#ansible IRC Archive for 2018-02-07

jlacroix	I'm hoping someone can help me with ansible-pull. I'm playing around with it to learn it in a test VM. It seems as though it requires an inventory file, because it works fine if I give it an inventory file (which only has 'localhost' in the file) but if I remove that, it complains about "no hosts matched" is it possible to use ansible-pull against localhost, and not have an inventory file?
agaffney	jlacroix: what ansible version? modern versions have an implicit localhost entry even with no inventory
jlacroix	2.4.2
jlacroix	It basically tells me, no hosts found, and skips all the playbooks
flowerysong	Do your playbooks target localhost?
jlacroix	I think that may be my problem. I was using "all"
flowerysong	In that case you should be able to do '-i localhost,' (note comma) to add an explicit localhost entry without a separate inventory file.
flowerysong	Or just change to hosts: localhost, of course.
jlacroix	Thanks guys, I can't believe it was that easy. I was working on this for about two hours yesterday, Googling like crazy
bcoca	implicit localhost does NOT match 'all', but if you define it in inventory, it does
jlacroix	By the way, thank you guys for all your work on this AWESOME piece of software. I truly believe you're doing God's work, and that's coming from an Athiest. ;)
bcoca	no, we respond to higher authority, we are doing root's work
jlacroix	LOL
jlacroix	I've been addicted to Ansible for a few years now. It's made my life a lot easier.
bcoca	that was the plan!
jlacroix	I use it for not only DevOps but my own personal laptops/desktops as well.
bcoca	he, same here, started as a user, then contributor, now employee ...
bcoca	used it for work and home machines ... now i work on it
jlacroix	Maybe some day when I get better at coding I'll contribute back to it some how.
jlacroix	Do you use ansible-pull for home machines? I only discovered ansible-pull about two days ago
bcoca	contributing takes many forms, verify bugs, write docs, submit issues ...
bcoca	no, i used to for a satellite office i managed, their connection was only on when someone in office was there
jlacroix	Gotcha. Thanks again guys, have a good night
bcoca	gn
jlacroix	Sorry to bother you guys again, but I'm having trouble with this playbook: https://pastebin.com/RCwayeDf
jlacroix	I'm sure it's a simple, stupid problem on my end but it keeps complaining about line 9
jlacroix	Nevermind on my last question, it was looking for roles/ in the current directory and not the base directory as I wish it would
Dan0maN	hi all. preface: i'm running EL7. i'm trying to perform a pip install of bigsuds for bigip_facts module dep. it is barking about upgrading the setuptools. when i attempt to upgrade the setuptools as described in the bark, it fails out. https://gist.github.com/anonymous/97d2dd31da5b4e9e83b9926b710368f1
Merry__	pip install --upgrade setuptools
pix9	hey folks what module would be ideal for renaming directories file module or command module?
winem_	hi, does anyone have an idea how to gather the right python version automatically? I'd like to do something like `check $(which python)` and if available use that one if not check $(which python3) and if that returns 0 use that one.
winem_	but I have the common chicken egg problem here. how to do that without python?
formanjo	Hello, is there anybody who can answer my question about usage daemonize from module_utils in my own module?
meowtism	hey guys, im having a problem with ansible in that, my job gets stuck like this: ESTABLISH CONNECTION FOR USER: myuser
meowtism	when i try to run with 4 -vvvv the debugger outputs -vvv
lulak	Is possible to use nested tags ? https://thepasteb.in/p/66hV91R44RBtW If want to run --tags add,user , task2 in subtask.yml will always run
shaps	lulak: not sure what you mean by nested tags, you can do what you pasted
rvgate	lulak, you can use multiple tags with a task...
lulak	shaps:, rvgate: tag group is always running even if i specify only add and user
jhawkesworth_	formanjo: might want to try #ansible-devel for that one, perhaps later in the day when core developers are more likely to be online
formanjo	jhawkesworth_: thanks
shaps	lulak: Probably tags are passed down to the include
iTeV	Question; If I have a fact called "apt_faults", can I access this fact with "{{ ansible_pkg_mgr + '_faults' }}"?
iTeV	cuz when I try to do this, I just get "apt_faults" instead of the value of apt_faults
lulak	shaps
lulak	shaps: what does this mean?
flowerysong	iTeV: https://docs.ansible.com/ansible/latest/faq.html#how-do-i-access-a-variable-name-programmatically
iTeV	flowerysong, ty!
pix9	hello folks do we have any guide / doc book for best practices when using ansible?
JEEB	http://docs.ansible.com/ansible/latest/playbooks_best_practices.html ?
pix9	thanks.
pix9	perhaps any guide book by author?
spidernik	pix9, Jeff Geerling's excellent Ansible for DevOps contains some best practices in the appendix. https://leanpub.com/ansible-for-devops
spidernik	(in addition to the previous suggestions)
pix9	thanks spidernik
spidernik	anytime
Pilou	pix9: also https://www.ansible.com/Ansible-Best-Practices-2017
ssbarnea	is there a way to exit an ansible playbook with a special/custom exist code? I want to do this if I spot some special warnings/cases (like unittest failures).
Guest16511	allo allo how goes?
rvgate	Guest16511, hello james
Guest16511	Im having an issue as a new ansible user, trying to set root pass on a linux box from another box that can ssh in using its key and no pass, getting this error:
Guest16511	https://pastebin.com/xL1tKHgv
Guest16511	any ideas?
winem_	why do I get "dict object has not attribute find if I use "when: network_manager.find('No') != -1" network manager is a string and debug var and debug message print ""msg": "No package matching 'NetworkManager' is available"
misc	Guest16511: you didn't forgot to use the right user on the cli and/or the playbook ?
Guest16511	$ ansible-playbook playbooks/global/password_change.yml -vvvv
Guest16511	https://pastebin.com/5FsBt9Ai
Guest16511	thats the playbook Im using
Guest16511	ah, think I forgot to specify to run as root instead of ansible user
misc	yeah
misc	also, you can use the user module to change password
Guest16511	oh, not seen that one yet :)
Guest16511	to the googles :) ty
jhawkesworth_	winem_: try "when: network_manager\|search('No')
winem_	actually, I just want to skip some tasks if a package is installed. I could also check if the default package configuration exists but this might be more error-prone. https://gist.github.com/winem/f78242de3807d384f1b48c7896d6ad30
winem_	jhawkesworth_: let me give that a trxy
misc	Guest16511: ansible-doc user should gve the help
jhawkesworth_	obvs igorne that double quote
jhawkesworth_	winem_: match/search as a test examples here: http://docs.ansible.com/ansible/latest/playbooks_tests.html
Guest16511	cool ty
jhawkesworth_	I was just hitting the same problem yesterday
winem_	jhawkesworth: but I'm pretty sure that I read somewhere that you're able to use the python string operations on all vars. what baout that?
winem_	ah, or was that just for templates?
jhawkesworth_	I think I've read that somewhere. Not being much of a python programmer I tend not to think of the string methods though.
