jlacroix | I'm hoping someone can help me with ansible-pull. I'm playing around with it to learn it in a test VM. It seems as though it requires an inventory file, because it works fine if I give it an inventory file (which only has 'localhost' in the file) but if I remove that, it complains about "no hosts matched" is it possible to use ansible-pull against localhost, and not have an inventory file? |
agaffney | jlacroix: what ansible version? modern versions have an implicit localhost entry even with no inventory |
jlacroix | 2.4.2 |
jlacroix | It basically tells me, no hosts found, and skips all the playbooks |
flowerysong | Do your playbooks target localhost? |
jlacroix | I think that may be my problem. I was using "all" |
flowerysong | In that case you should be able to do '-i localhost,' (note comma) to add an explicit localhost entry without a separate inventory file. |
flowerysong | Or just change to hosts: localhost, of course. |
jlacroix | Thanks guys, I can't believe it was that easy. I was working on this for about two hours yesterday, Googling like crazy |
bcoca | implicit localhost does NOT match 'all', but if you define it in inventory, it does |
jlacroix | By the way, thank you guys for all your work on this AWESOME piece of software. I truly believe you're doing God's work, and that's coming from an Athiest. ;) |
bcoca | no, we respond to higher authority, we are doing root's work |
jlacroix | LOL |
jlacroix | I've been addicted to Ansible for a few years now. It's made my life a lot easier. |
bcoca | that was the plan! |
jlacroix | I use it for not only DevOps but my own personal laptops/desktops as well. |
bcoca | he, same here, started as a user, then contributor, now employee ... |
bcoca | used it for work and home machines ... now i work on it |
jlacroix | Maybe some day when I get better at coding I'll contribute back to it some how. |
jlacroix | Do you use ansible-pull for home machines? I only discovered ansible-pull about two days ago |
bcoca | contributing takes many forms, verify bugs, write docs, submit issues ... |
bcoca | no, i used to for a satellite office i managed, their connection was only on when someone in office was there |
jlacroix | Gotcha. Thanks again guys, have a good night |
bcoca | gn |
jlacroix | Sorry to bother you guys again, but I'm having trouble with this playbook: https://pastebin.com/RCwayeDf |
jlacroix | I'm sure it's a simple, stupid problem on my end but it keeps complaining about line 9 |
jlacroix | Nevermind on my last question, it was looking for roles/ in the current directory and not the base directory as I wish it would |
Dan0maN | hi all. preface: i'm running EL7. i'm trying to perform a pip install of bigsuds for bigip_facts module dep. it is barking about upgrading the setuptools. when i attempt to upgrade the setuptools as described in the bark, it fails out. https://gist.github.com/anonymous/97d2dd31da5b4e9e83b9926b710368f1 |
Merry__ | pip install --upgrade setuptools |
pix9 | hey folks what module would be ideal for renaming directories file module or command module? |
winem_ | hi, does anyone have an idea how to gather the right python version automatically? I'd like to do something like `check $(which python)` and if available use that one if not check $(which python3) and if that returns 0 use that one. |
winem_ | but I have the common chicken egg problem here. how to do that without python? |
formanjo | Hello, is there anybody who can answer my question about usage daemonize from module_utils in my own module? |
meowtism | hey guys, im having a problem with ansible in that, my job gets stuck like this: ESTABLISH CONNECTION FOR USER: myuser |
meowtism | when i try to run with 4 -vvvv the debugger outputs -vvv |
lulak | Is possible to use nested tags ? https://thepasteb.in/p/66hV91R44RBtW If want to run --tags add,user , task2 in subtask.yml will always run |
shaps | lulak: not sure what you mean by nested tags, you can do what you pasted |
rvgate | lulak, you can use multiple tags with a task... |
lulak | shaps:, rvgate: tag group is always running even if i specify only add and user |
jhawkesworth_ | formanjo: might want to try #ansible-devel for that one, perhaps later in the day when core developers are more likely to be online |
formanjo | jhawkesworth_: thanks |
shaps | lulak: Probably tags are passed down to the include |
iTeV | Question; If I have a fact called "apt_faults", can I access this fact with "{{ ansible_pkg_mgr + '_faults' }}"? |
iTeV | cuz when I try to do this, I just get "apt_faults" instead of the value of apt_faults |
lulak | shaps |
lulak | shaps: what does this mean? |
flowerysong | iTeV: https://docs.ansible.com/ansible/latest/faq.html#how-do-i-access-a-variable-name-programmatically |
iTeV | flowerysong, ty! |
pix9 | hello folks do we have any guide / doc book for best practices when using ansible? |
JEEB | http://docs.ansible.com/ansible/latest/playbooks_best_practices.html ? |
pix9 | thanks. |
pix9 | perhaps any guide book by author? |
spidernik | pix9, Jeff Geerling's excellent Ansible for DevOps contains some best practices in the appendix. https://leanpub.com/ansible-for-devops |
spidernik | (in addition to the previous suggestions) |
pix9 | thanks spidernik |
spidernik | anytime |
Pilou | pix9: also https://www.ansible.com/Ansible-Best-Practices-2017 |
ssbarnea | is there a way to exit an ansible playbook with a special/custom exist code? I want to do this if I spot some special warnings/cases (like unittest failures). |
Guest16511 | allo allo how goes? |
rvgate | Guest16511, hello james |
Guest16511 | Im having an issue as a new ansible user, trying to set root pass on a linux box from another box that can ssh in using its key and no pass, getting this error: |
Guest16511 | https://pastebin.com/xL1tKHgv |
Guest16511 | any ideas? |
winem_ | why do I get "dict object has not attribute find if I use "when: network_manager.find('No') != -1" network manager is a string and debug var and debug message print ""msg": "No package matching 'NetworkManager' is available" |
misc | Guest16511: you didn't forgot to use the right user on the cli and/or the playbook ? |
Guest16511 | $ ansible-playbook playbooks/global/password_change.yml -vvvv |
Guest16511 | https://pastebin.com/5FsBt9Ai |
Guest16511 | thats the playbook Im using |
Guest16511 | ah, think I forgot to specify to run as root instead of ansible user |
misc | yeah |
misc | also, you can use the user module to change password |
Guest16511 | oh, not seen that one yet :) |
Guest16511 | to the googles :) ty |
jhawkesworth_ | winem_: try "when: network_manager|search('No') |
winem_ | actually, I just want to skip some tasks if a package is installed. I could also check if the default package configuration exists but this might be more error-prone. https://gist.github.com/winem/f78242de3807d384f1b48c7896d6ad30 |
winem_ | jhawkesworth_: let me give that a trxy |
misc | Guest16511: ansible-doc user should gve the help |
jhawkesworth_ | obvs igorne that double quote |
jhawkesworth_ | winem_: match/search as a test examples here: http://docs.ansible.com/ansible/latest/playbooks_tests.html |
Guest16511 | cool ty |
jhawkesworth_ | I was just hitting the same problem yesterday |
winem_ | jhawkesworth: but I'm pretty sure that I read somewhere that you're able to use the python string operations on all vars. what baout that? |
winem_ | ah, or was that just for templates? |
jhawkesworth_ | I think I've read that somewhere. Not being much of a python programmer I tend not to think of the string methods though. |
JustASlacker | doubt it |
JustASlacker | it will complaint if its a dict |
winem_ | however, found a way that actually works. thanks guys |
Guest16511 | misc: used the user module with the salt gen for the pass, works a treat :) ty |
Guest16511 | specified the user to root aswell :) |
winem_ | I think there is a bug / issue with the current master. would be great if anyone confirms before I create a git issue. whenever I use ansible-vault edit I am asked to change the password and have to enter the current + the new vault pw. and that's wrong I think. happened yesterday the first time |
