agaffneyzoredache: if it's a fixed length, you can also do something like {{ var[0:4] ~ ':' ~ var[4:8] ~ ':' ~ var[8:12] ~ ':' ~ var[12:16] }}, but I'm not sure if that's less ugly than regex_replace()
zoredacheNot sure that is better. I was kinda hoping I could zip() or something like some of the more pythonic approaches. But this will work.
zoredacheI am trying to take a sha256 hash of the inventory host name, to generate a unique lower 64 bit of an IPv6 address.
EverspaceSpending my afternoon to learn colour escape sequences and also make a python spite converter and then overwatch and ff6 sprites for cowsay
mmerceryou want to learn about color, go write a mud =D
EverspaceOn my to-do list. It was fun enough just picking up Pillow :P
flowerysongzoredache: I don't love the look of it, but: "{{ foo | batch(4) | map('join') | join(':') }}"
mmercerspecifically, redo the color on a mud to take it from the legacy 16 color pallette to the more modern 256 or even the million color matrix =D
mmercermud coding == one of the best ways of learning a whole lot of things *not* to do with code
mmercerbut to be fair, they were more or less the result of college programming courses
EverspaceJust write a renderer for text, easy peezy
mmercerutf-8 or latin?
EverspaceI hope not
EverspaceI'm currently just escaping every pixel. I tried doing something like run-length stuff but it wasn't working out.
EverspaceLike "$g$g$g" to "$g \e[m"
EverspaceHow do you put a number into a uri module's body if you're trying to do it in yaml?
EverspaceEverything is a string unfortunately.
Mixer9When I create a network credential in Tower, how do I reference it in the playbook that the template uses?
Mixer9I have already created the credential and added it to the template, I just don't know how to reference it in the playbook.
Mixer9When I create a network credential in Tower, how do I reference it in the playbook that the template uses?
bcoca you might want to try #ansible-awx for that kind of question
kiranoshi I'm tring to get an ifstatement in template to work but cant really get it. I want
kiranos{% if variable == "test" or variable not defined %}
kiranosis the above statement possible with a correct syntax?
kiranosall examples are simple statements without if its equal with this or that
JustASlackerin python you would need to have the "is defined" part first
JustASlacker if variable is defined or variable == "test" should be ok
kiranosJustASlacker: a thanks
JustASlackerACTION bows
D-SpairHi all... I'm using Ansible/Galaxy/Ansible-Playbook and I'm having an issue getting ansible-playbook to recognize and use the roles/modules downloaded by galaxy. Could anyone help me figure it out?
_KaszpiR_D-Spair you can define path which holds roles downloaded from galaxy
D-Spair_KaszpiR_, I did... Galaxy is downloading the roles into `${PWD}/roles`
D-SpairAnd I used `ansible-playbook --module-path=roles/`
_KaszpiR_in my ansible.cfg in [default] I got: roles_path = ansible/roles:.galaxy
D-SpairBut ansible-playbook with `-vvv` is showing only the default module paths
_KaszpiR_and I order ansible-galaxy to download roles to .galaxy/ dir
_KaszpiR_while ansible/roles has my custom roles
agaffney_KaszpiR_: relative paths in ansible.cfg are relative to the config file (at least as of 2.4)
agaffneyD-Spair: you probably want --roles-path, not --module-path. those do different things
agaffneyD-Spair: however, ansible will automatically look for roles in a dir called roles/ relative to your playbook
varesa|Does anyone here use the vyos_config module? I'm having trouble with loading the config from a file
agaffneywhat kind of trouble?
varesa|it seems that the file should contain set/delete commands but only thing that works is lines without a command (like 'system login user me level admin'). If I try to use 'set system login user me' or 'delete system login user me' I get an error complaining about "lines must start with either set or delete"
varesa|and while the plain 'system ... ... ...' works fine for creating new config nodes I haven't figured out how to delete anything
varesa|my task is just vyos_config:\n src: templates/users
agaffneyI'm not familiar with the module or vyos in general, and the docs only say the file "can either be in bracket format or set format"
varesa|hmm, that might have been caused by an invisible character hiding in the config template
varesa|I created a slightly different test case which worked. Modified that to *look* exactly like original and it works as well
varesa|ugh, it actually breaks on empty lines in the source file? Goodbye readability :-/
shmem-ger then
ed-packetwaves hello
Guest82good morning
SmashingXis it possible to edit the visudo file adding a line with ansible?