JustASlacker	doubt it
JustASlacker	it will complaint if its a dict
winem_	however, found a way that actually works. thanks guys
Guest16511	misc: used the user module with the salt gen for the pass, works a treat :) ty
Guest16511	specified the user to root aswell :)
winem_	I think there is a bug / issue with the current master. would be great if anyone confirms before I create a git issue. whenever I use ansible-vault edit I am asked to change the password and have to enter the current + the new vault pw. and that's wrong I think. happened yesterday the first time
shaps	ACTION checks
shaps	winem_: you are running from devel right?
winem_	uh yes, devel on commit 0c5650ee1bdf9dea75a235888c91b4cf8be90efd
winem_	it's from tonight
winem_	*this morning
cloudbud	hi I have a jinja template , which has the snippet which I want to optimize .
cloudbud	$APP_HOME/logs/upstart.{{ app_name }}.log {{ "2>&1" if app_name in ['abc','def','geh'] or redirection is defined else ""}}
cloudbud	if I defned reditecyion variale in the group vars will it work
cloudbud	?
shaps	winem_: yeah, it looks like it
winem_	ok, will add a gitlab issue. thanks for verifying
rvgate	ACTION is also confirming now
rvgate	winem_, shaps, yes and no... if you have a vault_password_file in your config it does not ask you for a new password... but if you dont have it, it will ask you to change it
rvgate	winem_, i'd say create a bug report :)
winem_	rvgate: good catch!
rvgate	winem_, maybe figure out what change causes this?
winem_	yes, already checking the recent commits
shmem	.oO( commit, commit, damnit, wtfit? commit, commit )
rvgate	winem_, git bisect
winem_	ah, didn't know bisect yet. I'm back on it as soon as the current deployment is done
rvgate	winem_, im doing it as well, lets see if we can both find it :)
shaps	looks like ffe0ddea96bbe8ac27af816e58667c212e74688e broke it
shaps	ah lol, been quicker at bisecting :P
winem_	shaps: possible. I know that 92729 was still working.
rvgate	i think something is wrong with my setup xD
winem_	but hell, you have to enlighten me on this bisect topic. the git documentation link google gives me says "checkout commit, build it, use bisect to mark the rev as good or bad " for example. and do that for every commit. I guess you dodn't do that since you were too fast
rvgate	winem_, i did, but for some reason my ansible --version stayed at a specific commit everytime i tried to run it
rvgate	winem_, but yeah, git bisect for finding bugs is amazing... simple yes no questions and poof, there is your commit
winem_	ok, I'll for sure have to test it
winem_	now I would either have checked all commits step by step or use git blame to get a hint :D
rvgate	winem_, confirmed, it is that commit...
shaps	rvgate: you probably had a branch between the first good and bad version
winem_	just checkinig out that commit now.
shaps	bisect will put you at the base of the branch, because it wouldn't be able to find the commit
rvgate	shaps, yeah.. i did a bisect between latest dev and v2.4.1.0-1
rvgate	winem_, git checkout ffe0ddea && test is && git checkout ffe0ddea^ && test it
shaps	yep, try checkout devel and do "bisect good d6004852a2" / "bisect bad devel"
rvgate	winem_, so... bugreport? :D
winem_	ah I see what he did in that commit.. actually it would even be easy to fix. but my plate is already damn full...
rvgate	i can maybe fix it
rvgate	im on my break anyway
winem_	what's the correct process if you contribute to the ansible repo? just push to develop if you actually fix an issue or can you just fix it and leave a commit message like "fixing xy which came with commit ...."?
rvgate	winem_, fork ansible, create new branch from latest devel, fix it there, create PR with motivation
winem_	ah, the real cool way - thanks!
winem_	actually, the only right way if you ask me :D
rvgate	thats how i did it last times, and they accepted it.. so yeah :P
rvgate	maybe alikins himself can fix it :)
winem_	ah, he's already here. nice
winem_	alikins: are you around?
rvgate	russian accent you broke it
winem_	I assume there is any gotcha. the old default for the var was an empty array. why not just an empty string? I mean, it would probably be even more dirty... but I'm afraid to find any trap there. guess I'll just fix it in his version without reinventing the wheel
babilen	Does Ansible's ACL module support X (as in "setfacl -R -m u:foo:rwX /foo/bar") ?
shmem	what happens if you try?
babilen	shmem: I can't try right now, which is why I ask
babilen	Might be able to do it later, but would appreciate an answer (if possible)
shmem	what could possibly go wrong if you just do?
babilen	I am not in a position to run Ansible right now
shmem	answer deferred then ;-)
petn-randall	babilen: AFAICS it should work, 'recursive=yes entity=foo etype=user permissions=rwx path=/foo/bar'.
AndreasLutro	recursive x is not the same as X
ssbarnea	does anyone knows how to avoid getting results=[...spam] on console while using replace module? no_log: True seems to have no effect.
petn-randall	Oh, you meant X as in permissions ... I thought it was a placeholder for the following request.
petn-randall	ACTION slaps forehead.
Panther_1	does anyone know if there is a flag in the file module taht does the same like ln -n ?
JustASlacker	type: link
JustASlacker	state: link
Panther_1	JustASlacker: no does not help
JustASlacker	http://docs.ansible.com/ansible/latest/file_module.html
JustASlacker	its state
JustASlacker	not type
babilen	petn-randall, AndreasLutro: Thanks -- I'll check it myself once I'm back. Was just discussing with someone and this question came up
Panther_1	JustASlacker: if there is already a symlink to an directory I can't change it to another even with force= yes
babilen	The issue is indeed about x vs X
JustASlacker	Panther_1: thats a different question
Panther_1	JustASlacker: https://www.endpoint.com/blog/2009/09/25/using-ln-sf-to-replace-symlink-to
winem_	rvgate: well, it's too big for a topic to be fixed on the fly. I'll create a bugreport
Panther_1	JustASlacker: if you wan't thus you must use the option -n
JustASlacker	maybe you want state:absent then?
winem_	I think it can be done with a few chars and contitionals, but I already saw some pitfalls there any my head is full with stuff my boss actually pays me for :D
JustASlacker	I guess you need two operations for that
Panther_1	JustASlacker: that'S the problem I need it as atomic operation
Panther_1	JustASlacker: with ln it does like ln -sfn /new/target /path/to/symlink
JustASlacker	touch cookies, use shell module
JustASlacker	tough
Panther_1	JustASlacker: thee is no flag/option in the file module that triggers -sfn
JustASlacker	looks like it, yes
jl	how do I make this work - { role: myrole, param: "{{ 'my_' + var + 'param' }}" } and expand the vars in var ?
Panther_1	JustASlacker: ok so I'm not blind and can fill a bug/feature request
JustASlacker	ACTION shrugs
JustASlacker	guess so
kassav	hello guys, i have a question related to nexus
kassav	i use to download some actefects using maven plugin
kassav	the issue is when i run my downloads, all downloaded files will not change
kassav	but only one whose modification date always change
kassav	so my playbook will always download it
kassav	are there an explanation, depending on nexus?
petn-randall	kassav: If the modtime changes, that's a hint that the content also changed.
kassav	petn-randall: no, the content didn't change every minute
kassav	and i see that difference evry time i run the playbook
petn-randall	kassav: So does the modtime on the local or remote side change (or not change)?
kassav	the change is on the remote side, so that the plugin will download it again
petn-randall	kassav: I'd say that's expected and wanted behaviour, unless I'm missing something obvious.
kassav	petn-randall: i see that only on one artefact
hypercore	how do i connect to my newly created VPS?
kassav	i think there is a configuration in nexus
hypercore	in my inventory under ansible_ssh_private_key_file, should i copy the private key on the server here?
petn-randall	kassav: Are you updating something on the nexus side that causes this?
kassav	petn-randall: no
petn-randall	kassav: wild guess: Is that artifact file a symlink by chance? That might confuse the module.
kassav	petn-randall: no idea, it's not my part of the job
kassav	i just get artefacts as input
hypercore	anyone know?
shaps	hypercore: you should put the path to the private key there
hypercore	shaps: ok so i should copy the private key from my newly created VPS to my laptop and then reference it in my inventory file?
shaps	I'm not sure where you created that vps, why would you have the private key on your VPS? You should have the pkey locally and the public on the remote
Pistahh	hi, I have a list of URLs in a variable, I want to set another var to true if any of those URLs start with "ftp://" - is there a nice way to do this?
shmem	scalar grep m{^ftp://}, @list
Pistahh	.. in ansible..
shmem	ah ;-)
shmem	sorry ECHAN
asyd	shmem: scala?
