ansible
Archived0205
Discussions related to ansible configuration management
E
erik12 months ago
archived the channel
Sivakumar CDabout 1 year ago
👋 Hello, team! 🙂
mimoover 1 year ago
Hey everyone
What would be the best way to process log files and journalctl logs with Ansible as a base for decision making task execution that will come afterwards?
What would be the best way to process log files and journalctl logs with Ansible as a base for decision making task execution that will come afterwards?
Balazs Vargaover 2 years ago
anybody updated to 2.6 ansible ? we are having issues with mysql user
Jonathan Leover 2 years ago
Just discovered https://www.jetporch.com/ by the creator of Ansible. I checked out some of the playbooks and it looks very very close to Ansible, except the engine is written in Rust, so assuming it'll be much faster and much more scalable.
ikarover 2 years ago
Hey all,
few weeks ago we decided to use AWS profiles (not to use the default one) but I'm not sure how to set profile (and region) in ansible.
There is no such configuration in ansible.cfg (https://docs.ansible.com/ansible/latest/reference_appendices/config.html).
So instead of this:
we have to do this:
which is annoying.
As a workaround we can use environmental variables (
❓️ is there a way ho to set environmental variables in ansible.cfg or ansible in general ❓️
few weeks ago we decided to use AWS profiles (not to use the default one) but I'm not sure how to set profile (and region) in ansible.
There is no such configuration in ansible.cfg (https://docs.ansible.com/ansible/latest/reference_appendices/config.html).
So instead of this:
- debug: var="{{ lookup('amazon.aws.aws_secret', 'redis/access') }}"we have to do this:
- debug: var="{{ lookup('amazon.aws.aws_secret', 'redis/access', profile='xxx', region='eu-central-1') }}"which is annoying.
As a workaround we can use environmental variables (
AWS_PROFILE and AWS_REGION) but setting it globally or prepending to every ansible-playbook call is not ideal.❓️ is there a way ho to set environmental variables in ansible.cfg or ansible in general ❓️
jonjitsuover 2 years ago
Anyone have any recommendations for roles for java & tomcat?
Balazs Vargaover 2 years ago(edited)
I tried to create aws global database with https://docs.ansible.com/ansible/latest/collections/amazon/aws/rds_cluster_module.html module, but I could not make it.
I used the following task:
It creates the cluster and I can add instance into it with the instance module, but when I use the following task to add read member to the database.
but I see it created a replica cluster and not a cluster part in global dtabase
I used the following task:
- name: GLOBALDB|CREATE - Create primary
amazon.aws.rds_cluster:
cluster_id: "test-cluster-primary"
engine: "aurora-mysql"
engine_mode: "global"
engine_version: "8.0.mysql_aurora.3.04.0"
vpc_security_group_ids: "sg-12345678976"
db_subnet_group_name: "db-subnet"
global_cluster_identifier: "global-test-ansible"
db_cluster_parameter_group_name: "param-cluster"
apply_immediately: true
master_username: test_user
master_user_password: "PASSWORD.1234!"It creates the cluster and I can add instance into it with the instance module, but when I use the following task to add read member to the database.
- name: GLOBALDB|CREATE - Add new member to db
amazon.aws.rds_cluster:
cluster_id: "test-cluster"
engine: "aurora-mysql"
engine_mode: "global"
engine_version: "8.0.mysql_aurora.3.04.0"
vpc_security_group_ids: "sg-12345678998"
db_subnet_group_name: "test"
replication_source_identifier: "arn:aws:rds:REGION:account:cluster:trst-cluster-primary"
apply_immediately: true
global_cluster_identifier: "global-test-ansible"but I see it created a replica cluster and not a cluster part in global dtabase
Andrew Miskellover 2 years ago
Is it possible to configure a set of host variables for all hosts in an inventory?
I'm using aws_ec2 plugin and want to set the following variables for all hosts so I don't have to repeat them over and over in each playbook since we're using aws_ssm connection plugins to connect to all our ec2 hosts.
ansible_connection: aws_ssm
ansible_aws_ssm_region: us-east-1
ansible_aws_ssm_bucket_name: <bucket name>
ansible_remote_tmp: /tmp/.ansible
ansible_python_interpreter: python3
I checked the documentation and below seems right based on the docs, but it's not working ansible is still trying to connect via ssh.