shaps | ACTION checks |
shaps | winem_: you are running from devel right? |
winem_ | uh yes, devel on commit 0c5650ee1bdf9dea75a235888c91b4cf8be90efd |
winem_ | it's from tonight |
winem_ | *this morning |
cloudbud | hi I have a jinja template , which has the snippet which I want to optimize . |
cloudbud | $APP_HOME/logs/upstart.{{ app_name }}.log {{ "2>&1" if app_name in ['abc','def','geh'] or redirection is defined else ""}} |
cloudbud | if I defned reditecyion variale in the group vars will it work |
cloudbud | ? |
shaps | winem_: yeah, it looks like it |
winem_ | ok, will add a gitlab issue. thanks for verifying |
rvgate | ACTION is also confirming now |
rvgate | winem_, shaps, yes and no... if you have a vault_password_file in your config it does not ask you for a new password... but if you dont have it, it will ask you to change it |
rvgate | winem_, i'd say create a bug report :) |
winem_ | rvgate: good catch! |
rvgate | winem_, maybe figure out what change causes this? |
winem_ | yes, already checking the recent commits |
shmem | .oO( commit, commit, damnit, wtfit? commit, commit ) |
rvgate | winem_, git bisect |
winem_ | ah, didn't know bisect yet. I'm back on it as soon as the current deployment is done |
rvgate | winem_, im doing it as well, lets see if we can both find it :) |
shaps | looks like ffe0ddea96bbe8ac27af816e58667c212e74688e broke it |
shaps | ah lol, been quicker at bisecting :P |
winem_ | shaps: possible. I know that 92729 was still working. |
rvgate | i think something is wrong with my setup xD |
winem_ | but hell, you have to enlighten me on this bisect topic. the git documentation link google gives me says "checkout commit, build it, use bisect to mark the rev as good or bad " for example. and do that for every commit. I guess you dodn't do that since you were too fast |
rvgate | winem_, i did, but for some reason my ansible --version stayed at a specific commit everytime i tried to run it |
rvgate | winem_, but yeah, git bisect for finding bugs is amazing... simple yes no questions and poof, there is your commit |
winem_ | ok, I'll for sure have to test it |
winem_ | now I would either have checked all commits step by step or use git blame to get a hint :D |
rvgate | winem_, confirmed, it is that commit... |
shaps | rvgate: you probably had a branch between the first good and bad version |
winem_ | just checkinig out that commit now. |
shaps | bisect will put you at the base of the branch, because it wouldn't be able to find the commit |
rvgate | shaps, yeah.. i did a bisect between latest dev and v2.4.1.0-1 |
rvgate | winem_, git checkout ffe0ddea && test is && git checkout ffe0ddea^ && test it |
shaps | yep, try checkout devel and do "bisect good d6004852a2" / "bisect bad devel" |
rvgate | winem_, so... bugreport? :D |
winem_ | ah I see what he did in that commit.. actually it would even be easy to fix. but my plate is already damn full... |
rvgate | i can maybe fix it |
rvgate | im on my break anyway |
winem_ | what's the correct process if you contribute to the ansible repo? just push to develop if you actually fix an issue or can you just fix it and leave a commit message like "fixing xy which came with commit ...."? |
rvgate | winem_, fork ansible, create new branch from latest devel, fix it there, create PR with motivation |
winem_ | ah, the real cool way - thanks! |
winem_ | actually, the only right way if you ask me :D |
rvgate | thats how i did it last times, and they accepted it.. so yeah :P |
rvgate | maybe alikins himself can fix it :) |
winem_ | ah, he's already here. nice |
winem_ | alikins: are you around? |
rvgate | *russian accent* you broke it |
winem_ | I assume there is any gotcha. the old default for the var was an empty array. why not just an empty string? I mean, it would probably be even more dirty... but I'm afraid to find any trap there. guess I'll just fix it in his version without reinventing the wheel |
babilen | Does Ansible's ACL module support X (as in "setfacl -R -m u:foo:rwX /foo/bar") ? |
shmem | what happens if you try? |
babilen | shmem: I can't try right now, which is why I ask |
babilen | Might be able to do it later, but would appreciate an answer (if possible) |
shmem | what could possibly go wrong if you just do? |
babilen | I am not in a position to run Ansible *right now* |
shmem | answer deferred then ;-) |
petn-randall | babilen: AFAICS it should work, 'recursive=yes entity=foo etype=user permissions=rwx path=/foo/bar'. |
AndreasLutro | recursive x is not the same as X |
ssbarnea | does anyone knows how to avoid getting results=[...spam] on console while using replace module? no_log: True seems to have no effect. |
petn-randall | Oh, you meant X as in permissions ... I thought it was a placeholder for the following request. |
petn-randall | ACTION slaps forehead. |
Panther_1 | does anyone know if there is a flag in the file module taht does the same like ln -n ? |
JustASlacker | type: link |
JustASlacker | state: link |
Panther_1 | JustASlacker: no does not help |
JustASlacker | http://docs.ansible.com/ansible/latest/file_module.html |
JustASlacker | its state |
JustASlacker | not type |
babilen | petn-randall, AndreasLutro: Thanks -- I'll check it myself once I'm back. Was just discussing with someone and this question came up |
Panther_1 | JustASlacker: if there is already a symlink to an directory I can't change it to another even with force= yes |
babilen | The issue is indeed about x vs X |
JustASlacker | Panther_1: thats a different question |
Panther_1 | JustASlacker: https://www.endpoint.com/blog/2009/09/25/using-ln-sf-to-replace-symlink-to |
winem_ | rvgate: well, it's too big for a topic to be fixed on the fly. I'll create a bugreport |
Panther_1 | JustASlacker: if you wan't thus you must use the option -n |
JustASlacker | maybe you want state:absent then? |
winem_ | I think it can be done with a few chars and contitionals, but I already saw some pitfalls there any my head is full with stuff my boss actually pays me for :D |
JustASlacker | I guess you need two operations for that |
Panther_1 | JustASlacker: that'S the problem I need it as atomic operation |
Panther_1 | JustASlacker: with ln it does like ln -sfn /new/target /path/to/symlink |
JustASlacker | touch cookies, use shell module |
JustASlacker | tough |
Panther_1 | JustASlacker: thee is no flag/option in the file module that triggers -sfn |
JustASlacker | looks like it, yes |
jl | how do I make this work - { role: myrole, param: "{{ 'my_' + var + 'param' }}" } and expand the vars in var ? |
Panther_1 | JustASlacker: ok so I'm not blind and can fill a bug/feature request |
JustASlacker | ACTION shrugs |
JustASlacker | guess so |
kassav | hello guys, i have a question related to nexus |
kassav | i use to download some actefects using maven plugin |
kassav | the issue is when i run my downloads, all downloaded files will not change |
kassav | but only one whose modification date always change |
kassav | so my playbook will always download it |
kassav | are there an explanation, depending on nexus? |
petn-randall | kassav: If the modtime changes, that's a hint that the content also changed. |
kassav | petn-randall: no, the content didn't change every minute |
kassav | and i see that difference evry time i run the playbook |
petn-randall | kassav: So does the modtime on the local or remote side change (or not change)? |
kassav | the change is on the remote side, so that the plugin will download it again |
petn-randall | kassav: I'd say that's expected and wanted behaviour, unless I'm missing something obvious. |
kassav | petn-randall: i see that only on one artefact |
hypercore | how do i connect to my newly created VPS? |
kassav | i think there is a configuration in nexus |
hypercore | in my inventory under ansible_ssh_private_key_file, should i copy the private key on the server here? |
petn-randall | kassav: Are you updating something on the nexus side that causes this? |
kassav | petn-randall: no |
petn-randall | kassav: wild guess: Is that artifact file a symlink by chance? That might confuse the module. |