Pistahh	happy people who don't recognise perl ;)
shmem	:D
asyd	ahah
shmem	anyways... porting that perl snippet to python is left as an excercise to the audience
petn-randall	hypercore: No, private keys never need to be copied around, it's a bad habit.
petn-randall	hypercore: First you need to set up SSH so you can use your private key to log in. That's not really the scope of ansible.
shmem	what petn-randall says. private keys are private, period.
hypercore	thanks
jjeganathan	Hey guys, I have two sections in my playbook. The first section has a role in which I have a set_fact = var. This same var is not usable in the second part of the playbook (undefined), why ?
jjeganathan	What I call section = hosts = host1
jjeganathan	section2 => host2 with different tasks
petn-randall	jjeganathan: Two things: 1) Avoid set_fact as much as possible, since it causes different behaviour if you're debugging your playbook with --start-at="foo" 2) Check http://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-scopes for the scopes of variables.
agaffney	jjeganathan: set_fact creates a host var, which is tied to the host the task runs against. from host2, you can use hostvars['host1'].your_var to access the var created in the first play
agaffney	Pistahh: some_var: "{{ True if (my_urls \| select('match', 'ftp://') \| list \| length > 0) else False }}"
iron_houzi	Are there any easy ways to load extra vars from environment?
agaffney	iron_houzi: it depends on what you mean by "from environment"
agaffney	you can use lookup('env', 'FOO') to grab an individual env var. you can even have an env var containing JSON and pass it through \|from_json, but the individual keys wouldn't automatically become ansible vars
iron_houzi	agaffney: I'd like to set vars from CLI without having to resolve envvars in the shell. It's leading to quote escape hell..
agaffney	example?
iron_houzi	chamber exec docker-registry -- ansible-playbook -i production test.yml -e "portus_db_password=$DATABASE_PASSWORD portus_secret_key_base=$SECRET_KEY_BASE portus_password=$PORTUS_PASSWORD"
iron_houzi	..the envvars gets resolved in the parent shell, not the child shell
kassav	can i use with_nested with a conditional when?
agaffney	iron_houzi: then use single quotes or escape the $ with \
iron_houzi	many programs support .env file or something to that effect .. probably best to use lookup() then ..
agaffney	you can also just explicitly use lookup() in your playbook to assign the value of those env vars to ansible vars
iron_houzi	agaffney: I've tried that..
iron_houzi	yeah, set in playbook is fine. Thanks
agaffney	iron_houzi: tried what, and to what effect? either of using single quotes or \$ would prevent the shell from evaluating those
agaffney	however, it's possible that one of the other shell instances along the way is doing it, since you're running 3 different commands all in one there
iron_houzi	ACTION hates shell quote escaping :(
agaffney	if you were running ansible-playbook directly, what I suggested would work just fine
iron_houzi	indeed
kassav	can i use with_nested with a conditional when?
agaffney	yes
kassav	agaffney: can i set the when item[0]=item[1] to depend on the two lists?
agaffney	I'm not sure what you're asking, but you want to use == for equality. = is assignment and isn't really relevant in a 'when'
kassav	agaffney: i'm not asking about the exact syntax, but about the usage
agaffney	it's not clear what you're trying to do, so I can't really comment on that
agaffney	you can do 'when: item.0 == item.1', but I have no idea if that makes sense for what you're trying to do
kassav	agaffney: double loop and get the good data$
agaffney	that doesn't really mean anything. I don't know what "good" data means or what your data structure looks like
kassav	agaffney: https://privatebin.net/?76c6dda1d950520c#CLSt56jtF8yoghJXv1EnI5guiiU8cvno7+RPRTa8TgU=
kassav	find the right vm for each element in the first list
kabalevsky	anybody else at the workshop in princeton
kabalevsky	?
kabalevsky	https://ansibleworkshop.com/workshops/Princeton
rvgate	kabalevsky, if you pay for the 8h flight, accommodation, food, drinks and have a talk to my boss, i might :P
kabalevsky	hah
kabalevsky	maybe after the training i'll get a raise ;)
rvgate	unless your boss pays for your training :P then its already covered
rvgate	and if you pay it yourself, he will probably say "though luck, not relevant for your job"
kabalevsky	we all got redhat red hats
kabalevsky	I say this is a quality workshop
rvgate	that is nice
bcoca	i got a rh hat, but it was too small, sent back for exchange ... but never got it ...:-(
lulak	did someone tried to modify .vmx (ESXi 6 ) with vmware_guests? Is it the customvalues section ( http://docs.ansible.com/ansible/latest/vmware_guest_module.html ) an option to do this?
marnej	hello
marnej	i am looking for setiing together when default and match
marnej	i need to use when, and wityhj items, but some items doesn't have element msg , so
marnej	when item.msg \| match("some") fails
marnej	when item.msg \| defaul() =="some"
marnej	this is finew, but am looking for matcvh statmens, instead of ==
kabalevsky	@bcoca sorry to hear that :(
bcoca	kabalevsky: no worries, if i really wanted it i would have followed up and bugged em about it, they are really nice and would have sent one right away
kabalevsky	yeah the RH guys here today are pretty cool
marnej	ah, sorry, now i fixed ir
marnej	when: item.msg\|default() \| match("vfat")
marnej	eorks fine
marnej	problem was in match statment
lulak	did someone tried to modify .vmx (ESXi 6 ) with vmware_guests? Is it the customvalues section ( http://docs.ansible.com/ansible/latest/vmware_guest_module.html ) an option to do this?
formanjo	bcoca: using daemonize from module_utils in my own ansible module is as simle as daemonize(<AnsibleModule>,<script I'm going to run as daemon>), bcos I'm getting some pickle error. Checking that the pickle.loads function before the end of daemonize is getting empty string which is not acceptable for pickle function. I couldn't find any example of usage of daemonize function, are there some examples?
bcoca	question for #ansible-devel really, service modules use the deamonize ... some of the networking plugins also
formanjo	bcoca: thanks, will try
kabalevsky	ok so quick question what is a real world purpose for the handlers section as opposed to having just a bunch of tasks?
bcoca	handlers execute once per host
petn-randall	kabalevsky: If you trigger the handler several times, it'll still just execute once.
bcoca	they execute after task sections, so multiple tasks can change config but only 1 handler runs
bcoca	well, yiou can notify mulitple handlers, but each one will only run once per host
bcoca	avoids restarting services x10 if you update 10 configs
bcoca	for example
petn-randall	Plus, if your playbook fails because your config template is screwed, you might not want to restart the service to it before fixing.