I'm using aws_ec2 plugin and want to set the following variables for all hosts so I don't have to repeat them over and over in each playbook since we're using aws_ssm connection plugins to connect to all our ec2 hosts.
ansible_connection: aws_ssm
ansible_aws_ssm_region: us-east-1
ansible_aws_ssm_bucket_name: <bucket name>
ansible_remote_tmp: /tmp/.ansible
ansible_python_interpreter: python3
I checked the documentation and below seems right based on the docs, but it's not working ansible is still trying to connect via ssh.
all:
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_region: us-east-1
ansible_aws_ssm_bucket_name: <bucket-name>
ansible_remote_tmp: /tmp/.ansible
ansible_python_interpreter: python3
plugin: amazon.aws.aws_ec2
regions:
- us-east-1
keyed_groups:
- key: tags.Application
separator: ''
- key: tags.Tenant
separator: ''
hostnames:
- name: 'tag:Name'
compose:
ansible_host: instance_id
Dan Herringtonover 2 years ago
Hey all, I'm wondering if anybody here uses ansible for some system ops tasks like backup?
I'm migrating those scripts off of cron to airflow, but then thought they could also be executed from ansible.
I'd still use airflow to schedule the ansible playbook, but then create a group of servers on that the backup playbook gets applied to.
I'm migrating those scripts off of cron to airflow, but then thought they could also be executed from ansible.
I'd still use airflow to schedule the ansible playbook, but then create a group of servers on that the backup playbook gets applied to.
ag4veover 3 years ago
I’m trying to write a library (or modify one) to build up state and write a save file. is there a way to have a global state or save the AnsibleModule object between role calls?
Balazs Vargaover 3 years ago
hello all, I have multiple dicts under different variable... they have the same key / value pair inside... how can I iterate over them to generate a config from them ?
rosscdhalmost 4 years ago
Hey all!
am using https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_instance_module.html to create a number of instances… it has a volumes segment however not the ability to use a
quick questionam using https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_instance_module.html to create a number of instances… it has a volumes segment however not the ability to use a
snap-xxxxx volume.. what is the prescribed way to attach a snapshot volume? considering the older ec2 module supported it?B
Balazs Vargaalmost 4 years ago
Any issue with galaxy api endpoint ? I see this error constantly
Balazs Vargaabout 4 years ago
we have clusters in aws where we use ansible to create from scratch to end. ON vpc create we set a subnet where ansible can use a slice of it and create a vpc using that subnet. My question is. we can create vpcs simultaneous so sometimes we create 2 vpc with same subnet and that causes access issue.
My Question is how can I avoid it?
My Question is how can I avoid it?
Balazs Vargaabout 4 years ago
how can we read an email over imap ? Is there any module or need to use e.g. java api and call with raw module ?
Ozzy Aluyiover 4 years ago
- name: Comment out agent address.
replace:
path: /etc/snmp/snmpd.conf
regexp: '^(.*agentaddress 127.0.0.1,[::1].*)'
replace: '#agentaddress 127.0.0.1,[::1]'Ozzy Aluyiover 4 years ago
Hi All, I am trying to
comment out a line in an SNMP conf. file using ansible. The line has some whitespaces. How can I use ansible to comment out this line. I have tried using the replace command, no joy!