kassav | petn-randall: no idea, it's not my part of the job |
kassav | i just get artefacts as input |
hypercore | anyone know? |
shaps | hypercore: you should put the path to the private key there |
hypercore | shaps: ok so i should copy the private key from my newly created VPS to my laptop and then reference it in my inventory file? |
shaps | I'm not sure where you created that vps, why would you have the private key on your VPS? You should have the pkey locally and the public on the remote |
Pistahh | hi, I have a list of URLs in a variable, I want to set another var to true if any of those URLs start with "ftp://" - is there a nice way to do this? |
shmem | scalar grep m{^ftp://}, @list |
Pistahh | .. in ansible.. |
shmem | ah ;-) |
shmem | sorry ECHAN |
asyd | shmem: scala? |
Pistahh | happy people who don't recognise perl ;) |
shmem | :D |
asyd | ahah |
shmem | anyways... porting that perl snippet to python is left as an excercise to the audience |
petn-randall | hypercore: No, private keys never need to be copied around, it's a bad habit. |
petn-randall | hypercore: First you need to set up SSH so you can use your private key to log in. That's not really the scope of ansible. |
shmem | what petn-randall says. private keys are private, period. |
hypercore | thanks |
jjeganathan | Hey guys, I have two sections in my playbook. The first section has a role in which I have a set_fact = var. This same var is not usable in the second part of the playbook (undefined), why ? |
jjeganathan | What I call section = hosts = host1 |
jjeganathan | section2 => host2 with different tasks |
petn-randall | jjeganathan: Two things: 1) Avoid set_fact as much as possible, since it causes different behaviour if you're debugging your playbook with --start-at="foo" 2) Check http://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-scopes for the scopes of variables. |
agaffney | jjeganathan: set_fact creates a host var, which is tied to the host the task runs against. from host2, you can use hostvars['host1'].your_var to access the var created in the first play |
agaffney | Pistahh: some_var: "{{ True if (my_urls | select('match', 'ftp://') | list | length > 0) else False }}" |
iron_houzi | Are there any easy ways to load extra vars from environment? |
agaffney | iron_houzi: it depends on what you mean by "from environment" |
agaffney | you can use lookup('env', 'FOO') to grab an individual env var. you can even have an env var containing JSON and pass it through |from_json, but the individual keys wouldn't automatically become ansible vars |
iron_houzi | agaffney: I'd like to set vars from CLI without having to resolve envvars in the shell. It's leading to quote escape hell.. |
agaffney | example? |
iron_houzi | chamber exec docker-registry -- ansible-playbook -i production test.yml -e "portus_db_password=$DATABASE_PASSWORD portus_secret_key_base=$SECRET_KEY_BASE portus_password=$PORTUS_PASSWORD" |
iron_houzi | ..the envvars gets resolved in the parent shell, not the child shell |
kassav | can i use with_nested with a conditional when? |
agaffney | iron_houzi: then use single quotes or escape the $ with \ |
iron_houzi | many programs support .env file or something to that effect .. probably best to use lookup() then .. |
agaffney | you can also just explicitly use lookup() in your playbook to assign the value of those env vars to ansible vars |
iron_houzi | agaffney: I've tried that.. |
iron_houzi | yeah, set in playbook is fine. Thanks |
agaffney | iron_houzi: tried what, and to what effect? either of using single quotes or \$ would prevent the shell from evaluating those |
agaffney | however, it's possible that one of the other shell instances along the way is doing it, since you're running 3 different commands all in one there |
iron_houzi | ACTION hates shell quote escaping :( |
agaffney | if you were running ansible-playbook directly, what I suggested would work just fine |
iron_houzi | indeed |
kassav | can i use with_nested with a conditional when? |
agaffney | yes |
kassav | agaffney: can i set the when item[0]=item[1] to depend on the two lists? |
agaffney | I'm not sure what you're asking, but you want to use == for equality. = is assignment and isn't really relevant in a 'when' |
kassav | agaffney: i'm not asking about the exact syntax, but about the usage |
agaffney | it's not clear what you're trying to do, so I can't really comment on that |
agaffney | you can do 'when: item.0 == item.1', but I have no idea if that makes sense for what you're trying to do |
kassav | agaffney: double loop and get the good data$ |
agaffney | that doesn't really mean anything. I don't know what "good" data means or what your data structure looks like |
kassav | agaffney: https://privatebin.net/?76c6dda1d950520c#CLSt56jtF8yoghJXv1EnI5guiiU8cvno7+RPRTa8TgU= |
kassav | find the right vm for each element in the first list |
kabalevsky | anybody else at the workshop in princeton |
kabalevsky | ? |
kabalevsky | https://ansibleworkshop.com/workshops/Princeton |
rvgate | kabalevsky, if you pay for the 8h flight, accommodation, food, drinks and have a talk to my boss, i might :P |
kabalevsky | hah |
kabalevsky | maybe after the training i'll get a raise ;) |
rvgate | unless your boss pays for your training :P then its already covered |
rvgate | and if you pay it yourself, he will probably say "though luck, not relevant for your job" |
kabalevsky | we all got redhat red hats |
kabalevsky | I say this is a quality workshop |
rvgate | that is nice |
bcoca | i got a rh hat, but it was too small, sent back for exchange ... but never got it ...:-( |
lulak | did someone tried to modify .vmx (ESXi 6 ) with vmware_guests? Is it the customvalues section ( http://docs.ansible.com/ansible/latest/vmware_guest_module.html ) an option to do this? |
marnej | hello |
marnej | i am looking for setiing together when default and match |
marnej | i need to use when, and wityhj items, but some items doesn't have element msg , so |
marnej | when item.msg | match("some") fails |
marnej | when item.msg | defaul() =="some" |
marnej | this is finew, but am looking for matcvh statmens, instead of == |
kabalevsky | @bcoca sorry to hear that :( |
bcoca | kabalevsky: no worries, if i really wanted it i would have followed up and bugged em about it, they are really nice and would have sent one right away |
kabalevsky | yeah the RH guys here today are pretty cool |
marnej | ah, sorry, now i fixed ir |
marnej | when: item.msg|default() | match("vfat") |
marnej | eorks fine |
marnej | problem was in match statment |
lulak | did someone tried to modify .vmx (ESXi 6 ) with vmware_guests? Is it the customvalues section ( http://docs.ansible.com/ansible/latest/vmware_guest_module.html ) an option to do this? |
formanjo | bcoca: using daemonize from module_utils in my own ansible module is as simle as daemonize(<AnsibleModule>,<script I'm going to run as daemon>), bcos I'm getting some pickle error. Checking that the pickle.loads function before the end of daemonize is getting empty string which is not acceptable for pickle function. I couldn't find any example of usage of daemonize function, are there some examples? |
bcoca | question for #ansible-devel really, service modules use the deamonize ... some of the networking plugins also |
formanjo | bcoca: thanks, will try |
kabalevsky | ok so quick question what is a real world purpose for the handlers section as opposed to having just a bunch of tasks? |
bcoca | handlers execute once per host |
petn-randall | kabalevsky: If you trigger the handler several times, it'll still just execute once. |
bcoca | they execute after task sections, so multiple tasks can change config but only 1 handler runs |
bcoca | well, yiou can notify mulitple handlers, but each one will only run once per host |
bcoca | avoids restarting services x10 if you update 10 configs |
bcoca | for example |
petn-randall | Plus, if your playbook fails because your config template is screwed, you might not want to restart the service to it before fixing. |
kassav | hello again, |
kassav | https://stackoverflow.com/questions/48667150/ansible-double-loop |
kassav | if i'm clear right now |
