Kim^JUsing ansible, how do I specify serial?
Kim^JOr do I just stick it in -a ?
jamielennoxis there a way to get the ssh host key out of hostvars or facts?
jamielennoxi want for example one machine to have known_hosts for all the members of a group from inventory
jamielennoxand it seems unnecessary to ssh-keyscan when i've got ongoing ssh connections to each of them
mjau^m!
jamielennoxah - got it
mihai_ansiblehow could I get the folder name of the folder I am running the ansible-playbook command from?
mihai_ansiblethank you!
mihai_ansiblehttps://pastebin.com/PvZ6SNja
mihai_ansibleso any thing I try gets the same result
mihai_ansiblethe playbook folder not the folder where I run the ansible-plabook command
bjolivotmihai_ansible: not sure it's possible
bjolivotit's not foudn in any registered var
mihai_ansiblebjolivot: cant we get the unix context somehow?
bjolivotare you able to change start command ?
bjolivotsomthing like
bjolivotCURRENT_PATH=$(pwd) && ansible-playbook myplaybook.yml -e "mypath=$CURRENT_PATH"
mihai_ansiblecan't I do a lookup for the envvar?
mihai_ansiblebut is a good hint
tumblea pipe lookup using pwd could also bring up something useful
mihai_ansible set_fact: run_path_folder="{{"{{ lookup('env', 'PWD') }}"| basename }}"
mihai_ansiblethank you guys
ansible-92758945do i get the group vars when i only talk to a host ?
hyperizedyes
bccI'm confused why this doesnt work: https://gist.github.com/bhcopeland/23226f1076917a259580eed05bbef149
bccnvm fixed it
hyperizedbcc: no quotes around mode :)
hyperized*the mode value
Guest98912what's the difference between ansible_connection=local and delegate_to: localhost?
ZhenechGuest98912, none.
Guest98912Zhenech: https://groups.google.com/forum/#!topic/ansible-project/HtBFDEol2K4
Guest98912why did he put both directives in there?
Zhenechask bcoca when he is awake?
kinlois there a way to put "--diff" in the ansible config file so it is always enabled?
bcckinlo: https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg look at very bottom of file
kinlooh, I couldn't find it on http://docs.ansible.com/ansible/intro_configuration.html
kinlothanks
bcckinlo: its a new feature
kinloso it wont work on older versions...mmz
bcckinlo: https://github.com/ansible/ansible/issues/16073
bcckinlo: will be out in 2.3.0
bccwhich iirc is at like rc3 now it something :)
kinlo:)
jhogarthanyone with merge privliges awake? I don't think ansibot listens to me but a someone has a PR to handle a security issue (avoiding CSRF forgery via crumb request) in my jenkins_script module, which is part of 2.3, which would be good to get merged. I've tested and it works fine https://github.com/ansible/ansible/pull/23250
hyperizedjhogarth: #ansible-devel :)
jhogarthhyperized, thanks
sdubeyI am running my playbook to install jdk7 and getting status is OK, but on system java is not in path.
hyperizedsdubey: Ubuntu by chance?
sdubeyYes, 14.04
sdubeymy playbook - https://pastebin.com/Ugi52rPy
sdubeyhyperized: any issue with ubuntu ?
hyperizedsdubey: ubuntu has a special way to handle paths to things like java
hyperizedyou'd have to update the alternatives
hyperizedone sec, let me find what we do
sdubeyupdate-alternatives java ?
hyperizedthat, or we do this: https://gist.github.com/hyperized/f3ffe72f01839401f9206a41322ab21d
sdubeyhyperized: got it, thanks for help
mushrushuis it possible to count keys or values in dictionary and use it as conditional?
turnip_surpriseSomething like {{mydict|length}} or {{mydict.keys()|length}} maybe?
mushrushuwill try, thanks
mihai_ansiblehi
mihai_ansiblegit commit -am "{{ commit_message | default('upates on {{ project_name }}' ) }}"
mihai_ansiblehow could I use the project_name variable value here?
hyperizedwhat?
Piesdoes exists something like "run_once per delegate host"? I'm trying to limit numbers of running handler with delegate_to. I have monitoring when I configure N hosts and every uses handler to restart icinga on master node via delegate_to. It makes N restarts, which is bad, so I can use run_once. Now it's good when I have one master node, but if I configure few sets and every have own master monitoring node
PiesI'll either restart every multiple times, or restart only one of master nodes.
hyperizedrun_once?
hyperizedhm
rcemihai_ansible: you probably want "{{ commit_message | default('upates on ' + project_name) }}"
akasurdeshertel, ping
Ove_I am trying to run a role on a local machine.
Ove_It is in a play that runs against remote servers.
Ove_If I use local_action or delegate_to it tries to log in on my machine.
Ove_Is there a way to get around that?
Ove_A third play?
Ove_Or post_tasks perhaps?
sdubeyi want to update my template file for value hostname in variable using "node_name : "{{ ansible.hostname }}"", But getting error : "msg": "AnsibleUndefinedVariable: {{ ansible.hostname }}: 'ansible' is undefined"
hyperizedgather facts?
sdubeyyes
hyperizedhave they been gathered?
sdubeyin my variable file i have - node_name : "{{ ansible.hostname }}"
sdubeyhow can i confirm ?
hyperizedif you run is there a task saying like 'gathering facts' or 'setup' ?
sdubeyhyperized: i don't see
sdubeyshould i write gather_fact = yes ?
Ove_It's not possible to use roles in post_tasks?