Pierre-Yvesover 4 years ago(edited)
A recent windows update enforce the use of credssp with port 5986
follow the SSL guide below to fix the issue for one server
http://www.hurryupandwait.io/blog/understanding-and-troubleshooting-winrm-connection-and-authentication-a-thrill-seekers-guide-to-adventure
follow the SSL guide below to fix the issue for one server
http://www.hurryupandwait.io/blog/understanding-and-troubleshooting-winrm-connection-and-authentication-a-thrill-seekers-guide-to-adventure
joeyover 4 years ago
fwiw - i posted this just now on some potentially bonehead stuff i'm trying to do 🤷♂️
https://groups.google.com/g/ansible-devel/c/TOQGJu-CLjo - "data modeling - group_vars and inventory with deeply nested subdirectories - example included"
if anyone has strong opinions or feedback would greatly appreciate it
https://groups.google.com/g/ansible-devel/c/TOQGJu-CLjo - "data modeling - group_vars and inventory with deeply nested subdirectories - example included"
if anyone has strong opinions or feedback would greatly appreciate it
Jaesonalmost 5 years ago
Hi. I’m using ansible to install a slew of dependencies for a build server of an app written in 2013 … I’m looking at win_package, and currently scratching my head over the product_id field. I’m also considering trying to look up the dependencies on chocolatey, but I didn’t get a real great feeling about using it for an organization. I’ve read the documentation, but I’m not windows-saavy enough to understand it.
Pierre-Yvesalmost 5 years ago
Bart Coddensalmost 5 years ago
hi all, could you query the tag of a volume on AWS, if it matches a name only then execute your ansible task
Pierre-Yvesalmost 5 years ago
Hello,
how do you organize your ansible code with repository ?
I have a mono repos but it start to become quite big and I am thinking on creating multiple ..
do you have a dedicated repo for common modules ? one per application or application group ?
how do you organize your ansible code with repository ?
I have a mono repos but it start to become quite big and I am thinking on creating multiple ..
do you have a dedicated repo for common modules ? one per application or application group ?
sheldonhabout 5 years ago
Does anyone use ansible to build your containers rather than Docker files with bash scripts?
I read that ansible had container build stuff but it never seemed to be very popular. I guess I still struggle with the haphazard nature of Docker files in comparison to a more declarative approach that handles a lot of the package matching to the right distro and so on. I could use packer which is cool, but still seems like something could just be much better here
I read that ansible had container build stuff but it never seemed to be very popular. I guess I still struggle with the haphazard nature of Docker files in comparison to a more declarative approach that handles a lot of the package matching to the right distro and so on. I could use packer which is cool, but still seems like something could just be much better here
Balazs Vargaover 5 years ago
quick question: I would like to lookup an dns result... I know I can do it with: {{ lookup('dig', 'example.com', 'qtype=NS' ) }} but how can I dig using a variable ?
Balazs Vargaover 5 years ago
hi all,
Brij Sover 5 years ago
Hey guys, I can’t seem to get
For example,
The regex seems to work on regex101 online 🤔 am I missing anything
regex_replace to work with the following:account_type: "{{ caller_info.account_alias| regex_replace('([a-z]*$)/', '\\1') }}"For example,
caller_info.account_alias =org-dig-sandbox-nonprodaccount_type should return nonprodThe regex seems to work on regex101 online 🤔 am I missing anything
Jason Gilfoilover 5 years ago
pretty sure you can't https://github.com/ansible/ansible/issues/3907#issuecomment-23064042
sahil kambojover 5 years ago
how can we allow '-' in variable in ansible
Brij Sover 5 years ago
any idea whats wrong?
Brij Sover 5 years ago
the value should not contain any spaces 🤔 the output is as follows
"route53_zone_info | json_query('results[1].ResourceRecordSets[0].ResourceRecords[].Value') | join(',')": "ns-1111.11111.,ns-111111.co.uk.,1111111.awsdns-48.net.,ns11111.awsdns-51.com."