miscthe visudo file ? you mean /etc/sudoers ? yes, it is
agaffneythe same way you'd add a line to any file
agaffneyor just drop a new file under /etc/sudoers.d/
miscbut if you want to add something (rather than edit), it is better to drop a file in /etc/sudoers.d/
SmashingXmisc: really? I thought /etc/sudoers file was the one I had to edit
agaffney'visudo' is just a helper command that lets you edit a temp copy of /etc/sudoers and then runs validation checks on it before overwriting /etc/sudoers
miscSmashingX: on newer distro, it is supported to do both
agaffneyto help keep you from shooting yourself in the foot
SmashingXagaffney: that new to me
agaffneySmashingX: the default /etc/sudoers on many distros ends with a line like "#includedir /etc/sudoers.d", which tells sudo to also evaluate all files under /etc/sudoers.d/
SmashingXagaffney: fair enough
SmashingXso now to add a new file is there any module in ansible or how can I do that?
agaffneythe /etc/sudoers file can possibly get overwritten if the 'sudo' package gets updated. the files under /etc/sudoers.d/ will not, except maybe for specific ones dropped by other packages
agaffneyyou probably want the 'copy' module
agaffneyyou can use the 'content' param to pass the content inline
agaffney- copy: dest=/etc/sudoers.d/new_file content="youruser ALL=(ALL) ALL\n"
SmashingXagaffney: thank you so much man
miscor you could make a 'expect' script that drive visudo with EDITOR=ed
agaffneyor you can use the 'lineinfile' module if you want to edit /etc/sudoers directly
SmashingXagaffney: I think I will use the copy module instead
SmashingXlike you said to avoid shooting myself in the foot
agaffneyno, I said the 'visudo' command helps avoid shooting yourself in the foot
SmashingXI don’t get what you are saying
agaffneyyou can as easily break sudo by dropping a file in /etc/sudoers.d/ as you can by editing /etc/sudoers directly
agaffneythe 'visudo' command runs something like 'sudo -v /etc/sudoers.tmp' after you edit the file and before it copies the new file over /etc/sudoers, to make sure there are no syntax errors
agaffneyyou can have ansible do something similar, but you need to tell it how to do so
agaffneyand he's gone....
miscI was wondering the same, would sudo -v somefile be able to verify the file ?
agaffneyit would be tricker with a file under /etc/sudoers.d, since you'd want to verify with the main file, which would require the temp file to already be under /etc/sudoers.d to get picked up, and it could already be broken
miscyeah, and IIRC, I also bumped into some selinux issue last time I tried that
agaffneyhmm, and the -v option doesn't do what I thought
agaffneyit looks like you need 'visudo -c' to do the checks
agaffneyand you can use the -f option to specify an alternate path for /etc/sudoers
fromzyhi all
fromzyI install ansible on ubuntu debian using apt but I don't have ios_config template
fromzythanks in advance for any advice
fromzydebian 8.5
andolIf you installed from the regular jessie archives I guess you would have gotten Ansible 1.7.2, which is too old to contain the ios_config module.
fromzyyes that is it
fromzyso it is better to install using pip ?
andolfromzy: Either using pip, or the Ubuntu PPA.
fromzythanks Andol. I have try this without success.
fromzyI'm going to try it again
fromzythanks for your help
andolfromzy: If it doesn't work this time either, feel free to highlight me in the channel, and I'll see what I can do to help.
fromzyThanks Andol. But when I'm stupid enough to launch "deb" in the console instead of adding it to the sources.list file, I don' t know if I have the right to post in the irc channel
fromzyIt works now
felon-degeneresafternoon everyone. what's the best practice for a use case where i want to run a backup script on ec2 daily? the script takes 4 hours to run. afterwards i want to terminate the instance. what are your suggestions for that? should i use the polling option ansible has to check for something? once the script ends, what's the best way to determine the instance id/name so i can terminate it?