ZhenechOve_, https://docs.ansible.com/ansible/include_role_module.html
mushrushuif i have something like this https://paste.fedoraproject.org/paste/y9kyehCIgNArsd~5~N2ETV5M1UNdIGYhyRLivL9gydE= can i build a list2 to be like list1.*.key2?
sdubeyI have a template file in which i want to add remote host value. what is the right way to do ?
akasurdehyperized, can you point me how to print from plugin ? I want to debug a plugin.
tumbleakasurde, docs.ansible.com/ansible/dev_guide/developing_plugins.html#developing-lookup-plugins
tumblethe display thing
tumblealthough I think sivel did something recently to avoid this try-catch import, but depends on what version you are running, so this should probably work for you like it's documented there
kabadihello, how do i convert this: instance_ids= [u'i-0dsadadas2d2b6dba'] into asci inside jinja2 template
apollo13kabadi: this is asci
apollo13well a list of unicode strings, but…
apollo13what are you actually trying to do
kabadihow do i get rid of the u'
apollo13why would you wanna do that?
kabadibecause the u' is not a part of the instance id
apollo13kabadi: well it isn't anyways, that is just how python represents strings in debug output
kabadii write this to file and when i "cat" it i see the u'
apollo13this beeing what?
apollo13it is a list, so iterate over it and write the individual values instead
kabadii write this to a file. when i open it this is what i see
kabadiok then i will ignore it. thanks
bob_cheesey_hi guys, i want to run a script with the command module, but I want to fork it to run outside of the SSH session (as it will intentionally kill ssh when it runs)
bob_cheesey_what's the safest way to go about doing that?
andolbob_cheesey_: How about let ansible define it as an at job?
turnip_surpriseyeah, i't consider that as well: https://docs.ansible.com/ansible/at_module.html
kabadiapollo13: I have this line: content: "created_instance_ids={{ ec2.results | sum(attribute='instance_ids', start=[]) }}"
akasurdetumble, thanks I will try that
apollo13kabadi: that will result in a python list to be written to the file. you have to iterate over it
bob_cheesey_andol: that would work - schedule it for a minute in the future and then have wait_for delay for a minute extra
bob_cheesey_thanks!
sylrHi, I would like to transform a dict into a string
sylrSomething like:
sylr",".join([ '%s:%s' % (key, value) for key, value in d.iteritems()])
sylrIs it possible with builtin filters ?
jtannermorning
jtannersylr: you might want to take a look at the with_flatten filter
grealishhi, anyone know awk well here?
grealishi'm trying to using awk -F and NR>1 in a argument together
jtannersorry, i only use -F and $NF
jtannertry a more general linux channel ... #rhel maybe
sylr@jtanner All right, thank you
jtannersylr: you doing that inside a template or inside a playbook?
sylrinside a playblook
jtanneri'm trying it out locally
sylrjtanner: I'm not sure about with_flatter, it seems it is to iterate over multi dimensional arrays, I really want to make a string out of a dict
jtanneryeah, i figured ... that's why i'm mucking around
jtannerone day i'm going to have to take a test and this example will make me fail =(
jtannerit's inevitable
sylrI've got :
sylr{% for key, value in splunk_clustering.site_search_factor.iteritems() %}{{ key }}:{{ value }}{% if not loop.last %},{% endif %}{% endfor %}
sylrIt works but seems way overkill ...
jtanneryou put that in a playbook?
sylrjtanner: Also would you know if it is possible to have several pulgins dir declared ?
sylrjtanner: If I want to write my own filters I'd like to ship them with the project
jtannerhttp://docs.ansible.com/ansible/playbooks_best_practices.html#directory-layout
sylrjtanner: nice
sylrthank you!
jtannersylr: i gave up =( https://gist.github.com/jctanner/51e4709ed121f5b5c2fba22350245edd
jtannerdoing it in python was easier
sylrjtanner: Thanks for trying :)
opvhi everyone, i'm in need of assistance. do not have much ansible knowhow, but i've been working with puppet in the past. with puppet it was possible to define various environments for the servers, which could then be linked to a corresponding git branch. is there a similar thing in ansible?
Spauldingopv: ?
Spauldingbut here you have group_vars
opvSpaulding: a concrete usage example: testing a new function. i push it into the git staging branch, set the servers i want to test it on to staging, and run puppet. do i understand correctly that i would have to temporarily insert a server in the "staging" group? (as opposed to running something like ansible --environment=staging)
Spauldingopv: so... basically you're right
Spauldingyou would have to put your server into "staging" group
Spauldingbut basically it would be better to spawn vagrant/vm and check your playbook :)
Spauldingor even docker (depends what playbook you have)
Spauldingbut i never heard of having different branches for different env
opvSpaulding: well, makes sense to have at least one git branch for test and one for prod
Spauldingbasically, if you have few env - then staging might be treated as test
opvthat's what i mean.
Spauldingor... if you want to check your playbook you can run it with -DC :)
opvi've just inherited this small ansible installation, it's thankfully not very complex yet. am i correct in the assumption that it is a masterless system?
Spauldingexactly
Spauldingthere is no client
Spauldingeveryone can run playbook from his machine
finsterwhat puzzled me most when migrating from puppet to ansible is that there are no define-like constructs in ansible
opvi do prefer the yaml syntax to ruby
Spauldingopv: basically the good idea would be to read that: https://docs.ansible.com/ansible/intro_inventory.html
Spauldingand focus on that: "As an advanced use-case, you can create directories named after your groups or hosts, and Ansible will read all the files in these directories. An example with the ‘raleigh’ group:"
ansible-92758945what would be sensible way to get an ansible_managed ascii art header ?
opvSpaulding: many documentations i've read reference the group_vars folder (which i don't have yet), but none reference the host_vars folder, which i do have
opvdon't tell me it's deprecated
Spauldingit's not deprecated
Spauldingbut basically host_vars... it should be use often
Spauldingcause basically your env should be consistent
Spauldingit should NOT be used often ***
Spauldinglol...
opvyeah, everything should go in groups unless it's really hostspecific like IP or hostname
mushrushuis there a way to group_by quantity of matching condition? hostvars[inventory_hostname]['ansible_devices'][item]['rotational']|match("0")
sylrquit
opvcd
mushrushunot just condition itself
love_ansibleA quick question, what does invocation variable mean?
AikiLinux does ec2_facts over-ride the regular gather_facts directive ?