}Brij Sover 5 years ago
Hey all, trying to create some route53 records. As per the ansible docs, you can pass in a comma delimited string to
but then I get the following error:
value . I’m trying the following- name: Create Route53 record
route53:
state: present
zone: "{{ item.domain }}{{ tld }}"
record: "{{ aws_account_name }}.{{ item.domain }}{{ tld }}"
overwrite: True
type: NS
ttl: "172800"
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token: "{{ assumed_role.sts_creds.session_token }}"
value: "{{ item.resource_records }}"
with_items:
- { resource_records: "route53_zone_info | json_query('results[0].ResourceRecordSets[0].ResourceRecords[].Value') | join(',')", domain: "{{ domains[0] }}" }
- { resource_records: "route53_zone_info | json_query('results[1].ResourceRecordSets[0].ResourceRecords[].Value') | join(',')", domain: "{{ domains[1] }}" }but then I get the following error:
failed: [localhost] (item={'resource_records': "route53_zone_info | json_query('results[0].ResourceRecordSets[0].ResourceRecords[].Value') | join(',')", 'domain': 'lllapps'}) => {"ansible_loop_var": "item", "changed": false, "item": {"domain": "lllapps", "resource_records": "route53_zone_info | json_query('results[0].ResourceRecordSets[0].ResourceRecords[].Value') | join(',')"}, "msg": "[Invalid Resource Record: FATAL problem: RRDATANotSingleField (Value contains spaces) encountered with 'route53_zone_info | json_query('results[0].ResourceRecordSets[0].ResourceRecords[].Value') | join('']"}
Saichovskyover 5 years ago
I use
notify: restart datadog-agent to restart the agent, but I don’t think that it is working. The restart datadog-agent handler is not defined in my playbook, but it is a part of the datadog.datadog module. My question is: how to I invoke a handler defined in a module that I am importing in my playbook (if using notify is not the way to go)?Saichovskyover 5 years ago
Hey,
I have a playbook that installs the datadog agent on remote hosts using the
I have a playbook that installs the datadog agent on remote hosts using the
datadog.datadog module and then proceeds to carry out a number of tasks, such as configuring some tools and having datadog read logs from the tools. I would like for my playbook to restart the datadog agent after making the changes (adjusting read permissions on the logs so the agent is able to read the log files)Saichovskyover 5 years ago
Figured it out… disregard above request
Saichovskyover 5 years ago
Hello,
I just installed auditd using this module https://github.com/robertdebock/ansible-role-auditd
It generates
I just installed auditd using this module https://github.com/robertdebock/ansible-role-auditd
It generates
/etc/audit/auditd.conf from defaults/main.yml I would like to change a value in auditd.conf (or main.yaml - whichever needs modification). How do I go about achieving this? I would like to change the value of auditd_log_group before starting auditdBrij Sover 5 years ago
has anyone here written ansible modules before?
David Medinetsover 5 years ago
The ansible password_hash provides sha512. I tried using sha1028 out of curiosity and it was not supported. Is there another way to get better hashing?
David Medinetsover 5 years ago
Hi. I am using Centos7 and using dnf to install packages. The system is trying to install python3-dnf but it can't be found. Any ideas?
Brij Sover 5 years ago
any idea how to fix this 🤔
Brij Sover 5 years ago
Hey guys, I am using a solution from stackoverflow with the following
the trust relationship var holds the following
but when I run it I get the following error
tasks:
- name: obtain iam role info
iam_role_info:
name: dns-management
register: role_info
- name: obtain current trust relationship policy
set_fact:
trust_relationship: "{{ role_info | json_query('iam_roles[0].assume_role_policy_document.statement[0]') }}"
- name: add account id to trust relationship
json_modify:
data: "{{ trust_relationship }}"
pointer: "/principal/aws/0"
action: extend
extend:
- "arn:aws:iam::001122334455:root"
- "arn:aws:iam::001122334455:root"
register: result
- debug:
var: resultthe trust relationship var holds the following
"trust_relationship": {
"action": "sts:AssumeRole",
"effect": "Allow",
"principal": {
"aws": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::098765432123:root"
]
}
}
}but when I run it I get the following error
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'str' object has no attribute 'extend'
fatal: [localhost]: FAILED!sahil kambojover 5 years ago(edited)
Hey Guys
how can i improve this or make it more productive
how can i improve this or make it more productive
- name: installing bench
hosts: localhost
become: true
gather_facts: False
vars:
- bench_command: bench init frappe-bench --skip-redis-config-generation --apps_path apps.json
vars_prompt:
- name: user_password
prompt: "Set frappe user password?"
confirm: yes
- name: efs_id
prompt: "Please enter efs-id-"
tasks:
- name: Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
user:
name: frappe
password: "{{ user_password }}"
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
state: present
become: true
- name: Ansible check efs-utils exists example.