kassav	hello again,
kassav	https://stackoverflow.com/questions/48667150/ansible-double-loop
kassav	if i'm clear right now
tinita	hi, I have a problem with the synchronize module
tinita	my playbook is run against host A
tinita	and some tasks I delegate to host B
tinita	now I would like to rsync a directory from localhost to B
tinita	delegate_to: B doesn't help, because that would rsync from B to A
tinita	any ideas?
agaffney	'delegate_to: localhost' is probably what you want
tinita	agaffney: the documentation says: The “local host” can be changed to a different host by using delegate_to. This enables copying between two remote hosts or entirely on one remote machine.
tinita	"For the synchronize module, the “local host” is the host the synchronize task originates on"
tinita	if I use delegate_to: localhost, it asks me for the password of mylocaluser@A
tinita	seems it's not possible with synchronize
tinita	I'll delete the directory and then use recursive copy... :-/
kassav	no one got an idea here?
kassav	https://stackoverflow.com/questions/48667150/ansible-double-loop
petn-randall	kassav: You still haven't explained your problem and your goal. Crossposting is also considered impolite for various reasons.
petn-randall	kassav: What are you actually trying to do? It could be you're running down a certain rabbit hole and there's a much easier solution if you share your goal/problem with us.
kassav	petn-randall: it's a third party tool that you can specify your architecture (logical and physical), that helps you deploy in large scale servers
kassav	petn-randall: i'm i clear
Kim^J	Hm, is it possible to run a role as different users?
Kim^J	I have a role which sets some defaults in ~/.aws/config and I need to run it as different users.
Kim^J	Or do I have to rewrite the role to support multiple users?
Kim^J	Hm, I have to change the role, bummer.
larsks	Kim^J: you can use become: and become_user: on a play to control which user is running your roles.
winem_	how do you avoid that oyu have the same handler in multiple roles? let's say each role deploys it's own monitoring configuration and a restart of the monitoring agent is required.
larsks	winem_: put the handler in it's own role, and make that a dependency of the others.
winem_	ah, I already have such a role!
winem_	didn't know that it would work for handlers, too. nice. thanks
tinita	I posted my question here: https://stackoverflow.com/questions/48668247/synchronize-from-localhost-to-another-host-which-is-not-the-playbook-host
nashant	Hi all. Is it possible to do a regex match on a limit? e.g. -l 'group1:&(group2\|group3)'
agaffney	nashant: https://docs.ansible.com/ansible/latest/intro_patterns.html
agaffney	I don't think so
pwilc	quick question: Trying to use a block/rescue statement in 2.4.3 to send a slack notification on failure. I'd like said notification to contain the failure reason that would ordinarily be returned from the recap, which could be from any task. Any idea how to register/output that from within the rescue block?
agaffney	I don't think there's a way to capture the failure from any task in the block. however, you could probably just use 'register: foo' (with the same var) on all tasks, and it should contain the result from the last task run, which is presumably the one that failed
pwilc	Thanks, that was my suspicion. It feels a bit excessive to have to do that for every task, it already feels a bit much to have a rescue statement for every playbook rather than one globally. I was considering creating a custom slack callback plugin that only triggers on failure, I wonder if that would be better?
bcoca	agaffney: iirc 2.4 added vars with 'error from failed task' that rescue: section can use
bcoca	@jimi\|ansible ^ think you were one adding that feature?
pwilc	@bcoca: Thanks, I'll investigate that :)
agaffney	ooh, shiny
agaffney	I should really read the changelog for new ansible releases
jimi\|ansible	i think that was added a while back
jimi\|ansible	like 2.2ish?
jimi\|ansible	was that really just 2.4?
bcoca	i forget, which is why i pinged you :-)
jimi\|ansible	long story short, it should be there already :)
pwilc	any idea on the specific name? My best googling is returning nothing so far ;(
shmem	konversation terminiert!
dur117	I'm trying to delegate a copy task that is run on a vagrant VM, to the ansible/vagrant host machine. It's currently set with delegate_to localhost which works fine when running the playbook directly from the control machine, however if running vagrant provision (vagrantfile uses ansible provisioner), it thinks localhost is the guest machine. Anyone know of a way around this? I could put the IP of the machine running the playbook in, but it acts as a new
dur117	ssh session and complains about auth. I'm trying to get it to work as it would if I were to run the playbook directly. I'm running the ansible and not the ansible_local provisioner.
Xat`	hi guys
Xat`	I have a strange behavior when using selectattr and map : https://paste.ee/p/DoVQJ
Xat`	anyone can explain me why the debug part is failing ?
agaffney	Xat`: it's possible/probably that the 'src' param is getting converted to native data types on consumption. try your 'debug' with only the first selectattr() and see what the output looks like
bcoca	ansible_failed_task ansible_failed_result added in 2.1
Xat`	agaffney: yes I already tried that, it works fine when removing the second selectattr
bcoca	^ pwilc
Floflobel	hello, I try to configure the authorized_keys for several users and delete the old keys (thanks to the "exclusive" function). I try with a loop and it does not work, my first test is with a website and the second with key insertion in the variable. Paste: https://paste.fedoraproject.org/paste/dGWxvuEclcxzvqA4gRjmvQ
rvgate	winem_, did you manage to create the bug report?
winem_	yep. #35834
Xat`	agaffney: but I need the second selectattr in my use case
rvgate	winem_, sweet :)
pwilc	@bcoca Great! Thanks so much. Couldn't find that anywhere.
bcoca	changlog FTW
bcoca	i could not find it either
bcoca	we should actually add to 'block docs'
Xat`	agaffney: what do you mean by : "the 'src' param is getting converted to native data types on consumption"
pwilc	@bcoca https://github.com/ansible/ansible/issues/27970 (:
znf	Hello.
lulak	how to test if dict have some elements? https://thepasteb.in/p/0ghJWM5VNVvh5
znf	I'm trying to reboot all my ansible hosts, but one of them is down (currently in physical maintenance)
znf	I do `ansible all -a 'reboot -f' -t 20 -B 1 -T 1` yet it still gets stuck
Xat`	I have a strange behavior when using the 2nd selectattr : https://paste.ee/p/DoVQJ
Xat`	anyone has an idea ?
Xat`	I have a strange behavior when using the 2nd selectattr (regexp) : https://paste.ee/p/DoVQJ . When using 'equalto' on the second selectattr I don't have a fail
Xat`	but I really need to use 'match' (regex)
swc\|666	so why is it that ansible cannot accept a variable for the group[] name in templating??? Like {% for foo in groups['{{ bar }}'] %} foo {% endfor %}
swc\|666	I tried numerous things and wound up having to create a block of tasks that took a base template file with placeholder text, ran a script that sed replaced the placeholder text, just so I could set the 'bar' string to what I needed
mgedmin	swc\|666: {% for foo in groups[bar] %} ...