AikiLinuxhow can i combine the variables for ec2_facts and the gather_facts to be used in the playbook ? i am trying to use ansible_os_family but the ec2_facts does not have that variable
indistyloI am using ansible for ssh automation, I am getting this weird stderr error while executing vagrant up, error is posted here: https://pastebin.com/ZhEyWxyn , my vagrant file & ansbile is: https://github.com/arunsingh/sshautomate/blob/master/Vagrantfile, any suggestions to fix, why its happening?
asydnot related to ansible
indistyloasyd, ok thanks
gredosnot varant either, it's a virtualbox error - try booting the base image interactively
asydwell VT-X is not availab.e
gredosyea, virtualbox lies about that sometimes
gredosbut definitely check that first
gredosare you running vagrant inside an already virtualized machine?
gredoscause... this is one of those scenarios where you can't go turtles all the way down
Kim^JWhen writing tasks, what's the recommend way of writing them? Using > (string) or native YAML to get a dictionary? Pros/cons?
agaffneyif you are going to do multi-line, just use the YAML format
agaffneythe key=value format has a tendency to be misparsed, and YAML is mostly necessary for "complex" values, such as arrays/dicts
Kim^JGreat, thanks.
gormuxhi all
gormuxi'm trying to do something like when: var is defined and var.stdout_lines|length > 0
gormuxbut it fails because var, if not defined, has no stdout_lines
gormuxwhat would be the correct way to do this ?
raktajinosounds like var is a registered variable
agaffneyyou probably want 'var.stdout_lines is defined', as a registered var will almost always be defined, even if the task is skipped
raktajinoyeah what agaffney said
agaffneyor 'var is defined and var.stdout_lines is defined and var.stdout_lines|length > 0'
agaffneyto cover all possible cases
Kim^J(var.stdout_lines | default([])) | length > 0 ?
agaffneythat could work, as well
agaffneyexcept in the case of 'var' not being defined at all :)
agaffneywhich would probably only happen when skipping tasks using tags
gormuxagaffney: it works, thanks
hatTipgood morning #ansible
bjolivotmorning hatTip
ChrisWihatTip: you had already breakfast ?
hatTiphaha. i haven't and neither have the dogs!
hatTipchriswi: they eat first. so i need to go feed them
hatTipmorning bjolivot
ChrisWihatTip: who let the dogs out ... :-P
hatTipChrisWi: the answer to that question needs to be, hatTip
hatTipit's 9:44 and they are probably crossing their legs right about now
ballisonSo I'm having this problem with ansible -> https://pastebin.com/raw/UHsKDRF0
ballisoni'm running a playbook against a host and it works on first task, and then the next task it fails with SSH error. same host.
ballisonand if i run that exact command from the command line it works.
ballisonbut from inside ansible, it fails.
ballisonwhat gives?
ballisonanyone see this problem before?
ballisonno one here?
ChinnoDogballison: Looked at your pastebin but I don't see anything obvious. Does the same thing happen if you disable fact gathering?
ballisonhow does one do that?
ChinnoDogIn the play -> gather_facts: false
turnip_surpriseballison: I've had a firewall block me after multiple connections, looked like brute force attempt so shut it down after x connections
ballisonbut it works from the command line
ballisonChinnoDog: no change with gather_facts: false
ballisonstill bombs on that task.
turnip_surpriseballison: also if you do it 10x from command line? i remember searching for that one for a while, thinking it was related to the task, when it was simply cutting of like every 5th connection in a minute or so
ballisonif i comment out that task, it moves on and connects and does the rest.
ballisonthere must be something wrong with that task.
turnip_surpriseballison: oh, ok, no more ideas than, sorry :)
ballisonbut what's weird is this works on other destination servers
ChinnoDogWhat is the task in question doing?
Slashmanhello, any python module needed to speed up the ssh connection of ansible? I have a dev machine (fedora 25) that have a lot of python modules installed, and ansible connects super fast, but on 2 other fedora 25 in the same network, there is a 30 secs delay before the connection is established... I'm strugling to find which module does the trick
ballisonhttps://pastebin.com/raw/DzetDJu1
ballisonit's just shell'ing out a /etc/init.d/ service stop
ballisonfor this homegrown app called "quest"
ballisonshell: /etc/init.d/quest stop
ChinnoDogWhy did you use shell instead of the commented out service module?
bjolivotballison: become: true missing ?
ballisonso it's only bombing on the shell module
ballisonbjolivot: this works on other servers... not this one.
bjolivotSlashman: allready saw that, it was ipv6 dns timeout or something like this
ballisonbjolivot: what does "become: true" do?
ChinnoDogWithout knowing anything about the service I'm guessing that the service is presenting an input prompt or something unexpected.
ballisonChinnoDog: Unknown. I didn't write the playbook. I'm just trying to figure out why it's not working for this one host.
ChinnoDogThe fact that the service module is there but commented out suggests that it isn't compatible with the service module, providing more support to this possibility.
ballisonlet me try switching it to service, but i'm sure there's a reason they did this. OH - if stop doesn't work (because let's say it's hung) would that cause this error/
Slashmanbjolivot: dns resolution is instantaneous as far as I can tell, also the managed network doesn't use IPv6
ChinnoDogyup
bjolivotSlashman: if you want to know tcpdump to see what's happening just after 30s wait
ChinnoDogballison: Option 1: Fix the service wrapper. Option 2: Run the command without regard for the output. Either run it async and assume it worked or detach it from the terminal in the command.
Slashmanbjolivot: already did that, no ssh connection happens before a wait time of 30 seconds
ballisonChinnoDog: thanks. that was it. the service is hung/broken on the remote box. which explains why it's not working.
ballisonthanks everyone for helping.
Slashmanbjolivot: but I had to filter by destination managed node to see something, those are workstation with busy network activity
Slashmanusing -vvvvv, I only see "Using /home/user/.ansible.cfg as config file" then nothing for 30 seconds
Enphuegojust need a quick point in the right direction. I'm pulling data from a wiki where the information is stored in a text file on the server. How do I get the contents of that file into a variable in my playbook?
gormuxhum...
raktajinoEnphuego: probably some variation of get_url + register
gormuxfrom ansible.module_utils.vmware import get_all_objs, connect_to_api, gather_vm_facts
gormuxImportError: cannot import name gather_vm_facts
gormuxwut ?
gormuxin module vmware_guest
gormuxannyone using it ?
Enphuegoraktajino why use http when I can just pull from a text file?
raktajinooh, its on the same server? command: cat file + register
raktajinomaybe there's a prettier way but that's how i do it
Enphuegoit's a windows server :(
Enphuegono, not the same server but I was just going to use delegate
raktajinoall informations i could have used initially >.>
Enphuegobut good idea though I could use powershell to just pipe it to standard out
sivelEnphuego: slurp+register
sivelthat will get the contents of the file into a var, encoded in base64, then you can use somevar.contents|b64decode to get the decoded contents
Enphuegodoes slurp work on Windows?