stat:
path: /home/ubuntu/efs-utils
register: efs_detail
- debug:
msg: "efs-utils is installed"
when: efs_detail.stat.exists
- name: install nfs-utils
become: true
git:
repo: <https://github.com/aws/efs-utils>
dest: /home/ubuntu/efs-utils
clone: yes
update: no
when: not efs_detail.stat.exists
- name: installing efs
shell: "{{ item }}"
args:
chdir: /home/ubuntu/efs-utils
with_items:
- "./build-deb.sh"
- "sudo apt-get -y install ./build/amazon-efs-utils-1.25-3.deb"
when: not efs_detail.stat.exists
- name: Install a list of packages
apt:
pkg:
- 'nginx'
- 'supervisor'
- 'python3-pip'
state: present
become: true
- name: Ansible check mount exists example.
stat:
path: /home/frappe/mount/
register: mount_detail
- name: mount efs to mount directory
command: "{{ item }}"
args:
chdir: "/home/frappe"
with_items:
- "mkdir mount"
- "mount -t efs {{ efs_id }}:/ /home/frappe/mount/"
- "chown frappe:frappe -R /home/frappe/mount"
become: true
when: not mount_detail.stat.exists
- name: install incomplete
hosts: localhost
become_user: frappe
gather_facts: False
tasks:
- name: install nvm and v10
shell: >
curl -o- <https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh> | bash
args:
executable: /bin/bash
chdir: "/home/ubuntu"
creates: "/home/ubuntu/.nvm/nvm.sh"
- name: npm and another dependenciews as frappe
shell: >
. /home/ubuntu/.nvm/nvm.sh && nvm install {{ item }}
args:
executable: /bin/bash
chdir: /home/ubuntu
creates: "/home/ubuntu/.nvm/versions/{{ item }}"
with_items:
- v10
Vikram Yernenialmost 6 years ago
Anyone been through this error before??
Vikram Yernenialmost 6 years ago
Fellas,
Ansible job for Prometheus helm chart with Ingress Annotation is throwing this weird error:
and this is the line 652:
Ansible job for Prometheus helm chart with Ingress Annotation is throwing this weird error:
"stderr_lines": [
"Error: failed to parse /tmp/my_values_prom.yaml: error converting YAML to JSON: yaml: line 652: did not find expected alphabetic or numeric character"and this is the line 652:
651. annotations:
652. <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: 'alb'Brij Salmost 6 years ago
Hi all, I’m attempting to encrypt an s3 bucket and then encrypt all the contents in the bucket given a list of bucket. I’ve got the following
However, the last step results in the following error:
Any ideas as to why its complaining about a list? I assume the with_items will loop through the list 🤔
---
- name: "S3 bucket encryption"
hosts: localhost
connection: local
vars:
buckets:
- test
tasks:
- name: encrypt S3 bucket
s3_bucket:
name: "{{ item }}"
encryption: AES256
state: present
with_items: "{{ buckets }}"
ignore_errors: true
- name: obtain list of all objects in bucket
aws_s3:
bucket: "{{ item }}"
object: /
mode: list
with_items: "{{ buckets }}"
register: bucket_item_list
ignore_errors: true
- name: encrypt all objects in bucket
aws_s3:
bucket: "{{ item.item }}"
object: "{{ item.s3_keys }}"
src: "{{ item.s3_keys }}"
encrypt: yes
encryption_mode: AES256
mode: put
with_items: "{{ bucket_item_list.results }}"
ignore_errors: trueHowever, the last step results in the following error:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: expected str, bytes or os.PathLike object, not list
fatal: [localhost]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}Any ideas as to why its complaining about a list? I assume the with_items will loop through the list 🤔
Abel Luckalmost 6 years ago
@ikar haven't gotten back to that client to test it yet, but will soon!
ikaralmost 6 years ago
^^ @Abel Luck
ikaralmost 6 years ago
maybe switch
/dev/sda1 with your device name?ikaralmost 6 years ago(edited)
- name: launch new ec2 instances
local_action: ec2
...
volumes=[ { device_name: "/dev/sda1", volume_size: 16, volume_type: gp2, delete_on_termination: True } ]this doesn't work?