mgedmin	don't use {{ }} inside {% %}
Xat`	anyone knows why I can't use selectattr('src', 'match', '^.subnets.$')
lulak	how to test if dict contains some elements? https://thepasteb.in/p/0ghJWM5VNVvh5
Xat`	anyone knows why I can't use selectattr('src', 'match', '^.subnets.$') : https://paste.ee/p/DoVQJ
lambiekNL	bcoca: Do you have time to look at issue https://github.com/ansible/ansible/issues/15642
lulak	how to test if dict contains some elements? https://thepasteb.in/p/0ghJWM5VNVvh5 \| length > 0 works if its not empty, if its empty error shows up object of type 'NoneType' has no len()
jhawkesworth_	Xat`: not sure if I'm thinking of 'search' instead of 'match' but one of them seems to have an implicit * at the end of the pattern
jhawkesworth_	at least on 2.3.2
Xat`	jhawkesworth_: using 'search' instead of 'match' does the same problem
Xat`	that is really strange
pwilc	@bcoca This works as I'd hoped, thanks again :+1:
Xat`	{"failed": true, "msg": "Unexpected templating type error occurred on ({{ req_ipam_check_nat_all.json.data\|selectattr('type', 'equalto', 'source')\|selectattr('src', 'match', '^.*$')\|map(attribute='id')\|list }}): expected string or buffer"}
bcoca	pwilc: i dont get paid in thanks, but i do take your first born or beer!
bcoca	Xat`: wild guess. json.data is not a string, probably a list or dictionary
ktibi	Hi Ansible, is it possible to use lookup on url for load vars ??? The online file is in yaml format.
jhawkesworth_	Xat`: might be worth trying json_query to pick out the bits of json you need
Everspace_	ktibi: You would go something like lookup(url) \| from_yaml
Everspace_	Although I would VERY MUCH RECCOMEND to not base your deployment on an external URL.
ktibi	Everspace_, yes, I tried that but no success :/
ktibi	I need to get some vars (ldap export) for create some project in my appli :/
Xat`	bcoca: req_ipam_check_nat_all.json.data is here : https://paste.ee/p/DoVQJ
jhawkesworth_	Xat`: json query described here: http://docs.ansible.com/ansible/latest/playbooks_filters.html#json-query-filter
bcoca	Xat`: its a list
Xat`	jhawkesworth_: I already tried with json_query but someone here tells me to use 'selectattr' instead
ktibi	Everspace, I try that https://pastebin.com/raw/CmEkijFG But the debug return only one big vars
Everspace	ktibi: I would assume that's it's a pretty big var no?
Xat`	bcoca: yes it is a list. So I should be able to selectattr with a 'match', no ?
bcoca	Xat`: if i read this correclty, you want a list of dicts that have one attribute with the 'type' == source and anythin in src?
pwilc	@bcoca Is there such a thing as a patreon for contributors? :D
ktibi	Everspace, yes I have list_groups_file: " ALL DATA IN FILE" with escape '\' before all double quote in my data.
bcoca	but src is a dict, yet you match it as string
bcoca	"src": "{\"subnets\":[\"10\"]}",
bcoca	^ that is your problem
Xat`	bcoca: yeah but actually with selectattr('src', 'match', '^.subnets.$')
jhawkesworth_	match is still looking for a string though. the value of src is as bcoca says, is a dict.
bcoca	Xat`: ALL the json gets converted to native types, not just part of it
bcoca	so you cannot expect everything to be dict/lists 'except' the subdict you want to match as string
Xat`	mhh, that's not really clear to me
Xat`	I understand that the 'src' field contains structured datas
bcoca	but match REQUIRES a string, which src is not
Xat`	bcoca: 'src' is a string
Xat`	even if it contains a data structure
bcoca	the key 'src' is a string, the value for 'src' is a dict
bcoca	you are matching the value
Xat`	bcoca: that is strange because in another play, I have to do that somewhere : req_ipam_all_nat.json.data\|selectattr('type', 'equalto', 'source')\|selectattr('src', 'match', '^{\"subnets\":\\[.\"' ~ subnet_id ~ '\".}$')\|map(attribute='id')\|list\|first
Xat`	and this is working well
Everspace	bcoca: No I'm pretty sure that it's a string that has json in it for some reason. The debug would have pretty printed it otherwise.
bcoca	Everspace: dont rely on debug to print out the internal representation of a structure
Everspace	:\|
bcoca	it does it's own mangling
bcoca	it tries to print 'user readable data', not 'type accurate data'
Everspace	hnnngggg.
Xat`	In the other play, I evaluate 'src' value as a string
bcoca	Xat`: the error is that it is not getting the expected string, as i see the data, src is not a string ... not sure i can help you more than that
Xat`	thank guys ! I will still debug
Everspace	Is there an inverse to --limit on ansible-playbook outside of punctuating things with '!'?
bcoca	Everspace: inverse of limit? not really, limit is there to subset the hosts specified in play, you would have to update play to speicfy MORE hosts
winem_	rvgate: alikins assigned the issue to him by himself. :)
ingy	bcoca: I sent you a gist yesterday of a few `make tests` fails on mac on last stable commit of ansible
ingy	I can continue with the fails. just wonder if I'm DoingItWrong™
bcoca	sent how?
ingy	here :)
bcoca	ACTION has too many com channels
winem_	is there any reason that it's not possible to use something like -l/--limit for roles? I think it would be very helpful but I guess there is a strong reason why it does not yet exist and I might just miss something obvious
bcoca	winem_: roles dont map to hosts
bcoca	play == mapping of tasks to hosts
ingy	14:13:52 ingy \| bcoca: I get 11 `make tests` fails on stable-2.4 on OSX on python-2.7.10. Here's a gist of my test script and output: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd
bcoca	roles == reusable groups of tasks and other resources
ingy	With fail info starting here: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd#file-test-out-L3406
ingy	bcoca: otp now... bbiab
winem_	yes, I think a combination of -l hostgroupxyz and -something roleZZZ might be good.
winem_	actually, I just miss this if something goes wrong or when debugging.. hmm
bcoca	hmm role not found, is it in the paths described?
bcoca	ingy: did you install via homebrew?
bcoca	^ they rewrite some things and relocate others so it never works 'as expected'
Everspace	winem_: Roles are akin to functions. They have no baring on the play until they're encountered. It doesn't make sense to filter based on what a host MAY call in a playbook, nor is there a way to index what roles have ever happened on a particular host.
winem_	Everspace: thanks, that makes sense
bcoca	Everspace: you 'can' keep track of that via callbacks/logs
blammo	hey, i'm using hostvars in templates and it used to work fine, but now my plays hang when it tries to use a value from hostvars. is there any obvious cause by this description alone?
bcoca	blammo: no
Everspace	bcoca: Certainly, but at that point I would say you probably want to write a custom host script or something like that.
Everspace	invintory*
bcoca	yep
blammo	a simple example is: debug: msg={{ hostvars }}
boxrick	Can anyone explain this crazy error for me?
boxrick	https://gist.github.com/boxrick/ab70471b003b218296412e4faac60093
blammo	that hangs my play
boxrick	Since the use case seems incredibly normal and simple
boxrick	Does first found only work for templates?
Everspace	boxrick: no
Everspace	boxrick: You want msg instead of var.
ingy	bcoca: https://gist.github.com/anonymous/008b0802435a6508378bff42876e2dfd#file-test-L1 is the exact reproduction script I made that I run from a clone of the ansible repo. I'm not sure which if any homebrew parts would come into play here.
boxrick	It shouldn't really matter..
boxrick	Ill try anyway
Everspace	boxrick: var is for printing particular environment variables (eg: var=hostvars). msg is for everything else.
boxrick	Well var=item would work
boxrick	Just bad sytax here
boxrick	doh
boxrick	Obvious now you point it out, cheers
Everspace	:praisethesun:
SmashingX	this is how my playbook looks like: http://pastebin.centos.org/537361/
SmashingX	there’s a syntax error on that
SmashingX	apparently the line containing path is the problem but I don’t know why
SmashingX	I don’t know what I’m missing, can somebody help?