Enphuegocan't tell in the docs, guess I'll just have to try it. Thanks all I have some good ideas now
sivelhrm, I guess not
sivelis there `cat` in powershell, could you do `win_command: cat somefile` ?
siveloh, there is a windows version of slurp
sivelStill just called `slurp`
sivelSo that should work
lieterlright, I gotta go play DnD, see you tomorrow!
EnphuegoI'll probably do Write-Output <textfile> and register the output to a variable
lieterEWIN
Enphuegospend like 15 minutes figuring out how to cat a file in powershell, finally just try cat, it works :(
defionscodeEnphuego: it's interesting how many ba/sh-like things powershell has in there
gforsterHaving an issue with variables. Full question is here - https://pastebin.com/mtLYpQyW
r04rany way to get delegate_to to work with similar syntax as the playbook hosts command, while also obeying --limit?
r04rim using delegate_to: "{{item}}", with_items: "{{groups['app']}}" right now, but that does not respect --limit
ChinnoDoggforster: You forgot the second parameter of with_nested
r04ri would like to use something like project:&app as the delegate_to argument
gforster@ChinnoDog - If I do {{ user.validator_subdirs }} it complains that list object has not attribute
Asarais there no way to access softlayer tags using the softlayer.py dynamic inventory?
Pavoanyone have a common way to install MySQL and add database users with ansible? I can get MySQL to install but getting errors when adding a database user https://pastebin.com/wuLUR07G
raktajinoprobably lots of roles on galaxy
asydPavo: well the error is explicit
Pavoyeah I see what it saying but don't know how to come about it
Ove_http://dpaste.com/1M7JAET I have that play.
Ove_But I am getting an error about item being undefined.
zuityrHey so I'm running into an issue where during module execution the ansible module fails on a GET request. The get request returns the proper response; however, the module still fails. I've tested the exact same code in the python interpreter and it works. Commented out the code and the module works. Is there any known bugs related to this issue?
Enphuegozuityr are you using uri?
gforsterI hope this brings clarification to my issue with using vars https://pastebin.com/QZBVnHF4
gforsterIf anyone can help, I'm super appreciative
zuityrNope we have client that we are passing everything off to which is handling all of the request
zuityrall that is returned is a JSON response; though the actual requests are seen by ansible in debug
ABondGood morning could someone please direct to me the documentation about how filters work on the command line... Example: I'm trying to get a specific mount information from facts. When running ansible -m setup host -a 'filter=ansible_mounts' I get the entire array. Would there be a way to filter that down to only /var?
Enphuegoif the response is correct, then I'd set failed_when with your own tests
Enphuegothe uri module is pretty good for GET requests though
Enphuegohow are you passing off the request? command module?
EnphuegoNot sure what I'm doing wrong here, but I suspect I'm using search wrong https://www.irccloud.com/pastebin/G7vr0aUG/
zuityrThanks I'll check it out that error handling
EnphuegoIt's supposed to take the lines from stdout before, find the line that contains '[services' and then return it to me
root_of_evilis there a pattern for coiterating two lists? im trying to set up monitoring by iterating through each group, and then each host in that group. i tried this: https://pastebin.com/MBvLAgtr but no luck as item doesnt appear to be defined in time.
EnphuegoI've never done it before, but why not use another with_nested?
root_of_evilenphugo thats what i tried
root_of_evili think its not working because i need to use the first list to get the contents of the second
flowerysongEnphuego: [ is special in regexes. Try '\\[services'
Enphuegoflowerysong that did the trick
flowerysongroot_of_evil: Is there a reason you're not just iterating over all the hosts?
gileswcan anyone recommend a apt role?
gileswi'm looking for something that handles apt when distos go EOL
raktajinoprobably lots on galaxy
agaffneygilesw: what exactly do you mean by "handles apt when distros go EOL"?
gileswthe src urls change when a distro goes eol
rodolfojcjhello everybody
rodolfojcjis there an equivalent to https://docs.python.org/2/library/os.path.html#os.path.join in Ansible and/or Jinja2 ??
root_of_evilflowerysong: id have the same problem, hosts are members of multiple groups, so id have to iterate over their membership lists if i did it taht way
gforstertrying again. could really use some guidance - https://pastebin.com/QZBVnHF4
agaffneyrodolfojcj: there's the |join() filter, but I don't think there's one that picks the correct path separator for your OS. it would need access to ansible facts to make that determination, and I don't think filters work that way
Fluorgforster, http://docs.ansible.com/ansible/playbooks_loops.html#id15 should help you (the looping over hashes part)
rodolfojcjagaffney: ok. Right now I'm typing my dir paths carefully, but I would like to have something that takes care of that. Thanks anyway!
agaffneyrodolfojcj: if you can determine your path separator yourself, you can just do |join('/') or similar
flowerysongroot_of_evil: If you gave a more complete example of what you're trying to do we could probably suggest a better approach.
Enphuegogforster the error you are getting about 'args' has an invalid value means that you are using dict operations on a list
rodolfojcjagaffney: ok, I could. And how could I avoid repeating the ending OS separator when joining the parts ?
gforsterEnphuego - what is the correct approach?
Fluorgforster, http://docs.ansible.com/ansible/playbooks_loops.html#id19 might also be relevant
Fluoror more relevant, rather :)
EnphuegoI don't know, it's just that the error is kinda confusing and I know that I'm using dict operations on a list when I get it
Enphuegoso then I google "ansible list <what I'm trying to do>
gforsterI can get a single subdir variable if I do item.validator_subdir[0], so I know i'm close...just can't get it to iterate for both. I guess I can break each one out as it's own task
gforsternot as slick as I would like, but will work
boomerIs there a way to have the file module recurse and set modes on just directories and not the files in them? i.e. I want to basically make a dir and all subdirs g+ws, but skip the files in them
agaffneygforster: the problem is that you are creating a list of dicts under the 'users' variable because of the hyphen
agaffneyand then trying to treat that list like a dict
Enphuegogforster remove the first "-"
Enphuegohttps://www.irccloud.com/pastebin/OXwgeAqX/
gforsterOh....now I'm seeing the light
Enphuegoso you had a list instead of a dict and that's why it was failing
root_of_evilflowerysong: https://pastebin.com/SzW09SV0 a little more detail. zabbix groups for both ansible groups are already created, i want to add graphs for the hosts of each group to that groups screen.