fromzyBut I have tried to install using pip in a virtualenv at the beginning with issues with paramiko
felon-degeneresi have a lot of scripts that run once a day, would love to get a system set up that follows best practices
nicladasHi all, does anyone have some good pointers on using ansible with Hashicorp Vault for SSH private key management?
daniel-wtdfelon-degeneres: I think async/poll is your only option within ansible. Nevertheless, if the backup is taking longer then the defined async the play can trigger an error. Furthermore, ansible must check this the whole time. If something happens with the connection/the ansible host/the ec2 instance you will face errors, too.
daniel-wtdI dont know ec2 very well. In cloudstack I have the option to decommission vms and set hooks for the same, like triggering a backup/snapshot.
fromzyhi all
felon-degeneresdaniel-wtd: do you not recommend ansible for this then? should i use something like aws batch
felon-degeneresmaybe ansible isnt' set up for processing and more for just infrastructure
kripskrollI just install ansible using apt-get on Debian but I have connection issues with ios_config template
felon-degeneresi found a script on that starts an instance, stores the instance ID in memory, does a wait, and then terminates the instance
felon-degeneresinstead of wait i think i need to change it to poll
kripskrollwhen looking at ansible.log with debug active, I have the message that paramiko is not installed
kripskrollbut it is
Charminis there a variable in ansilbe that has date time in a spefic format
CharminI am trying to copy a script from my control machine to the target machine
Charminsrc=/tmp/ and destination is like /tmp/
Charminlike that
Charminhow to hold on to a variablre
Charmincurrently iam doing
daniel-wtdfelon-degeneres: Processing is ok, in a limited way. It is depending on many things like working connections. Anyway, there are ways to have veeeery long running tasks done. You can trigger the script (without polling, but it should write a lock file). In the next task you can poll for presence of the lock file. Even if the connection reaks or ansible crashes or whatever, the backup will be done and you can retrigger the tas
daniel-wtdk at any time
Charmindate_time= "{{ lookup(pipe, date +\"%Y%m%d_%h%m%S\") }}
felon-degeneresah i like that daniel-wtd. write to a file and have ansible check for that every 30 seconds or something
daniel-wtdfelon-degeneres: exact
daniel-wtdfelon-degeneres: you can also trigger the backup only, if the lock is absent
felon-degeneresi need to write this whole flow down
daniel-wtdor have a statefile with content like "prod/backup/decom" and check for this
felon-degenereswhat's a statefile
felon-degeneresi was thinking i'd just write "done.txt" to ~/
felon-degenereshave my python script write it at the end (assuming it doesn't crash lol)
Charminhow do you get the date time into a varaible in ansible
marques_Hi there - is it at all possible to use a different ansible_password for each host in a group for winrm connections? I am deploying EC2 instances and would like to be able to use the generated password rather than manage a shared secret password. Is this possible?
daniel-wtdfelon-degeneres: a statefile is nothing more ^^ your backup_script can create a file content="doing backup", when its done, change the content="done". Now you can have ansible checking the content of this file and avoid multiple triggering of your backupscript + destroy the instance, when its done
marques_(sorry got disconnected - not sure if anyone replied since then)
felon-degeneresdaniel-wtd: perfect that makes sense. thank you!
daniel-wtdfelon-degeneres: not a problem :)
daniel-wtdCharmin: with register ;)
daniel-wtdso you can trigger date and register the value as a new variable
daniel-wtdmarques_: You can use the host_vars/hostname.yml for this or even set he passwords in a vault or store it in inventory per host.
marques_daniel-wtd: thanks for the reply - unfortunately i can't predict the hostname to write a hostname.yml, nor do I necessarily want to write the password to disk. I was thinking of building a dict (public_ip => win_password) and looping over that to get the credentials.
daniel-wtdah i see
marques_daniel-wtd: forgive me if I misunderstood what you're saying if you addressed that already
daniel-wtdthats a tricky onw
daniel-wtdmarques_: nono, youre absolutly right :)
marques_daniel-wtd: and if the only option is to change the generated password to a known password across the instances, I guess I'll have to settle for that, but getting that working might be tricky. Setting the password via User-Data in cloudformation didn't seem to actually change the PW, so I suspect the password is set after the User-Data script runs on node creation
daniel-wtdmarques_: I think there are other possibilities. Fetching a password from an api and reuse it, shouldn't be a huge deal. But I don't have a "template solution" in mind currently ^^ Nevertheless its a good question, which I have to think about a bit.