tinita | hi, I have a problem with the synchronize module |
tinita | my playbook is run against host A |
tinita | and some tasks I delegate to host B |
tinita | now I would like to rsync a directory from localhost to B |
tinita | delegate_to: B doesn't help, because that would rsync from B to A |
tinita | any ideas? |
agaffney | 'delegate_to: localhost' is probably what you want |
tinita | agaffney: the documentation says: The “local host” can be changed to a different host by using delegate_to. This enables copying between two remote hosts or entirely on one remote machine. |
tinita | "For the synchronize module, the “local host” is the host the synchronize task originates on" |
tinita | if I use delegate_to: localhost, it asks me for the password of mylocaluser@A |
tinita | seems it's not possible with synchronize |
tinita | I'll delete the directory and then use recursive copy... :-/ |
kassav | no one got an idea here? |
kassav | https://stackoverflow.com/questions/48667150/ansible-double-loop |
petn-randall | kassav: You still haven't explained your problem and your goal. Crossposting is also considered impolite for various reasons. |
petn-randall | kassav: What are you *actually* trying to do? It could be you're running down a certain rabbit hole and there's a much easier solution if you share your goal/problem with us. |
kassav | petn-randall: it's a third party tool that you can specify your architecture (logical and physical), that helps you deploy in large scale servers |
kassav | petn-randall: i'm i clear |
Kim^J | Hm, is it possible to run a role as different users? |
Kim^J | I have a role which sets some defaults in ~/.aws/config and I need to run it as different users. |
Kim^J | Or do I have to rewrite the role to support multiple users? |
Kim^J | Hm, I have to change the role, bummer. |
larsks | Kim^J: you can use become: and become_user: on a play to control which user is running your roles. |
winem_ | how do you avoid that oyu have the same handler in multiple roles? let's say each role deploys it's own monitoring configuration and a restart of the monitoring agent is required. |
larsks | winem_: put the handler in it's own role, and make that a dependency of the others. |
winem_ | ah, I already have such a role! |
winem_ | didn't know that it would work for handlers, too. nice. thanks |
tinita | I posted my question here: https://stackoverflow.com/questions/48668247/synchronize-from-localhost-to-another-host-which-is-not-the-playbook-host |
nashant | Hi all. Is it possible to do a regex match on a limit? e.g. -l 'group1:&(group2|group3)' |
agaffney | nashant: https://docs.ansible.com/ansible/latest/intro_patterns.html |
agaffney | I don't think so |
pwilc | quick question: Trying to use a block/rescue statement in 2.4.3 to send a slack notification on failure. I'd like said notification to contain the failure reason that would ordinarily be returned from the recap, which could be from any task. Any idea how to register/output that from within the rescue block? |
agaffney | I don't think there's a way to capture the failure from *any* task in the block. however, you could *probably* just use 'register: foo' (with the same var) on all tasks, and it should contain the result from the last task run, which is presumably the one that failed |
pwilc | Thanks, that was my suspicion. It feels a bit excessive to have to do that for every task, it already feels a bit much to have a rescue statement for every playbook rather than one globally. I was considering creating a custom slack callback plugin that only triggers on failure, I wonder if that would be better? |
bcoca | agaffney: iirc 2.4 added vars with 'error from failed task' that rescue: section can use |
bcoca | @jimi|ansible ^ think you were one adding that feature? |
pwilc | @bcoca: Thanks, I'll investigate that :) |
agaffney | ooh, shiny |
agaffney | I should really read the changelog for new ansible releases |
jimi|ansible | i think that was added a while back |
jimi|ansible | like 2.2ish? |
jimi|ansible | was that really just 2.4? |
bcoca | i forget, which is why i pinged you :-) |
jimi|ansible | long story short, it should be there already :) |
pwilc | any idea on the specific name? My best googling is returning nothing so far ;( |
shmem | konversation terminiert! |
dur117 | I'm trying to delegate a copy task that is run on a vagrant VM, to the ansible/vagrant host machine. It's currently set with delegate_to localhost which works fine when running the playbook directly from the control machine, however if running vagrant provision (vagrantfile uses ansible provisioner), it thinks localhost is the guest machine. Anyone know of a way around this? I could put the IP of the machine running the playbook in, but it acts as a new |
dur117 | ssh session and complains about auth. I'm trying to get it to work as it would if I were to run the playbook directly. I'm running the ansible and not the ansible_local provisioner. |
Xat` | hi guys |
Xat` | I have a strange behavior when using selectattr and map : https://paste.ee/p/DoVQJ |
Xat` | anyone can explain me why the debug part is failing ? |
agaffney | Xat`: it's possible/probably that the 'src' param is getting converted to native data types on consumption. try your 'debug' with only the first selectattr() and see what the output looks like |
bcoca | ansible_failed_task ansible_failed_result added in 2.1 |
Xat` | agaffney: yes I already tried that, it works fine when removing the second selectattr |
bcoca | ^ pwilc |
Floflobel | hello, I try to configure the authorized_keys for several users and delete the old keys (thanks to the "exclusive" function). I try with a loop and it does not work, my first test is with a website and the second with key insertion in the variable. Paste: https://paste.fedoraproject.org/paste/dGWxvuEclcxzvqA4gRjmvQ |
rvgate | winem_, did you manage to create the bug report? |
winem_ | yep. #35834 |
Xat` | agaffney: but I need the second selectattr in my use case |
rvgate | winem_, sweet :) |
pwilc | @bcoca Great! Thanks so much. Couldn't find that anywhere. |
bcoca | changlog FTW |
bcoca | i could not find it either |
bcoca | we should actually add to 'block docs' |
Xat` | agaffney: what do you mean by : "the 'src' param is getting converted to native data types on consumption" |
pwilc | @bcoca https://github.com/ansible/ansible/issues/27970 (: |
znf | Hello. |
lulak | how to test if dict have some elements? https://thepasteb.in/p/0ghJWM5VNVvh5 |
znf | I'm trying to reboot all my ansible hosts, but one of them is down (currently in physical maintenance) |
znf | I do `ansible all -a 'reboot -f' -t 20 -B 1 -T 1` yet it still gets stuck |
Xat` | I have a strange behavior when using the 2nd selectattr : https://paste.ee/p/DoVQJ |
Xat` | anyone has an idea ? |
Xat` | I have a strange behavior when using the 2nd selectattr (regexp) : https://paste.ee/p/DoVQJ . When using 'equalto' on the second selectattr I don't have a fail |
Xat` | but I really need to use 'match' (regex) |
swc|666 | so why is it that ansible cannot accept a variable for the group[] name in templating??? Like {% for foo in groups['{{ bar }}'] %} foo {% endfor %} |
swc|666 | I tried numerous things and wound up having to create a block of tasks that took a base template file with placeholder text, ran a script that sed replaced the placeholder text, just so I could set the 'bar' string to what I needed |
mgedmin | swc|666: {% for foo in groups[bar] %} ... |
mgedmin | don't use {{ }} inside {% %} |
Xat` | anyone knows why I can't use selectattr('src', 'match', '^.*subnets.*$') |
lulak | how to test if dict contains some elements? https://thepasteb.in/p/0ghJWM5VNVvh5 |
Xat` | anyone knows why I can't use selectattr('src', 'match', '^.*subnets.*$') : https://paste.ee/p/DoVQJ |
lambiekNL | bcoca: Do you have time to look at issue https://github.com/ansible/ansible/issues/15642 |
lulak | how to test if dict contains some elements? https://thepasteb.in/p/0ghJWM5VNVvh5 | length > 0 works if its not empty, if its empty error shows up object of type 'NoneType' has no len() |