Enphuegois there a good reason why I shouldn't write playbooks that modify the host_vars files?
agaffneyEnphuego: not really, but I'd recommend that you track your files in git and have ansible commit to git after modifying the files
Enphuegooof but that will result in some odd behavior too
Enphuegolike oops accidentally committed this branch to prod
agaffneywithout it, you run the risk of a "bad" change to those files from your playbook breaking your host_vars files with no easy way to revert
EnphuegoI get your point, but I think I'll manually commit after I run it
agaffneyfair enough
EnphuegoIt's really something I'm not going to run on a regular basis and it's pretty obvious that it's changing my environment
ssbarneaAny idea on how to avoid an exception in jinja2? http://stackoverflow.com/questions/43261835/how-to-implement-default-value-fallback-in-ansible-with-dictionaries
Enphuegoit's just a helper to pull in variables from the wiki data
agaffneyssbarnea: you need to use |default() for each "level" of the variable
flowerysongroot_of_evil: I'd probably write that like this: https://hastebin.com/esenidetow.sql (delegate_to is optional, but I'd normally run steps like that on localhost)
agaffneyor do something like {{ ( foo is defined and foo.bar is defined ) | ternary( foo.bar[12] | default(omit), omit ) }}
ssbarneaagaffney: .... and the results will look really horrible.
agaffneyssbarnea: it may look horrible, but it's necessary if you use nested vars and can't guarantee all levels are defined
bcocaagaffney: we need a default_tree filter
bcoca^ bikeshed on name welcomed
agaffneybcoca: it probably wouldn't work as jinja would fail on the 'foo.bar' part if 'foo' wasn't defined
bcocafilter can account for that
Enphuegois there some technical reason why YAML doesn't have block comments?
joshbennerAny recommendations on tools to facilitate easy/rapid testing of ansible roles during development?
bcocaEnphuego: good question for YAML spec
joshbennerI see a bunch of interesting google results, but I'm curious what people use.
raktajinovagrant
defionscodejoshbenner: I'm a fan of https://www.jeffgeerling.com/blog/testing-ansible-roles-travis-ci-github
Enphuegoin practice, I'm just applying it to production /shrug
defionscodebcoca: que tal compa?
bcocabien, hambriento ... todas las reuniones a la hora de comer
bcocatu que tal?
defionscodeps aqui nada mas, hechandole ganas al jale. estoy por mudarme a tejas in unos meses
Manu_Hey, Is there a way to have ansible read the name of files in a directory and load them into a list? My goal is to be able to drop device specific configurations into a folder, named after their destination host, and have ansible load them dynamically as hosts in the playbook.
agaffneyManu_: there's a few ways. you can do {{ lookup('fileglob', '/path/to/whatever/*') }} for files on the ansible controller or 'shell: ls -1 /path/to/whatever/*' or use the 'find' module for a remote host
Pavogrrrr this mysql user module is kicking my ass
Pavook docs say that when installing mysql the root user password is blank by default, but the mysql docs say that the root user password is generated upon on startup
Pavoanyone know how to retrieve this generated password using ansible?
agaffneyI think that behavior changed in a somewhat recent version of mysql. iirc, you need to extract that password from the logs
ChinnoDogIn my experience setting the root password depends on the distro. Some set a default. Others prompt you.
Pavook on CentOS 7 distro ChinnoDog
Pavoyeah I can extract the password manually using grep 'temporary password' /var/log/mysqld.log
Pavoon the machine but how can I do this and use that password to add new database uses using ansible?
ChinnoDogYou could use the command module grep the password the same way you just said. Probably want to set it to you root password of choice asap.
agaffneyPavo: http://stackoverflow.com/questions/42267299/ansible-install-mysql-5-7-set-root-user-password may be helpful. it seems that auth through the unix socket doesn't require a password
agaffneyit's been quite a while since I've setup mysql, and never through ansible
Manu_thanks agaffney
Pavoagaffney that works for deb based distros
ChinnoDogWriting passwords to logs and leaving unprotected sockets both seem like bad security practices.
agaffneymysql is full of bad security practices
raktajinolel
PavoChinnoDog ok I can use the command module but how do I take the password from the output and save it as a var?
agaffneyPavo: 'register: foo' and then reference {{ foo.stdout }}
Pavohmmm
Pavowill try that
Pavobrb
FrozenFireThis is probably more of a python thing, but is there a simple way to override certain ansible classes (e.g. ansible.module_utils.gcp) with a different copy of the file?
kaushalHi
FrozenFireI'd like to backport https://github.com/ansible/ansible/pull/22723 into my 2.2.1 installation
FrozenFireSeems contained to the one file, so should be simple enough
Pavoagaffney this is the output https://pastebin.com/1jfxJkZE
PavoI only need the last part of the output the y<+xkHAgN1Ad
kaushali have this file app-config.conf which has contents databaseServer: ....... and needs to be pushed to dev and prod environment
kaushalso in a dev environment databaseServer: dev.mysqldb.example.com and in prod environment it databaseServer: prod.mysqldb.example.com
kaushalAny help will be highly appreciable
Manu_Can you reference a device's changed count as an integer?
kaushaldo i need to use template of app-config.conf.j2?
kaushalI really do not have any idea how to create a template file
root_of_evilflowersong: needed a few more tweaks but that got me going, thanks
root_of_evils/flowersong/flowerysong/
Enphuegokaushal: you just put it in role/templates and then you can use variable names like {{ environment }} in the file
kaushalEnphuego: ok
Enphuegoso the file will basically be exactly the same except instead of dev.mysqldb.example.com it will have {{ environment }}.mysql.example.com
Enphuegomaybe use a better variable name than environment lol
kaushalEnphuego: ok
kaushalEnphuego: please give me a moment
ansible-92758945ok i am feeling dumb, how do i get the default ip of another node in a play ?
