use of 'now' will execute the lookup
bkero-bcoca: reading the pr again, it looks like the parameter content changes, the method name changes, but the parameter name does not change. That means there will no longer be a collision.
bkero-self.__init__ still does self.drain = params['state'], and the method is self.draining()
bcocamissed that, the 'logic' problem was 'name overloading'
bcocawait .. but then why was there conflict?
bcocaself.drain vs self.drain()
bcocabut thought you PR changed both
bkero-Nope, it does 'def drain()' -> 'def draining()', but __init__() self.drain does not change
bkero-It's confusing, but it makes sense, and the related issue has people confirming that it worked for them.
bcocai woudl still make a note of it in docs .. but seems a simpler change is just changing the method or var name internally, not the 'user facing' choice
bkero-That's true. I could open a separate PR for that.
zamolxishi all. any idea why this shell command is not working? it'a always returning "No such file or directory", but I'm not sure what it's referring to
zamolxisa previous wget command works fine
bkero-zamolxis: I think it's trying to interpret the whole command as the name of a file
bcocabkero-: more likely to get it merged in same pr
bkero-bcoca: I don't believe I can alter someone else's pr. I'd have to go make a PR to the original author and get them to merge it
bcocagithub added the feature, enabled by default
bcocaor do sep PR, as you wish
bkero-"You must be signed in and have push access to feature/rename_drain_state_to_draining branch to make changes."
mmercerACTION is testing the -e "ansible_ssh_private_key_file=''" to see if it works now... if it does, that might be the easiest solution given how I have built everything out so far
bcocabkero-: in both cases you need a github account
bkero-bcoca: I am logged in
bcoca@mmercer gtk, was not sure 'empty' would work
mmerceryeah... i dont know that there is an easy way of doing this via a lookup either, unfortunately
agaffneyzamolxis: remove the single quotes around the command
mmerceras from ansibles perspective, there is nothing unique about it being executed via packer or by me or any other tool
mmercerits just that when packer executes it, the group variable overrides the cli variable and creates confusion
bcocaworks as expected
mmercerit looks like 'empty' worked.... it just still doesnt authenticate... ( which is not an ansible issue at this point i dont think )
zamolxisagaffney: thanks!
mmerceragaffney, bcoca: ok.... so i unset the variable, and that does seem to work, however -- it does not preserve the --private-key that packer provides, which thus results in a failed authentication again
mmercerACTION REALLY hates that packer wrote this stupid proxy connection handler