jhawkesworth_ | Xat`: not sure if I'm thinking of 'search' instead of 'match' but one of them seems to have an implicit * at the end of the pattern |
jhawkesworth_ | at least on 2.3.2 |
Xat` | jhawkesworth_: using 'search' instead of 'match' does the same problem |
Xat` | that is really strange |
pwilc | @bcoca This works as I'd hoped, thanks again :+1: |
Xat` | {"failed": true, "msg": "Unexpected templating type error occurred on ({{ req_ipam_check_nat_all.json.data|selectattr('type', 'equalto', 'source')|selectattr('src', 'match', '^.*$')|map(attribute='id')|list }}): expected string or buffer"} |
bcoca | pwilc: i dont get paid in thanks, but i do take your first born or beer! |
bcoca | Xat`: wild guess. json.data is not a string, probably a list or dictionary |
ktibi | Hi Ansible, is it possible to use lookup on url for load vars ??? The online file is in yaml format. |
jhawkesworth_ | Xat`: might be worth trying json_query to pick out the bits of json you need |
Everspace_ | ktibi: You would go something like lookup(url) | from_yaml |
Everspace_ | Although I would VERY MUCH RECCOMEND to not base your deployment on an external URL. |
ktibi | Everspace_, yes, I tried that but no success :/ |
ktibi | I need to get some vars (ldap export) for create some project in my appli :/ |
Xat` | bcoca: req_ipam_check_nat_all.json.data is here : https://paste.ee/p/DoVQJ |
jhawkesworth_ | Xat`: json query described here: http://docs.ansible.com/ansible/latest/playbooks_filters.html#json-query-filter |
bcoca | Xat`: its a list |
Xat` | jhawkesworth_: I already tried with json_query but someone here tells me to use 'selectattr' instead |
ktibi | Everspace, I try that https://pastebin.com/raw/CmEkijFG But the debug return only one big vars |
Everspace | ktibi: I would assume that's it's a pretty big var no? |
Xat` | bcoca: yes it is a list. So I should be able to selectattr with a 'match', no ? |
bcoca | Xat`: if i read this correclty, you want a list of dicts that have one attribute with the 'type' == source and anythin in src? |
pwilc | @bcoca Is there such a thing as a patreon for contributors? :D |
ktibi | Everspace, yes I have list_groups_file: " ALL DATA IN FILE" with escape '\' before all double quote in my data. |
bcoca | but src is a dict, yet you match it as string |
bcoca | "src": "{\"subnets\":[\"10\"]}", |
bcoca | ^ that is your problem |
Xat` | bcoca: yeah but actually with selectattr('src', 'match', '^.*subnets.*$') |
jhawkesworth_ | match is still looking for a string though. the value of src is as bcoca says, is a dict. |
bcoca | Xat`: ALL the json gets converted to native types, not just part of it |
bcoca | so you cannot expect everything to be dict/lists 'except' the subdict you want to match as string |
Xat` | mhh, that's not really clear to me |
Xat` | I understand that the 'src' field contains structured datas |
bcoca | but match REQUIRES a string, which src is not |
Xat` | bcoca: 'src' is a string |
Xat` | even if it contains a data structure |
bcoca | the key 'src' is a string, the value for 'src' is a dict |
bcoca | you are matching the value |
Xat` | bcoca: that is strange because in another play, I have to do that somewhere : req_ipam_all_nat.json.data|selectattr('type', 'equalto', 'source')|selectattr('src', 'match', '^{\"subnets\":\\[.*\"' ~ subnet_id ~ '\".*}$')|map(attribute='id')|list|first |
Xat` | and this is working well |
Everspace | bcoca: No I'm pretty sure that it's a string that has json in it for some reason. The debug would have pretty printed it otherwise. |
bcoca | Everspace: dont rely on debug to print out the internal representation of a structure |
Everspace | :| |
bcoca | it does it's own mangling |
bcoca | it tries to print 'user readable data', not 'type accurate data' |
Everspace | hnnngggg. |
Xat` | In the other play, I evaluate 'src' value as a string |
bcoca | Xat`: the error is that it is not getting the expected string, as i see the data, src is not a string ... not sure i can help you more than that |
Xat` | thank guys ! I will still debug |
Everspace | Is there an inverse to --limit on ansible-playbook outside of punctuating things with '!'? |
bcoca | Everspace: inverse of limit? not really, limit is there to subset the hosts specified in play, you would have to update play to speicfy MORE hosts |
winem_ | rvgate: alikins assigned the issue to him by himself. :) |
ingy | bcoca: I sent you a gist yesterday of a few `make tests` fails on mac on last stable commit of ansible |
ingy | I can continue with the fails. just wonder if I'm DoingItWrong™ |
bcoca | sent how? |
ingy | here :) |
bcoca | ACTION has too many com channels |
winem_ | is there any reason that it's not possible to use something like -l/--limit for roles? I think it would be very helpful but I guess there is a strong reason why it does not yet exist and I might just miss something obvious |
bcoca | winem_: roles dont map to hosts |
bcoca | play == mapping of tasks to hosts |
ingy | 14:13:52 ingy | bcoca: I get 11 `make tests` fails on stable-2.4 on OSX on python-2.7.10. Here's a gist of my test script and output: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd |
bcoca | roles == reusable groups of tasks and other resources |
ingy | With fail info starting here: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd#file-test-out-L3406 |
ingy | bcoca: otp now... bbiab |
winem_ | yes, I think a combination of -l hostgroupxyz and -something roleZZZ might be good. |
winem_ | actually, I just miss this if something goes wrong or when debugging.. hmm |
bcoca | hmm role not found, is it in the paths described? |
bcoca | ingy: did you install via homebrew? |
bcoca | ^ they rewrite some things and relocate others so it never works 'as expected' |
Everspace | winem_: Roles are akin to functions. They have no baring on the play until they're encountered. It doesn't make sense to filter based on what a host MAY call in a playbook, nor is there a way to index what roles have ever happened on a particular host. |
winem_ | Everspace: thanks, that makes sense |
bcoca | Everspace: you 'can' keep track of that via callbacks/logs |
blammo | hey, i'm using hostvars in templates and it used to work fine, but now my plays hang when it tries to use a value from hostvars. is there any obvious cause by this description alone? |
bcoca | blammo: no |
Everspace | bcoca: Certainly, but at that point I would say you probably want to write a custom host script or something like that. |
Everspace | invintory* |
bcoca | yep |
blammo | a simple example is: debug: msg={{ hostvars }} |
boxrick | Can anyone explain this crazy error for me? |
boxrick | https://gist.github.com/boxrick/ab70471b003b218296412e4faac60093 |
blammo | that hangs my play |
boxrick | Since the use case seems incredibly normal and simple |
boxrick | Does first found only work for templates? |
Everspace | boxrick: no |
Everspace | boxrick: You want msg instead of var. |
ingy | bcoca: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd#file-test-L1 is the exact reproduction script I made that I run from a clone of the ansible repo. I'm not sure which if any homebrew parts would come into play here. |
boxrick | It shouldn't really matter.. |
boxrick | Ill try anyway |
Everspace | boxrick: var is for printing particular environment variables (eg: var=hostvars). msg is for everything else. |
boxrick | Well var=item would work |
boxrick | Just bad sytax here |
boxrick | doh |
boxrick | Obvious now you point it out, cheers |
Everspace | :praisethesun: |
SmashingX | this is how my playbook looks like: http://pastebin.centos.org/537361/ |
SmashingX | there’s a syntax error on that |
SmashingX | apparently the line containing path is the problem but I don’t know why |
SmashingX | I don’t know what I’m missing, can somebody help? |
Praxi | no tasks section? or is that just a snippet of your playbook? |
flowerysong | SmashingX: Task lists go under the tasks key in the play. https://gist.github.com/flowerysong/6c8acc5aa8440cf8153cc13bb9e1b578 |
SmashingX | Praxi: I’m super new to ansible so I that’s all I have |
Praxi | ya look at @flowerysong's example, he added the missing bits for you :) |