Praxi	no tasks section? or is that just a snippet of your playbook?
flowerysong	SmashingX: Task lists go under the tasks key in the play. https://gist.github.com/flowerysong/6c8acc5aa8440cf8153cc13bb9e1b578
SmashingX	Praxi: I’m super new to ansible so I that’s all I have
Praxi	ya look at @flowerysong's example, he added the missing bits for you :)
SmashingX	flowerysong: thank you
SmashingX	so do I always have to have Tasks before the actual tasks?
Praxi	yes
Praxi	https://docs.ansible.com/ansible/latest/playbooks_intro.html get ya started
SmashingX	now it’s complaining about the tasks line
Praxi	did you copy @flowerysong 's code completely?
Praxi	yaml is a serialized space sensitive language
ingy	I would say it is a space sensitive serialization language :)
ingy	but I guess either is a SSSL™
SmashingX	https://s18.postimg.org/3otbc2bo9/Virtual_Box_Cent_OS_exam_Clone_07_02_2018_11_47_29.png
Praxi	ya your alignment is wrong
Praxi	2 spaces
Praxi	always 2 spaces
SmashingX	alignment?
SmashingX	Does Ansible care about indentation?
agaffney	SmashingX: https://docs.ansible.com/ansible/latest/YAMLSyntax.html
SmashingX	what?
agaffney	no, the YAML parser does
SmashingX	oh come on
agaffney	ansible playbooks are YAML documents. indentation and alignment is meaningful in YAML
Praxi	not specific to ansible, just to yaml. get yourself a good editor, and it will complain about things like that
Praxi	at least keep the basics from biting you :)
SmashingX	but come one
Sketch	i don't think it _has_ to be 2 spaces. but it has to be indented correctly and consistently.
SmashingX	there are more important things to worry about than identation
SmashingX	please YAML remove that thing
Praxi	just don't see it happening :)
agaffney	SmashingX: indentation in YAML isn't cosmetic. it defines the structure of the document
Sketch	^
flowerysong	You're building a data structure. If your indentation is wrong it can't be parsed into the correct structure without other indicators.
Sketch	it's like python. indentation matters.
t0ken	ACTION is just happy it isn't XML
SmashingX	agaffney: I get that, but the language should leave that to the end user not to be part of syntax
flowerysong	YAML is a superset of JSON, so if you want to not care about indentation you can write your playbooks in JSON.
agaffney	SmashingX: you should really read through the YAML syntax doc and https://docs.ansible.com/ansible/latest/playbooks_intro.html#basics before proceeding any further
Sketch	SmashingX: then it would be a different langauge.
SmashingX	why ansible then chose to use YAML
flowerysong	But I don't recommend it. https://gist.github.com/flowerysong/4736817884ce16a062181cdc0ad0d220
agaffney	SmashingX: YAML uses indentation rather than curly braces all over the place for structure, much like python
SmashingX	if I guess there are so many better languages than don’t care about so basic stuff like identation
Sketch	probably because it's nice and compact and works well for this particular use case
agaffney	SmashingX: complaining/questioning it doesn't do anyone any good. the decision was made many years ago and nothing will change
ingy	it also can use curly braces all over the place!
Sketch	and easily human readable
ingy	also like python (for data)
agaffney	SmashingX: yes, those languages don't care about indentation because it's not part of the structure. YAML cares because the indentation actually means something
agaffney	SmashingX: if you don't like YAML or dealing with indentation, feel free to go use another automation tool where indentation doesn't matter
Sketch	also don't bother looking at salt, it uses yaml too.
SmashingX	ok, I guess the short question for me is: if you want to use ansible then stick to the “basic” syntax rules otherwise use other software like chef or whatever
Praxi	indentation concerns will definitely make python difficult :)
SmashingX	I guess, I have to use ansible so even though I think I will hate this YAML language I will have to use it
SmashingX	Praxi: probably that’s why I don’t like python
SmashingX	and I try to avoid it
Praxi	then ansible seems a really odd choice, my friend
SmashingX	my company likes it
agaffney	if you quit trying to avoid it, you'll get over the indentation thing eventually
SmashingX	so I will have to live with this hate
agaffney	that's fine, but don't bring the hate here
SmashingX	there’s no way around it
ingy	SmashingX: you can put JSON in any Ansible YAML file and it will work.
agaffney	we don't care if you hate it, and it's not productive
Praxi	what are you gaining out of it? ahh gotcha, that makes sense. I personally love python, and ansible is a treat to work with compared to some of the others I have messed with. Mainly puppet.
SmashingX	agaffney: ok is not my hate, I’m just sharing my opinion, if you don’t want me to share my opinion that’s fine I will shut up
Praxi	we are here to help each other, not debate historical design choices :)
SmashingX	ok thank you for the help
Praxi	you can do a lot with json as well, check out the json_query and jmespath.org
grimm665	hi all, does anyone know if ansible-pull can utilize a git server with ssh on a different port? or can ansible-pull use username and password for https git?
SmashingX	if I want to apply the same permissions to different directories with the ACL ansible module can I add another path line or do I have to add another acl: block?
agaffney	grimm665: ansible is mostly just passing the provided git URL to the 'git' binary, so it's whatever it can support in its URL scheme
grimm665	agaffney: so if i include the port in the URL, it should go along just fine?
agaffney	SmashingX: you can do another 'acl' task, or use a loop on that single task with multiple paths
Praxi	check out with_items @SmashingX , should probably really check out some of the intro documentation though
agaffney	grimm665: yes, I think so. something like git+ssh://my.git.server:7999/foo/bar.git should work fine
grimm665	agaffney: awesome, thank you
Praxi	https://docs.ansible.com/ansible/latest/playbooks_loops.html @SmashingX
spufi	anyone else who registered for the vscode/ansible webinar? Was connected to the webinar, but now it states its removed O_o
SmashingX	can I ask what state: present means?
flowerysong	Depends on the module. Usually it means that a resource should be present.
flowerysong	If you're still talking about the acl module, https://docs.ansible.com/ansible/latest/acl_module.html
Praxi	installed/present/set etc... its generic terminology for most ansible modules.
blammo	bcoca: it seems hostvars may have grown too large and it is just painfully slow
blammo	my inventory file may be out of control :(
blammo	bcoca: actually something to do with encrypted values in group_vars
lulak	idea how to test number of elements in foo: ? https://thepasteb.in/p/pghQLvBmkq4HR
lulak	a
flowerysong	lulak: {{ (foo is none \| ternary([], foo)) \| length }}
flowerysong	(It gets more complicated if foo might be undefined.)
halberom	you might be able to just do custom.foo\|default('', True)\|length
halberom	which would (i think) also handle undefined
flowerysong	halberom: No, because default triggers only on undefined, not on blank.
halberom	see the 'True' bool param
halberom	it changes the default handling of null vars
halberom	and empties
lulak	uh..
flowerysong	Oh, right.
flowerysong	My bad.
lulak	halberom: flowerysong; thanks
lulak	what is default('', True) ? if custom.foo \| else empty string ?
halberom	basically, you can use '', [] or {}, anything that'll work with \|length.
lulak	halberom: i dont get diffence between custom2.foo\|default({}, True)\|length and custom2.foo\|default({})\|length
lulak	*difference
halberom	check the jinja docs for the description of the default filter, it changes how default handles certain situations.