agaffneyansible-92758945: {{ hostvars['other_node'].ansible_default_ipv4.address }}
ansible-92758945agaffney: thanks , didn't get the ]. stuff
kaushalEnphuego: is this correct -> http://pastebin.centos.org/77516/
kaushalEnphuego: I am sure i am missing something
agaffneykaushal: templates are looked for under templates/, not files/
Enphuegoso move app-config.conf from /files to /templates
agaffneyand they should generally have a .j2 extension, but it's not required
kaushalagaffney: ok
kaushalEnphuego: let me correct it
Enphuegothen change serverName: testapp.example.com to serverName: {{ environment }}app.example.com
Enphuegoand delete the .j2 file you don't need it
kaushalok
Enphuegoin your playbook, you'll use set_fact to set environment
Enphuegoor get it somewhere else like group_vars or test_vars or -e "environment=test"
Enphuegosorry test_vars should have been host_vars
kaushalEnphuego: ok
ansible-92758945what does this mean : ? 'dict object' has no attribute 'ansible_default_ipv4'
kaushalEnphuego: my new pastebin is here -> http://pastebin.centos.org/77521/
kaushalEnphuego: please correct me if i am wrong
Enphuegolooks right to me kaushal
kaushalEnphuego: what about src: app-config.conf?
kaushalin roles/pushconfigfile/tasks/main.yml
kaushalis it correct?
agaffneyansible-92758945: it means you tried to do something like foo.ansible_default_ipv4 on a dict that doesn't have that attribute. more specifically, you probably tried to access that fact for a host that isn't part of the current play, or hasn't gathered facts in the current playbook run
Pavook finally got the password
EnphuegoI just don't see where you set the environment variable, but that probably means you put it in your group_vars or something which works great
Pavonow getting 'Your password has expired. To log in you must change it using a client that supports expired passwords
Enphuegokaushal yes, you don't need to specify a location, it will check <rolename>/templates/
kaushalEnphuego: i have not set either environment variable or group_vars?
kaushalEnphuego: where do i set it
kaushalEnphuego: is it in playbook?
kaushalEnphuego: apologies for bugging
Enphuegowhere you set the variable depends on how you use it...
Enphuegoa typical thing would be to create three groups in your hosts file [dev],[test] and [prod]
Enphuegothen you'd put your hosts in those groups
kaushalEnphuego: i do not have any thing in cat vars/main.yml
Enphuegoand in group_vars/dev.yml you'd put a line "environment = dev"
Enphuegosorry that line would actually be "environment: dev"
kaushalEnphuego: sorry i did not understood
Enphuegoare you familiar with groups?
kaushalEnphuego: nope
Enphuegoyou know what, for now, just put -e "environment=dev" on your playbook command
kaushalok
kaushalEnphuego: let me correct it again
Enphuegothat doesn't go in the playbook
kaushalEnphuego: you said -e "environment=dev"?
EnphuegoYou'll run it like this: ansible-playbook pushconfigfile.yml -e "environment=dev"
kaushalah ok
kaushalunderstood now
Enphuegoyou could define it in a whole bunch of places, but you'll have to spend some time with the manual to understand group variables and things like that
kaushalEnphuego: sure
kaushalEnphuego: is this final pastebin correct -> http://pastebin.centos.org/77526/ ?
Enphuegolooks right. Just use the spaghetti method to figure it out
EnphuegoThrow it against the wall and see what sticks
kaushalok
sjkI have a bunch of roles that use the 'package' module to install packages. Now I have a bunch of hosts where I don't want to use the "default" package manager (pkgng, for FreeBSD) but want to use portinstall (to build from source).
sjkIs it possible to do this without having to write new roles that specify "use: 'portinstall'" with every call to "package"?
AdirondackJackhello, can use python string functions on filters that return strings? like {{ IP | ipaddr('revdns').split('.') }}
AdirondackJackerr ^^ mean "Can I use..."
clueless42@everyone hello
clueless42when: nsd.stderr | version_compare('4.1.7', '>=') this is apparently always true
clueless42"NSD version 3.2.12\nWritten by N" matches it
clueless42should i put some {{}} or split somwhere
clueless42when: nsd.stderr.split('\n')[0] | version_compare('4.1.7', '>=') anybody knows why is this not working ?
clueless42when: nsd.stderr.split('\n')[0].split(' ')[2] | version_compare('4.1.7', '>=', true) this does , meeeeh crap
cornfeedhoboi hate ask for a "google interface", but I can't find any docs on using ANSIBLE_STDOUT_CALLBACK. can anyone point me in the correct direction?
cornfeedhoboasking*
cornfeedhobo... or maybe there is a better solution to getting concise summaries at the end of long playbooks?
Enphuegosjk there is a use: parameter in the package module, you could set that to a variable and put the variable=auto in your defaults and then override it in group_vars or host_vars
ZeroZeroZeroZeroHowdy- in the syslogs on the remote system, I noticed that the BECOME-SUCCESS entries have a seemingly random string of letters
ZeroZeroZeroZeroJust wondering what that is exactly
Enphuegois it better to install Tower on the same box where my Ansible install is or should I used a new server?
agaffneyTower needs an ansible install, afaik
agaffneyit may provide its own, though
smokywhen i use include_role w/ static: false, there are issues around variables when i nest an include_role using with_items in ansible 2.3
smokywhen applying a playbook to multiple hosts, variables referenced in the nested include_role that are defined in the with_items part get messed up (for example, it'll have host1 values when the inventory_hostname is host2)
Enphuegoright, I already have an ansible install, I'm just wondering if it even makes sense to install Tower somewhere else
Enphuegoscrew it, this is why we have snapshots
cornfeedhobo^
cornfeedhoboACTION whispers "do it live!"
cornfeedhoboagaffney: hey i see your name on most of these callback plugins, but not much for docs outside of the "developing plugins" page. looking at the source i don't see anything in the doc strings either. is there a better place to be looking? i'm not really sure what each one does ...
agaffneysmoky: include_role is still an alpha/preview feature. you should probably create an issue on github with a test case to reproduce
agaffneycornfeedhobo: there aren't really a lot of docs
agaffneythe existing callback plugins are the best reference
agaffneyalso, my name should only be on actionable.py, as that's the only one I've written
digitalw00tscreen -r weechat
digitalw00todd
cornfeedhoboahammond: ah, my bad. you are right. only on actionable.
cornfeedhoboagaffney: * ^
digitalw00tSCreen isn't refreshing
cornfeedhoboagaffney: am i understanding actionable correctly that it only displays tasks that are changed?