SmashingX | flowerysong: thank you |
SmashingX | so do I always have to have Tasks before the actual tasks? |
Praxi | yes |
Praxi | https://docs.ansible.com/ansible/latest/playbooks_intro.html get ya started |
SmashingX | now it’s complaining about the tasks line |
Praxi | did you copy @flowerysong 's code completely? |
Praxi | yaml is a serialized space sensitive language |
ingy | I would say it is a space sensitive serialization language :) |
ingy | but I guess either is a SSSL™ |
SmashingX | https://s18.postimg.org/3otbc2bo9/Virtual_Box_Cent_OS_exam_Clone_07_02_2018_11_47_29.png |
Praxi | ya your alignment is wrong |
Praxi | 2 spaces |
Praxi | always 2 spaces |
SmashingX | alignment? |
SmashingX | Does Ansible care about indentation? |
agaffney | SmashingX: https://docs.ansible.com/ansible/latest/YAMLSyntax.html |
SmashingX | what? |
agaffney | no, the YAML parser does |
SmashingX | oh come on |
agaffney | ansible playbooks are YAML documents. indentation and alignment is meaningful in YAML |
Praxi | not specific to ansible, just to yaml. get yourself a good editor, and it will complain about things like that |
Praxi | at least keep the basics from biting you :) |
SmashingX | but come one |
Sketch | i don't think it _has_ to be 2 spaces. but it has to be indented correctly and consistently. |
SmashingX | there are more important things to worry about than identation |
SmashingX | please YAML remove that thing |
Praxi | just don't see it happening :) |
agaffney | SmashingX: indentation in YAML isn't cosmetic. it defines the structure of the document |
Sketch | ^ |
flowerysong | You're building a data structure. If your indentation is wrong it can't be parsed into the correct structure without other indicators. |
Sketch | it's like python. indentation matters. |
t0ken | ACTION is just happy it isn't XML |
SmashingX | agaffney: I get that, but the language should leave that to the end user not to be part of syntax |
flowerysong | YAML is a superset of JSON, so if you want to not care about indentation you can write your playbooks in JSON. |
agaffney | SmashingX: you should really read through the YAML syntax doc and https://docs.ansible.com/ansible/latest/playbooks_intro.html#basics before proceeding any further |
Sketch | SmashingX: then it would be a different langauge. |
SmashingX | why ansible then chose to use YAML |
flowerysong | But I don't recommend it. https://gist.github.com/flowerysong/4736817884ce16a062181cdc0ad0d220 |
agaffney | SmashingX: YAML uses indentation rather than curly braces all over the place for structure, much like python |
SmashingX | if I guess there are so many better languages than don’t care about so basic stuff like identation |
Sketch | probably because it's nice and compact and works well for this particular use case |
agaffney | SmashingX: complaining/questioning it doesn't do anyone any good. the decision was made many years ago and nothing will change |
ingy | it also can use curly braces all over the place! |
Sketch | and easily human readable |
ingy | also like python (for data) |
agaffney | SmashingX: yes, those languages don't care about indentation because it's not part of the structure. YAML cares because the indentation actually means something |
agaffney | SmashingX: if you don't like YAML or dealing with indentation, feel free to go use another automation tool where indentation doesn't matter |
Sketch | also don't bother looking at salt, it uses yaml too. |
SmashingX | ok, I guess the short question for me is: if you want to use ansible then stick to the “basic” syntax rules otherwise use other software like chef or whatever |
Praxi | indentation concerns will definitely make python difficult :) |
SmashingX | I guess, I have to use ansible so even though I think I will hate this YAML language I will have to use it |
SmashingX | Praxi: probably that’s why I don’t like python |
SmashingX | and I try to avoid it |
Praxi | then ansible seems a really odd choice, my friend |
SmashingX | my company likes it |
agaffney | if you quit trying to avoid it, you'll get over the indentation thing eventually |
SmashingX | so I will have to live with this hate |
agaffney | that's fine, but don't bring the hate here |
SmashingX | there’s no way around it |
ingy | SmashingX: you can put JSON in any Ansible YAML file and it will work. |
agaffney | we don't care if you hate it, and it's not productive |
Praxi | what are you gaining out of it? ahh gotcha, that makes sense. I personally love python, and ansible is a treat to work with compared to some of the others I have messed with. Mainly puppet. |
SmashingX | agaffney: ok is not my hate, I’m just sharing my opinion, if you don’t want me to share my opinion that’s fine I will shut up |
Praxi | we are here to help each other, not debate historical design choices :) |
SmashingX | ok thank you for the help |
Praxi | you can do a lot with json as well, check out the json_query and jmespath.org |
grimm665 | hi all, does anyone know if ansible-pull can utilize a git server with ssh on a different port? or can ansible-pull use username and password for https git? |
SmashingX | if I want to apply the same permissions to different directories with the ACL ansible module can I add another path line or do I have to add another acl: block? |
agaffney | grimm665: ansible is mostly just passing the provided git URL to the 'git' binary, so it's whatever it can support in its URL scheme |
grimm665 | agaffney: so if i include the port in the URL, it should go along just fine? |
agaffney | SmashingX: you can do another 'acl' task, or use a loop on that single task with multiple paths |
Praxi | check out with_items @SmashingX , should probably really check out some of the intro documentation though |
agaffney | grimm665: yes, I think so. something like git+ssh://my.git.server:7999/foo/bar.git should work fine |
grimm665 | agaffney: awesome, thank you |
Praxi | https://docs.ansible.com/ansible/latest/playbooks_loops.html @SmashingX |
spufi | anyone else who registered for the vscode/ansible webinar? Was connected to the webinar, but now it states its removed O_o |
SmashingX | can I ask what state: present means? |
flowerysong | Depends on the module. Usually it means that a resource should be present. |
flowerysong | If you're still talking about the acl module, https://docs.ansible.com/ansible/latest/acl_module.html |
Praxi | installed/present/set etc... its generic terminology for most ansible modules. |
blammo | bcoca: it seems hostvars may have grown too large and it is just painfully slow |
blammo | my inventory file may be out of control :( |
blammo | bcoca: actually something to do with encrypted values in group_vars |
lulak | idea how to test number of elements in foo: ? https://thepasteb.in/p/pghQLvBmkq4HR |
lulak | a |
flowerysong | lulak: {{ (foo is none | ternary([], foo)) | length }} |
flowerysong | (It gets more complicated if foo might be undefined.) |
halberom | you might be able to just do custom.foo|default('', True)|length |
halberom | which would (i think) also handle undefined |
flowerysong | halberom: No, because default triggers only on undefined, not on blank. |
halberom | see the 'True' bool param |
halberom | it changes the default handling of null vars |
halberom | and empties |
lulak | uh.. |
flowerysong | Oh, right. |
flowerysong | My bad. |
lulak | halberom: flowerysong; thanks |
lulak | what is default('', True) ? if custom.foo | else empty string ? |
halberom | basically, you can use '', [] or {}, anything that'll work with |length. |
lulak | halberom: i dont get diffence between custom2.foo|default({}, True)|length and custom2.foo|default({})|length |
lulak | *difference |
halberom | check the jinja docs for the description of the default filter, it changes how default handles certain situations. |
lulak | halberom: can you help me please with one more thing? How to test it in nested dict? thanks https://thepasteb.in/p/r0hwj1vwR1NCK |
halberom | lulak: no idea what you're trying to do there, it def looks wrong. |
lulak | halberom: count elements in custom.foo.{anna|john}.houses if exist |