lulak	halberom: can you help me please with one more thing? How to test it in nested dict? thanks https://thepasteb.in/p/r0hwj1vwR1NCK
halberom	lulak: no idea what you're trying to do there, it def looks wrong.
lulak	halberom: count elements in custom.foo.{anna\|john}.houses if exist
halberom	your with_items should be a list of ['anna', 'john'] then
lulak	these names are dynamic variables for me...
lulak	count elements in custom.foo.{1,2,3....n}.houses if exist
halberom	oh, that's... a bit harder.
halberom	lulak: easiest is to loop through, and increment count. trickier is to use something like json_query
halberom	not something i can help with at this time
lambiekNL	bcoca: Do you have time to look at issue https://github.com/ansible/ansible/issues/15642
agaffney	lambiekNL: why are you poking bcoca directly to look at an issue that hasn't been touched in over a year?
lambiekNL	agaffney: Because I asked here in general about the issue and was redirected to bcoca.
lambiekNL	If someone else can have a look at that issue, I really wait for the availability of the pfexec become method.
agaffney	lambiekNL: have you tried later versions of ansible? it sounds like you have a possibly working solution. have you created a PR for it?
lambiekNL	agaffney: I did not create a PR for this. If I change the code about the quoting it can break other parts which need quoting.
agaffney	I kinda doubt that bcoca has an OpenIndiana system around to look at this issue, but you never know with him
lulak	halberom: like this? https://thepasteb.in/p/WnhzYPBVAz2sV
lambiekNL	Nobody else is using Solaris / Openindiana with pfexec and ansible?
bcoca	agaffney: .. i do ...
agaffney	of course, you do...
Dink	Hello, Is there a way to use an aws acm cert with elb_application_lb ? Anyone know of a workaround if it does not ? I did a quick investigation and it seems like aws acm cert is boto3 which I don't think these modules support yet.
bcoca	lambiekNL: i try to avoid it, but do have image 'resting' jic
agaffney	lambiekNL: they may be, but they aren't necessarily in this channel and active right now :)
Enphuego	When you use --vault-password-file, how does ansible know that it's supposed to be a script not a text file?
bcoca	lambiekNL: seems like quoting reqs changed?
bcoca	or is it forcing pfsh?
agaffney	Dink: the elb_application_lb module uses boto3
agaffney	Dink: while many of the older AWS-related modules use boto2, that one is new in 2.4, and all new ones should be using boto3
lambiekNL	bcoca: I tried several versions of ansible in the past, but none of them worked with pfexec.
agaffney	Enphuego: probably the +x bit, same as with inventories
bcoca	i know it was working at one point, but not sure that has changed in ansible itself, my guess is changes in pfexec or solaris/derivative environment
Dink	agaffney, ok let me double thanks for the info. Will circle back in a bit. Do you know if you can use acm certs though with it ?
bcoca	no one really touched pfexec since it was originally working afaik
agaffney	Dink: I have no idea
bcoca	lambiekNL: also im running 151 .. not sure if that is ancient at thsi point
JustASlacker	151?
bcoca	oi_151a8 build
agaffney	Dink: looking at the docs for the module, it just expects a certificate ARN, so it may "just work"
lambiekNL	bcoca: I'm especially interested in Solaris 11.3
bcoca	lambiekNL: understood, but i dont have a solaris 11.3 box to test against
lambiekNL	I'm not sure if Openindianna still is on par with Solaris
Dink	agaffney, I have a feeling I tried it a while back and didn't work. Will try again in a bit to see. Maybe something changed recently.
agaffney	Dink: I don't know if the AWS API or boto3 makes a distinction between IAM and ACM certs
lambiekNL	Well, I have several Solaris instances, I can test things if needed, but I'm not just that good to propose a solution.
Enphuego	can the scripte for --vault-password-file be a bash script?
Dink	agaffney, It works !!
agaffney	Enphuego: yes. ansible just needs to be able to execute it and it needs to spit out a password to STDOUT
Dink	agaffney, hmm maybe it was for the classic elb that didn't work previously.
bcoca	lambiekNL: i can suggest, use -vvv to see 'exact command passed' and see if you can fix that, from fix i might be able to 'fix the code to produce fixed command'
lambiekNL	bcoca: <lnx1958vm> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/lambert/.ansible/cp/0868fd9afe lnx1958vm '/bin/sh -c '"'"'chmod u+x /export/home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-253155990020121/
lambiekNL	/export/home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-253155990020121/setup.py && sleep 0'"'"''
lambiekNL	<lnx1790vm> (1, "'echo BECOME-SUCCESS-vljzedpolzvppnmcngrharsflwqczqsg; /usr/bin/python /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/setup.py; rm -rf /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/ > /dev/null 2>&1': No such file or directory\r\n", 'Shared connection to lnx1790vm.internal.asp4all.nl closed.\r\n')
lambiekNL	fatal: [lnx1790vm]: FAILED! => {
lambiekNL	"changed": false,
lambiekNL	"module_stderr": "Shared connection to lnx1790vm.internal.asp4all.nl closed.\r\n",
lambiekNL	"module_stdout": "'echo BECOME-SUCCESS-vljzedpolzvppnmcngrharsflwqczqsg; /usr/bin/python /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/setup.py; rm -rf /home/admin.lr/.ansible/tmp/ansible-tmp-1518038377.16-254859797951285/ > /dev/null 2>&1': No such file or directory\r\n",
lambiekNL	"msg": "MODULE FAILURE",
lambiekNL	"rc": 1
lambiekNL	}
lambiekNL	sorry
JustASlacker	O_o
bcoca	lambiekNL: gist/pastebin or you'll get kicked for channel flooding
lambiekNL	bcoca: That was the purpose, hit wrong clipboard...
lambiekNL	pastebin link: https://pastebin.com/Vu4nq1F6
bcoca	understood, in any case that is the error, seems same as ticket, just need to know 'what is right way'
bcoca	lambiekNL: something looks wrong with your paste .. no become method
lambiekNL	bcoca: I'm looking into it
Mixer9	Hello all, I am attempting to use a playbook that uses the vmware_guest module in tower, I have machine credential , and cloud credential added to template however I get error about needing username and password in the playbook. How do I reference a stored cloud credential in my playbook so tower will run it using the cloud credential?
lambiekNL	bcoca: updated the pastebin info: https://pastebin.com/Vu4nq1F6
unoriginal	exit
bcoca	lambiekNL: not using pfexec, you are hacking in pfsh
bcoca	the method was not designed that way
lambiekNL	bcoca: perhaps the pfsh is the most fancy way to do it but if pfexec needs to be used I will update the pastebin right away.
bcoca	lambiekNL: its not the pastebin that matters, its how you configured/feed ansible info so it can use it
winem_	are there any known issues if the remote user is the same as the become_user?
agaffney	winem_: afaik, that should be a no-op
winem_	I thought the same but I ran into some issues and I'm not sure if that's not related because it's the first tame that both users are the same. so if there are no known issues, I will take a closer look at it
winem_	I mean, the playbooks till works fine but I have permission issues, when I use the shell commands. will proceed with the investigation :)
bcoca	become is for 'becomeing a different user' ... having them both be the same ..
winem_	actually, it should not be the case that the remote user is the same as the become user but I didn't think about it when I run the playbooks for the new project.
winem_	well, that's a good point. do you have / recommend a dedicated user for ansible?