cornfeedhoboor, rather, are non "Ok"
agaffneycornfeedhobo: changed/failed, yes
cornfeedhobothanks
agaffneythe intent was to match puppet's output
agaffneyonly "useful" output
cornfeedhobohaha <3
cornfeedhoboexactly what i am looking for
bubo77Hey Guys quick question anybody know where can i find doc about to_nice_yaml available options? anything more then to_nice_yaml( indent=2, explicit_start=True, explicit_end=True )
nitzmahoneProbably just check the source
bubo77awesome :)
nitzmahonehttps://github.com/ansible/ansible/blob/6bad4e57bd28d7433e5144b60e57c8cf042ebb3b/lib/ansible/plugins/filter/core.py#L78
bubo77thanks will check what yaml.dump accepts
ZeroZeroZeroZeroNo ideas on what the random string is in the BECOME-SUCCESS syslog entries?
sivelZeroZeroZeroZero: that is a string used by ansible to ensure that ansible has successfully executed sudo/su/etc
sivelZeroZeroZeroZero: it is randomized on purpose, for that use case
gredosif you've got verbosity up high enough, you'll see a corresponding string in the log
ZeroZeroZeroZerosivel: thanks- what generates it?
agaffneythe code...
ZeroZeroZeroZeroI mean, obviously
sivelZeroZeroZeroZero: ansible.playbook.play_context.PlayContext.make_become_cmd
sivelrandbits = ''.join(random.choice(string.ascii_lowercase) for x in range(32))
agaffneyhttps://github.com/ansible/ansible/blob/devel/lib/ansible/playbook/play_context.py#L482
ZeroZeroZeroZeroawesome- thanks for the direct link
ZeroZeroZeroZerowhat's the purpose though>
ZeroZeroZeroZero?
Enphuegosigh my linux admins should just get rid of Satellite if they aren't going to do anything interesting with it
ZeroZeroZeroZerojust not sure how that ensures it worked
agaffneyprobably unique identification of the specific privilege escalation. why does it matter?
ZeroZeroZeroZeroI was asked by a colleague I'm training, I didn't have an answer
agaffneythe "echo BECOME-SUCCESS-fdfdsfds" command happens after the sudo, so if the sudo fails, that doesn't end up in the output, and ansible knows the become failed
ZeroZeroZeroZeroahhhhh
ZeroZeroZeroZeroThank you very much
ZeroZeroZeroZeroI know it's not important to the functionality but he was concerned that it might be some kind of hash
ZeroZeroZeroZeroAnd he's senior to me so I can't get away with handwaving ;)
agaffneywhy would that concern him?
ZeroZeroZeroZero¯\_(ツ)_/¯
archfhi there, anyone knows how to access list of notified handlers during runtime?
archfis there a magic variable for that?
agaffneyno magic variable that I know of. you could probably do it with a custom callback plugin
agaffneywhy do you need it?
archfwell i'm looking for the idiom of configuring a service, when you change config you notify handlers, but on the first run ever you can't use a 'restart handler'
archfand in that case you'd put a task in your role to start the service, but you would end up starting it twice
ZeroZeroZeroZeroI had something like that recently but i'm not wild about handlers for that kind of thing...
archfmaybe i overthink it...
ZeroZeroZeroZeroIf you have a failure and have to re-run, handlers can get you into trouble
archfwell, they won't be triggered if nothing notified them
ZeroZeroZeroZeroright but let's say something fails after they are notified
ZeroZeroZeroZeroon the re-run the handler won't run
ZeroZeroZeroZeroerr, after the notifying task runs but before the handler runs, that is
NoxzI am having an issue where a first connection to host via ansible-playbook will first unlock the ssh-key via passphrase, seemingly connects, but does not run my playbook (a raw command) but if I run the same command right after this failure, it seems to succeed in actually running it.. any ideas?
agaffneyany errors?
archfright, and for other uses, would have like to have a task that applies a state to a service only when no handlers are notified. That solves the handlers not notified issue you described, in that case i'd just rerun my role...
Noxzno errors, in fact it has a return code of 0 which assumes my playbook ran okay
Noxzputting in debug mode now to see if it gives any more info
ZeroZeroZeroZeroarchf: in my case this is an OpenLDAP configuration role. I have a task that greps the configuration to see if it's been handled for the first time, and registers the return code (ignoring errors). The other first time run tasks rely on that one returning a nonzero return code
ZeroZeroZeroZeroDef. not an expert though- it was less janky than the chained handlers I had before, though
archfyou have a good idea, i'll make a taks to start service that registers a variable and only run restart handler if no started there...
archfmany thanks sir!!!
ZeroZeroZeroZeroNo prob!
NoxzLooks like disabling ControlPersist fixes my issue
ZeroZeroZeroZeroAlso, speaking of ldap... Is there a way to preview the ldap modules from 2.3 in 2.2?
lambais it possible to create a single string from the contents of an dictionary style array in ansible ? so if vars.A=1 and vars.B=2 then do a loop or something which creates a string of "A:1&B:2" to use in a shell command ?
n0archwhat is the best practice for only running a blockinfile task when regex match is false. Currently, a first test is running a shell command and registering the result. then the blockinfile task will only run when the grep result is ""
n0archwe need idempotent but this is super hacky
Enphuegohas anyone done a Tower install? kinda lost. I unpacked the tarball to /urs/local/src but it probably belongs at /etc/ansible/tower? Is where I unpack it the end destination?
Enphuegoalso, what happens with this inventory file they want me to put passwords into?
raktajinoEnphuego: tower questions should go to support.ansible.com
smemshhello, i'm trying to prepend a line to a file with the contents of ansible_managed but that doesn't seem to get expanded by lookup('template', ...)
agaffneyhow are you trying to use it?