marques_daniel-wtd: appreciate all your help :)
daniel-wtdmarques_: you're getting the password from the api and can store it in ram? (I dont handle the ec2, more the cloudstack guy) ^^
marques_daniel-wtd: I believe so. I'm able to decrypte the generated password using the private key and the win_password ansible module
marques_daniel-wtd: so I figured I should be able to create a dict using the item.public_ip_address and item.win_password while looping over the results of the API call
kripskrollI have issues with ansible when using network-cli. Paramiko not installed seems to be the issue as per debug logs : "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/", line 219, in _connect_uncached raise AnsibleError("paramiko is not installed")
kripskrollbut paramiko is installed
marques_daniel-wtd: and I was hoping to use the public_ip_address to set ansible_password to the value of the dict, per host. I'm open to other implementations as well though, in case building a dict and looping over it is a dumb idea :)
marques_daniel-wtd: I meant "if it's a dumb idea [to use a dict]"
daniel-wtdmarques_: Not always ^^ There are good reasons to do so, I think.
daniel-wtdIn my world, you want to create a bunch of machines, which are defined in your inventory (host1/host2/host3) and during the creation you will get the password. I think you can do something like: " 1. register: ec2vm.password 2. set_fact: ansible_password={{ ec2vm.password }}. As long as you are in the same run, the relation between host and its new fact will be kept. Gathering passwords from existing vms is more like the dyn
daniel-wtdamic inventory thingy ->
daniel-wtdwhen working heavily with ec2, I would suggest to dig into dynamic inventories anyway
marques_daniel-wtd: yeah, I'm using the ec2 dynamic inventory script :)
daniel-wtdehm ^^ and there is no way to have the relation from password to host in it?
daniel-wtdat least, i cannot see a "password" variable... meh
marques_not directly - Amazon generates a password and encrypts with your public key. I need to use the win_password module to loop over inventory and decrypt, and I can register the result. If I do set_fact ansible_password="{{result[host.public_ip_address]}}" for a given host, will that just work?
marques_daniel-wtd: I'm assuming I'd do set_fact within a host <group_name> block using with_inventory
kripskrollI found the cause. By doing import paramiko in python console, I saw enum was not installed
daniel-wtdmarques_: Sorry, Iwas reading the win_password thingy ^^ Neither ec2 nor windows are my thing. :p I would do it this way: Having a task, which is fetching the password from ec2 via win_password and registering this password, set_fact ansible_password="{{ fetched_password }}". This should work, I assume.
kripskrollBUT you don' t have to install enum and prefer enum34 to avoid errors in cryptography/x509/"
kripskrollI' m surprised to see that many dependencies are not installed when installing ansible.
kripskrollon Debian
kripskrollHave a nice night all
daniel-wtdkripskroll: you too
marques_daniel-wtd: no problem -- I'm not really a windows person either and really wish this was just an ssh-keypair :). But my client needs to deploy and host a windows native application, sadly. Anyhow, I will give that a shot. Thanks very much for your help!
daniel-wtdmarques_: If you have a solution, it would be awesome, if you can give me a query with a paste or so. Would be nice to see such stuff
marques_daniel-wtd: sure will :). I'll probably hack in this for most of the day - if you're on this channel often, I'll hop on and share a gist on GH
marques_but it might be tomorrow or later :/
daniel-wtdnot a problem
daniel-wtdyou can find me in github with the same name ;)
marques_daniel-wtd: cool -- will do
holmsanyone seen geerlingguy? He's gone for a month. According to docs his nickname is used in ansible-galaxy man pages, so he should be known here :)
holmsfor months* since october to be exact
daniel-wtdholms: accordinmg to github he was committing just recently (2 days ago)
holmshmm thank you
holmsseems to he is ignoring then all the references :(
daniel-wtdholms: maybe, or he is doing other stuff
A-poc7980anyone know why the ios network modules don't like varibles set before tasks but work alright if defined as a task with set_fact?