halberom | your with_items should be a list of ['anna', 'john'] then |
lulak | these names are dynamic variables for me... |
lulak | count elements in custom.foo.{1,2,3....n}.houses if exist |
halberom | oh, that's... a bit harder. |
halberom | lulak: easiest is to loop through, and increment count. trickier is to use something like json_query |
halberom | not something i can help with at this time |
lambiekNL | bcoca: Do you have time to look at issue https://github.com/ansible/ansible/issues/15642 |
agaffney | lambiekNL: why are you poking bcoca directly to look at an issue that hasn't been touched in over a year? |
lambiekNL | agaffney: Because I asked here in general about the issue and was redirected to bcoca. |
lambiekNL | If someone else can have a look at that issue, I really wait for the availability of the pfexec become method. |
agaffney | lambiekNL: have you tried later versions of ansible? it sounds like you have a possibly working solution. have you created a PR for it? |
lambiekNL | agaffney: I did not create a PR for this. If I change the code about the quoting it can break other parts which need quoting. |
agaffney | I kinda doubt that bcoca has an OpenIndiana system around to look at this issue, but you never know with him |
lulak | halberom: like this? https://thepasteb.in/p/WnhzYPBVAz2sV |
lambiekNL | Nobody else is using Solaris / Openindiana with pfexec and ansible? |
bcoca | agaffney: .. i do ... |
agaffney | of course, you do... |
Dink | Hello, Is there a way to use an aws acm cert with elb_application_lb ? Anyone know of a workaround if it does not ? I did a quick investigation and it seems like aws acm cert is boto3 which I don't think these modules support yet. |
bcoca | lambiekNL: i try to avoid it, but do have image 'resting' jic |
agaffney | lambiekNL: they may be, but they aren't necessarily in this channel and active right now :) |
Enphuego | When you use --vault-password-file, how does ansible know that it's supposed to be a script not a text file? |
bcoca | lambiekNL: seems like quoting reqs changed? |
bcoca | or is it forcing pfsh? |
agaffney | Dink: the elb_application_lb module uses boto3 |
agaffney | Dink: while many of the older AWS-related modules use boto2, that one is new in 2.4, and all new ones should be using boto3 |
lambiekNL | bcoca: I tried several versions of ansible in the past, but none of them worked with pfexec. |
agaffney | Enphuego: probably the +x bit, same as with inventories |
bcoca | i know it was working at one point, but not sure that has changed in ansible itself, my guess is changes in pfexec or solaris/derivative environment |
Dink | agaffney, ok let me double thanks for the info. Will circle back in a bit. Do you know if you can use acm certs though with it ? |
bcoca | no one really touched pfexec since it was originally working afaik |
agaffney | Dink: I have no idea |
bcoca | lambiekNL: also im running 151 .. not sure if that is ancient at thsi point |
JustASlacker | 151? |
bcoca | oi_151a8 build |
agaffney | Dink: looking at the docs for the module, it just expects a certificate ARN, so it may "just work" |
lambiekNL | bcoca: I'm especially interested in Solaris 11.3 |
bcoca | lambiekNL: understood, but i dont have a solaris 11.3 box to test against |
lambiekNL | I'm not sure if Openindianna still is on par with Solaris |
Dink | agaffney, I have a feeling I tried it a while back and didn't work. Will try again in a bit to see. Maybe something changed recently. |
agaffney | Dink: I don't know if the AWS API or boto3 makes a distinction between IAM and ACM certs |
lambiekNL | Well, I have several Solaris instances, I can test things if needed, but I'm not just that good to propose a solution. |
Enphuego | can the scripte for --vault-password-file be a bash script? |
Dink | agaffney, It works !! |
agaffney | Enphuego: yes. ansible just needs to be able to execute it and it needs to spit out a password to STDOUT |
Dink | agaffney, hmm maybe it was for the classic elb that didn't work previously. |
bcoca | lambiekNL: i can suggest, use -vvv to see 'exact command passed' and see if you can fix that, from fix i might be able to 'fix the code to produce fixed command' |
lambiekNL | bcoca: <lnx1958vm> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/lambert/.ansible/cp/0868fd9afe lnx1958vm '/bin/sh -c '"'"'chmod u+x /export/home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-253155990020121/ |
lambiekNL | /export/home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-253155990020121/setup.py && sleep 0'"'"'' |
lambiekNL | <lnx1790vm> (1, "'echo BECOME-SUCCESS-vljzedpolzvppnmcngrharsflwqczqsg; /usr/bin/python /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/setup.py; rm -rf /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/ > /dev/null 2>&1': No such file or directory\r\n", 'Shared connection to lnx1790vm.internal.asp4all.nl closed.\r\n') |
lambiekNL | fatal: [lnx1790vm]: FAILED! => { |
lambiekNL | "changed": false, |
lambiekNL | "module_stderr": "Shared connection to lnx1790vm.internal.asp4all.nl closed.\r\n", |
lambiekNL | "module_stdout": "'echo BECOME-SUCCESS-vljzedpolzvppnmcngrharsflwqczqsg; /usr/bin/python /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/setup.py; rm -rf /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/ > /dev/null 2>&1': No such file or directory\r\n", |
lambiekNL | "msg": "MODULE FAILURE", |
lambiekNL | "rc": 1 |
lambiekNL | } |
lambiekNL | sorry |
JustASlacker | O_o |
bcoca | lambiekNL: gist/pastebin or you'll get kicked for channel flooding |
lambiekNL | bcoca: That was the purpose, hit wrong clipboard... |
lambiekNL | pastebin link: https://pastebin.com/Vu4nq1F6 |
bcoca | understood, in any case that is the error, seems same as ticket, just need to know 'what is right way' |
bcoca | lambiekNL: something looks wrong with your paste .. no become method |
lambiekNL | bcoca: I'm looking into it |
Mixer9 | Hello all, I am attempting to use a playbook that uses the vmware_guest module in tower, I have machine credential , and cloud credential added to template however I get error about needing username and password in the playbook. How do I reference a stored cloud credential in my playbook so tower will run it using the cloud credential? |
lambiekNL | bcoca: updated the pastebin info: https://pastebin.com/Vu4nq1F6 |
unoriginal | exit |
bcoca | lambiekNL: not using pfexec, you are hacking in pfsh |
bcoca | the method was not designed that way |
lambiekNL | bcoca: perhaps the pfsh is the most fancy way to do it but if pfexec needs to be used I will update the pastebin right away. |
bcoca | lambiekNL: its not the pastebin that matters, its how you configured/feed ansible info so it can use it |
winem_ | are there any known issues if the remote user is the same as the become_user? |
agaffney | winem_: afaik, that *should* be a no-op |
winem_ | I thought the same but I ran into some issues and I'm not sure if that's not related because it's the first tame that both users are the same. so if there are no known issues, I will take a closer look at it |
winem_ | I mean, the playbooks till works fine but I have permission issues, when I use the shell commands. will proceed with the investigation :) |
bcoca | become is for 'becomeing a different user' ... having them both be the same .. |
winem_ | actually, it should not be the case that the remote user is the same as the become user but I didn't think about it when I run the playbooks for the new project. |
winem_ | well, that's a good point. do you have / recommend a dedicated user for ansible? |
bcoca | no |
bcoca | i dont have, i recommend 'whatever works for your environment' |
bcoca | as we dont all have same requirements and constraints |
Mixer9 | Hello all, I am attempting to use a playbook that uses the vmware_guest module in tower, I have machine credential , and cloud credential added to template however I get error about needing username and password in the playbook. How do I reference a stored cloud credential in my playbook so tower will run it using the cloud credential? |
lambiekNL | bcoca: pfexec does not allow multiple commands so an ansible script should be executed by pfsh |