bcocalookup 'template' does not have access to ansible_amanged, that only works for template tasks
smemshoh, that explains why it says no such variable. i thought lookup('template', ...) and template: module ran same code just different way to interface with it
bcocathey do run same templating engine, not exact same code
bcocaas lookup does not worry about destiantion at all, executes locally and template is designed to update remote files
agaffneysame underlying code, but different "top level" code
agaffneyhttps://github.com/ansible/ansible/blob/ac43a1bbbc6b6571b099bd296e4a8ed7d00402c8/lib/ansible/plugins/action/template.py#L132
agaffneythe 'template' action plugin explicitly creates this var based on the string in the config
agaffneybut the lookup plugin doesn't have that code
agaffneyit technically could, though
agaffneyprobably
bcocait shoudl, it did in the past
bcocathough i would gladly remove ansible_managed
agaffneyI just wasn't sure if lookup plugins would have access to ansible.constants, but I guess there's no reason that they wouldn't
smemshhm, looks like it was shot down previously, #15044
n0archwhats the best way to make a blockinfile task idempotent
n0archlike if the block is already there don't add the block
smemshi'm altering files with 'replace', not templating them, but still want to warn off edits by embedding ansible_managed equivalent, i could fabritate my own i suppose
smemshfabricate rather
agaffneyn0arch: it already works that way by default
n0archo sweet, thx agaffney
agaffneyalthough, I'm not sure if it will work if the block was added outside of ansible and doesn't contain the header/footer lines
smemshi thought ansible_managed was ony bad when by default it changed every time? and that was going to be changed not to include date
smemshthere are other problems with ansible_managed?
smemshguess i'll have to make my own variable manually
bcocathe default setting doesnt include date anymore
bcocabut it can be added
smemshright so then what's bad about ansible_managed? you said you'd gladly get rid of it
bcocathe other reason i dont like is that it has a 'subtempate' language ... we dont need more, easy enough to create your own ansible_managed with existing template
smemshthat's true
agaffneybut I'm lazy!
bcocaand probably better, it also uses incorrect hashing
smemshbut then everyone has to :-)
bcoca^ hashes names, not actual file content
BugeyeDhi all. with around 220 target hosts, why would this simple playbook exhaust the 16GB of memory on the server running ansible? https://paste.pound-python.org/show/Do85YLqFxZ76xx0b1E3a/
misca bug, how does the inventory get specified ?
BugeyeDkinda puts the damper on doing any real work ...
rednerrusHow do I get an ec2 instance id?
agaffneyBugeyeD: that's only 75MB per host, which isn't all that unreasonable. however, I can easily do an ad-hoc ansible run against 4000+ hosts with forks=30 on a machine with 24GB RAM without issue
rednerrusI have - name: gather ec2 facts ec2_remote_facts: region: "{{aws_region}}" filters: "tag:Name": "{{instance_name}}" register: ec2
BugeyeDmisc: inventory typically gets produced via script which polls a spacewalk server, but the last time this happened it was using a text file containing the results of the last spacewalk poll
agaffneyrednerrus: probably something like {{ ec2.instance_id }}. you can do '- debug: var=ec2' to see all values available
miscBugeyeD: no hostvars or anything ?
miscBugeyeD: how much a simple adhoc command would consume ?
BugeyeDmisc: i do have group_vars, and they leverage vault. it didn't occur to me but those would be parsed even with this playbook that doesn't leverage any of its information
rednerrus@agaffney the ec2 then looks something like this "instances": [{ "id"}] so I need to go ec2.instances.id?
agaffneyrednerrus: ec2.instances.0.id, since the 'instances' attribute is a list of dicts with info about each instance
miscBugeyeD: is there anything in vault that would take much ressources ?
rednerrus@agaffney that comes back as ok: [localhost] => { "changed": false, "msg": "Hello world!" }
BugeyeDmisc: no; the largest thing there are 2 sets of ssh keys. but i'm sure whether vault might require a lot for some reason, i've never looked at that
agaffneyrednerrus: what does? you'll get that message from 'debug' if you don't provide a 'var' or 'msg' parameter
rednerrus@agaffney It worked! Thank you very much!!
chrchrHi ansibles. I am having a surprising problem with a changed_when https://gist.github.com/chrchr/25ef4ba998352670bebd24edacb346b8
chrchrThis is 2.2.2
bcocalooks like alembic_result is not defined
bcocanot sure why that is the cae ...
EnphuegoI dropped vmware_folder.py into my library folder, any reason why calling vmware_folder isn't seen as a task in my playbook?
bcocais your library folder adjacent to the playbook or set in ansible.cfg?
EnphuegoI just moved my playbooks into a playbooks directory
Enphuegoso maybe that's it
Enphuegothat fixed it bcoca thanks
Enphuegois something required in the module to support delegate_to? That doesn't seem to be working either and I double checked my syntax
bcocano
bcocadelegate_to happens in core
Enphuegohttps://www.irccloud.com/pastebin/EkEuNVNs/
lorddaedrahello) is it possible to run chain of 5 jobs in parallel (let's say, run docker containers with some scripts inside, which backup data from different sources to shared directory) and after all them complete run 6 job (compress directory, for example and save to storage), do it every day.. with Ansible Tower, for example...
EnphuegoThe error I'm getting is that python isn't found on the remote system
jkyleif I have a local inventory (or dynamic) and I want to query its state without ssh'ing into each host and running some command, how might I?
jkylefor example, I want to output host vars values but don't want to ssh in and run setup etc
Enphuegolorddaedra http://docs.ansible.com/ansible/playbooks_delegation.html
Enphuegojkyle gather_facts: False at the top of your playbook
bcocaansible -m debug --list-hosts
bcoca^ jkyle
bcocaEnphuego: do you have a localhost defined in inventory?
bcoca^ if so you might need to set ansible_python_interpreter
Enphuegoyes
Enphuegoreally? all the other delegate_to: localhost commands work fine
Enphuegoand I have a /usr/bin/python
Enphuegofigured it out
EnphuegoI had the playbook open in my text editor. The running version was the older one that I moved to my root ansible directory, and I was saving my new version to the old location.
Enphuegoso the delegate_to command wasn't even being written
Enphuegook this is just a terribly written module it's not even close to usable
raktajino7
joshbennerI've got a command task that's idempotent, but I cannot easily determine if it caused a change or not. In that case, do you let it always show changed, or let it always show ok?
raktajinocheck out changed_when
jybs_Hi all, is there any way to get non-sanitised command output?
jybs_As in, including {{ }} if they happen to be in there
agaffney{%raw%} or something like that both ends
jybs_So from a shell output
jybs_?
jybs_I want to run a bunch of commands, and I can't guarantee anything about the responses. I just want to be able to put them in a file on the Ansible server
jybs_agaffney: Maybe just not possible?
flowerysongjybs_: If I absolutely had to do something like that I would use the shell module and redirect output to a file, then fetch the file.
jybs_I was thinking of making a version of shell which b64encodes the response