bcoca	no
bcoca	i dont have, i recommend 'whatever works for your environment'
bcoca	as we dont all have same requirements and constraints
Mixer9	Hello all, I am attempting to use a playbook that uses the vmware_guest module in tower, I have machine credential , and cloud credential added to template however I get error about needing username and password in the playbook. How do I reference a stored cloud credential in my playbook so tower will run it using the cloud credential?
lambiekNL	bcoca: pfexec does not allow multiple commands so an ansible script should be executed by pfsh
lambiekNL	I've updated the pastebin once more with an example of /bin/sh -c "pfsh ..."
bcoca	pfexec gets only 1 command, a shell with the quoted 'chained commands' inside
bcoca	the method was NOT designed to work with pfsh , so just injecting it there is probably what is breaking it
lambiekNL	bcoca: understood. Unfortunately pfexec tries to execute everything between the quotes as 1 single command and provides a file not found error. How can I turn the issue into a feature request a method for pfsh?
lambiekNL	bcoca: understood. Unfortunately pfexec tries to execute everything between the quotes as 1 single command and provides a file not found error. How can I turn the issue into a feature request for a method for pfsh?
bcoca	open feature request for pfsh
bcoca	lambiekNL: not sure why pfexec is trying to execute the string, it should be passed to the shell, pfexec should be executing a shell
lambiekNL	from the man page pfexec sets a PRIV_PFEXEC flag to the current shell and executes the specified command. the man page also refers to pfsh, pfbash and many other shells so I thing some major change is being done on pfexec.
bcoca	possibly, the current method was probably wirttend 2+yrs ago
kiwimatt	ansible forks, is there anyway we can determine through monitoring if we are hitting the number of forks currently configured, also is there a sizing guide that would help us determine an optimal setting?
agaffney	kiwimatt: if you have 'forks' set to 5 (the default) and have a play running against 6 hosts, you're hitting the limit
agaffney	there is no sizing guide that I'm aware of. the optimal setting for 'forks' is a function of the the CPUs/memory in the machine where you run ansible, as well as the configured limits
bcoca	forks is the 'upper limit' but will only be hit if you have 'more hosts than forks' or serial set to a number ?>= forks
kiwimatt	thanks @agaffney, was hoping to put some science behind it a little with metrics as we have a team of about 10 staff running plays off a single ansible server at various times so hard to gauge the number of plays over time and the highest water mark, also be great to know for a certain amount of forks the reccommended cpu/memory/network minimums
agaffney	kiwimatt: it will be quite difficult to come up with an optimal 'forks' setting if you have multiple ansible-playbook instances running at the same time, since the setting applies to each instance, and is not cumulative
agaffney	ansible itself doesn't really have metrics to tell you what exactly it is doing, but you can look at system level metrics around CPU/memory/proc/file usage and make some assumptions
agaffney	the amount of memory/CPU used by a given ansible fork varies depending on your playbook
kiwimatt	agaffney: do you mean that forks setting is per user
agaffney	no, it's per running instance of ansible
agaffney	if you set 'forks' to 50 and run 3 ansible-playbook instances, you can have up to 150 running forks
kiwimatt	so we'd have 1 instance and many users all contrained by the forks value?
kiwimatt	ah
agaffney	you could of course write a wrapper script that adjusts 'forks' on the fly depending on what else is going on on the machine, but that's not something that ansible itself does
agaffney	it would be interesting to have a "smart" forks setting where you set an upper limit on certain resource utilization, but even that would probably only work at the beginning of a playbook run and not adjust as the play gets executed
kiwimatt	and if the forks limit is exceeded, is the result queuing? and is there a timeout for queue items if not processed fast enough
agaffney	if you have 10 hosts and 'forks' set to 5, ansible just works on 5 hosts at a time
agaffney	iirc, the forks are created at the beginning of the run, not spawned for each host/task combination
agaffney	but I'm not positive about that
bcoca	or just use 'nice anisible'
agaffney	I made the "mistake" of using nice/ionice with puppet once, not realizing that those settings would be inherited by any command run by the puppet agent, including services started
agaffney	that doesn't apply to ansible, at least when using any "remote" connection plugin
agaffney	it worked great until a few weeks later when puppet restarted httpd, and it was suddenly moving like molasses
bcoca	lmao
agaffney	I'd added them in the first place because somebody claimed that the puppet agent was dragging down some systems, so it was "funny" when those systems were still getting dragged down with the puppet agent nice/ionice'd into oblivion
agaffney	but it seemed like a reasonable thing to leave in place
agaffney	their suggestion was just to disable puppet all together
agaffney	which of course was never going to happen :)
bcoca	well that is the issue with agents, they CAN interfere with the actual use of the machines
bcoca	one reason normally nice/ionice npre
bcoca	but its actually a 'feautre' that commands it runs are still niced/ioniced
kiwimatt	we'll do some testing and see what we can come up with @agaffney, thanks for the info
bcoca	also i never used it for executing recovery scripts, alwasy did via ssh
mmercer	which are people more regularly using these days, import_tasks or include_tasks
bcoca	mmercer: both, depends on your needs
mmercer	ACTION is curious if there is an overall trend for which one people actually replaced the classic -include with
mmercer	bcoca: i seem to have a lot more issues using the include_tasks, which doesnt make much sense to me. i understand the difference between the two, i just dont understand why its making a difference in some of our invocations
agaffney	mmercer: import_tasks behaves like include in most cases
mmercer	agaffney: thats what i had observed, i just wasnt sure if that was 'accurate' from code standpoint
bcoca	import-tasks == include+static, include_tasks == include+dynamic
mmercer	i had actually 'expected' the reverse given the 'include == include' lol
bcoca	static has always been 'more stable' but has 'less features'
mmercer	less features ?
bcoca	cannot be made conditional, for example
bcoca	cannot use hostvars
mmercer	oooh, interesting, i dont think i realized the hostvars limitation
mmercer	but cannot be made conditional? isnt when: considered a conditional inclusion ?
bcoca	yes, but does not apply to the include/import, it applies to the included imported tasks, unlike include_tasks
mmercer	ahhh
bcoca	final effect is same, just one way you skip 10 tasks, the other 1
mmercer	interesting
agaffney	the include isn't conditional, but the tasks inside it are
mmercer	so, here is the one that i was surprised to see it worked one way, but failed the other: https://gist.github.com/mmercer-apixio/f3b78ddcad81d2c7b17003aa1a5a8e82
mmercer	initially, i had it defined as include_tasks, and for a while that seemed to work -- recently i reupdated our ansible to 2.5.0a1 as opposed to an older 2.5 dev release of it, and i think thats where it slightly changed, and i dont particularly understand why it doesnt work as an include_tasks
mmercer	the invocation sets all of the expected variables, the dict is defined and the parameters are all good...
agaffney	2.5 is apparently removing the "feature" that causes some attributes at the include level to cascade to tasks in the include
agaffney	I don't know the motivation behind this
agaffney	this is probably also why include was removed from the deprecation list for 2.5 earlier today :)
agaffney	bcoca: can you comment on that?
bcoca	keywords on include_X apply to the include, keywords on import_X are inherited by imported
bcoca	we ARE looking at adding a option to include_X to 'set keywords for included'
bcoca	but wont be in 2.5
mmercer	ahh, interesting
mmercer	apparently my older dev branches hadnt been affected by that change, but updating to 2.5.0a1 did
mmercer	ok, that clarifies that