lambiekNL | I've updated the pastebin once more with an example of /bin/sh -c "pfsh ..." |
bcoca | pfexec gets only 1 command, a shell with the quoted 'chained commands' inside |
bcoca | the method was NOT designed to work with pfsh , so just injecting it there is probably what is breaking it |
lambiekNL | bcoca: understood. Unfortunately pfexec tries to execute everything between the quotes as 1 single command and provides a file not found error. How can I turn the issue into a feature request a method for pfsh? |
lambiekNL | bcoca: understood. Unfortunately pfexec tries to execute everything between the quotes as 1 single command and provides a file not found error. How can I turn the issue into a feature request for a method for pfsh? |
bcoca | open feature request for pfsh |
bcoca | lambiekNL: not sure why pfexec is trying to execute the string, it should be passed to the shell, pfexec should be executing a shell |
lambiekNL | from the man page pfexec sets a PRIV_PFEXEC flag to the current shell and executes the specified command. the man page also refers to pfsh, pfbash and many other shells so I thing some major change is being done on pfexec. |
bcoca | possibly, the current method was probably wirttend 2+yrs ago |
kiwimatt | ansible forks, is there anyway we can determine through monitoring if we are hitting the number of forks currently configured, also is there a sizing guide that would help us determine an optimal setting? |
agaffney | kiwimatt: if you have 'forks' set to 5 (the default) and have a play running against 6 hosts, you're hitting the limit |
agaffney | there is no sizing guide that I'm aware of. the optimal setting for 'forks' is a function of the the CPUs/memory in the machine where you run ansible, as well as the configured limits |
bcoca | forks is the 'upper limit' but will only be hit if you have 'more hosts than forks' or serial set to a number ?>= forks |
kiwimatt | thanks @agaffney, was hoping to put some science behind it a little with metrics as we have a team of about 10 staff running plays off a single ansible server at various times so hard to gauge the number of plays over time and the highest water mark, also be great to know for a certain amount of forks the reccommended cpu/memory/network minimums |
agaffney | kiwimatt: it will be quite difficult to come up with an optimal 'forks' setting if you have multiple ansible-playbook instances running at the same time, since the setting applies to each instance, and is not cumulative |
agaffney | ansible itself doesn't really have metrics to tell you what exactly it is doing, but you can look at system level metrics around CPU/memory/proc/file usage and make some assumptions |
agaffney | the amount of memory/CPU used by a given ansible fork varies depending on your playbook |
kiwimatt | agaffney: do you mean that forks setting is per user |
agaffney | no, it's per running instance of ansible |
agaffney | if you set 'forks' to 50 and run 3 ansible-playbook instances, you can have up to 150 running forks |
kiwimatt | so we'd have 1 instance and many users all contrained by the forks value? |
kiwimatt | ah |
agaffney | you could of course write a wrapper script that adjusts 'forks' on the fly depending on what else is going on on the machine, but that's not something that ansible itself does |
agaffney | it would be interesting to have a "smart" forks setting where you set an upper limit on certain resource utilization, but even that would probably only work at the beginning of a playbook run and not adjust as the play gets executed |
kiwimatt | and if the forks limit is exceeded, is the result queuing? and is there a timeout for queue items if not processed fast enough |
agaffney | if you have 10 hosts and 'forks' set to 5, ansible just works on 5 hosts at a time |
agaffney | iirc, the forks are created at the beginning of the run, not spawned for each host/task combination |
agaffney | but I'm not positive about that |
bcoca | or just use 'nice anisible' |
agaffney | I made the "mistake" of using nice/ionice with puppet once, not realizing that those settings would be inherited by any command run by the puppet agent, including services started |
agaffney | that doesn't apply to ansible, at least when using any "remote" connection plugin |
agaffney | it worked great until a few weeks later when puppet restarted httpd, and it was suddenly moving like molasses |
bcoca | lmao |
agaffney | I'd added them in the first place because somebody claimed that the puppet agent was dragging down some systems, so it was "funny" when those systems were still getting dragged down with the puppet agent nice/ionice'd into oblivion |
agaffney | but it seemed like a reasonable thing to leave in place |
agaffney | their suggestion was just to disable puppet all together |
agaffney | which of course was never going to happen :) |
bcoca | well that is the issue with agents, they CAN interfere with the actual use of the machines |
bcoca | one reason normally nice/ionice npre |
bcoca | but its actually a 'feautre' that commands it runs are still niced/ioniced |
kiwimatt | we'll do some testing and see what we can come up with @agaffney, thanks for the info |
bcoca | also i never used it for executing recovery scripts, alwasy did via ssh |
mmercer | which are people more regularly using these days, import_tasks or include_tasks |
bcoca | mmercer: both, depends on your needs |
mmercer | ACTION is curious if there is an overall trend for which one people actually replaced the classic -include with |
mmercer | bcoca: i seem to have a lot more issues using the include_tasks, which doesnt make much sense to me. i understand the difference between the two, i just dont understand why its making a difference in some of our invocations |
agaffney | mmercer: import_tasks behaves like include in most cases |
mmercer | agaffney: thats what i had observed, i just wasnt sure if that was 'accurate' from code standpoint |
bcoca | import-tasks == include+static, include_tasks == include+dynamic |
mmercer | i had actually 'expected' the reverse given the 'include == include' lol |
bcoca | static has always been 'more stable' but has 'less features' |
mmercer | less features ? |
bcoca | cannot be made conditional, for example |
bcoca | cannot use hostvars |
mmercer | oooh, interesting, i dont think i realized the hostvars limitation |
mmercer | but cannot be made conditional? isnt when: considered a conditional inclusion ? |
bcoca | yes, but does not apply to the include/import, it applies to the included imported tasks, unlike include_tasks |
mmercer | ahhh |
bcoca | final effect is same, just one way you skip 10 tasks, the other 1 |
mmercer | interesting |
agaffney | the include isn't conditional, but the tasks inside it are |
mmercer | so, here is the one that i was surprised to see it worked one way, but failed the other: https://gist.github.com/mmercer-apixio/f3b78ddcad81d2c7b17003aa1a5a8e82 |
mmercer | initially, i had it defined as include_tasks, and for a while that seemed to work -- recently i reupdated our ansible to 2.5.0a1 as opposed to an older 2.5 dev release of it, and i think thats where it slightly changed, and i dont particularly understand why it doesnt work as an include_tasks |
mmercer | the invocation sets all of the expected variables, the dict is defined and the parameters are all good... |
agaffney | 2.5 is apparently removing the "feature" that causes some attributes at the include level to cascade to tasks in the include |
agaffney | I don't know the motivation behind this |
agaffney | this is probably also why include was removed from the deprecation list for 2.5 earlier today :) |
agaffney | bcoca: can you comment on that? |
bcoca | keywords on include_X apply to the include, keywords on import_X are inherited by imported |
bcoca | we ARE looking at adding a option to include_X to 'set keywords for included' |
bcoca | but wont be in 2.5 |
mmercer | ahh, interesting |
mmercer | apparently my older dev branches hadnt been affected by that change, but updating to 2.5.0a1 did |
mmercer | ok, that clarifies that |