answerstu

ansible - How to use ipaddresses variable from vsphere_guest results in playbook?

I want use the variable ipaddresses of vsphere_guest. I want to use the name of the virtual machine in vSphere first to get its IP address and then to run Ansible plays on that machine using the IP address.So far I have:- hosts: localhost gather_facts: false vars_prompt: - name: "inventory_hostname" prompt: "Enter virtual machine name" private: no default: "ansible-test" vars: vcenter_hostname: '192.168.250.1' vcenter_user: 'root' vcenter_pass: 'pass' tasks: - vsphere_guest: vcenter_hostname: "{{ vcenter...Read more

Ansible limit not match with pattern

I have inventory file as # file: production_hosts[my_servers]myserver0[1:4].google.comWhen I try to run the playbook on subset of these hosts, it gives only first and last host.$ ansible-playbook -i production_hosts -l 'myserver0[1:3].google.com' yum_update_all.yaml --list-hostsplaybook: yum_update_all.yaml play #1 (all): all TAGS: [] pattern: [u'all'] hosts (2): myserver01.google.com myserver03.google.comWhen I tried other way, by giving each number, it gives all.$ ansible-playbook -i production_hosts -l 'myserver0[1:2:3]....Read more

amazon iam - How do I apply an Ansible task to multiple hosts from within a playbook?

I am writing an ansible playbook to rotate IAM access keys. It runs on my localhost to create a new IAM Access Key on AWS. I want to push that key to multiple other hosts' ~/.aws/credentials files.---- name: Roll IAM access keys hosts: localhost connection: local gather_facts: false strategy: free roles: - iam-rotationIn the iam-rotation role, I have something like this:- name: Create new Access Key iam: iam_type: user name: "{{ item }}" state: present access_key_state: create key_count: 2 with_items: - ansible-tes...Read more

How to automatically install Ansible Galaxy roles?

All my Ansible playbooks/roles are checked in to my git repo.However, for Ansible Galaxy roles I always have to explicitly download them one by one on every machine I want to run Ansible from.It's even tough to know in advance exactly which Ansible Galaxy roles are needed until Ansible complains about a missing role at runtime.How is one supposed to manage the Ansible Galaxy role dependencies? I would like to either have them checked into my git repo along with the rest of my ansible code or have them automatically be identified and downloaded ...Read more

Ansible: restrict list to unique elements

I'm writing a playbook to manage users on our servers defined in users.yml:---users:- login: ab full_login: abcdef name: Aaaa Bbbb,,, admin_on: server1, server2 regular_on: server3 active: yesI would like to include some protection from a situation when there will be two different users with the same login defined. The playbook looks like this:---- name: Provision users on servers hosts: all remote_user: morty become: yes vars_files: - users.yml tasks: - name: Create users user: name: "{{ item.login }}" comment: "{{ ...Read more

How to run an Ansible command with the user id root

I have an application that I need to install using root using Linux (CentOS). When I install the application manually, it doesn't work when I type sudo <command>. I actually need to login as root using sudo su - and then I type in my command. I've used:remote_user: rootorsu: rootand even used something likecommand: sudo su -command: <command>But the command is not run in the same way as I would do login manually? I don't get the same results. How I can I run my command with the user id root with Ansible?...Read more

ansible - How to switch a user per task or set of tasks?

A recurring theme that's in my ansible playbooks is that I often must execute a command with sudo privileges (sudo: yes) because I'd like to do it for a certain user. Ideally I'd much rather use sudo to switch to that user and execute the commands normally. Because then I won't have to do my usual post commands clean up such as chowning directories. Here's a snippet from one of my playbooks:- name: checkout repo git: repo=https://github.com/some/repo.git version=master dest={{ dst }} sudo: yes- name: change perms file: dest={{ dst }} state=d...Read more

ipmitool - Ansible execute command locally and then on remote server

I am trying to start a server using ansible shell module with ipmitools and then do configuration change on that server once its up.Server with ansible installed also has ipmitools.On server with ansible i need to execute ipmitools to start target server and then execute playbooks on it.Is there a way to execute local ipmi commands on server running ansible to start target server through ansible and then execute all playbooks over ssh on target server....Read more

How can I run commands in sudo mode with ansible playbook?

I am trying to run a "folder creation" command with my ansible playbook. (Code is below)The creation requires sudo login to execute.I run the playbook as follows:ansible-playbook myfile.yml --ask-passThis prompts for user account password of remote machine.The ssh connection gets established, but commands fail with permission denied since its not taking super user password. How can I fix my issue? hosts: GSP tasks: - name: "make build directory" command: mkdir -p /home/build/ become: true become_user: root - name: "change permis...Read more

Ansible vault shows decrypted values if playbooks executed with debug mode

I am using ansible vault to encrypt the password, but when I am using debug mode it shows the password as plain text. Consider below codeGenerate ansible-vault encrypted passwordansible-vault encrypt_string 'abc123' --name ansible_ssh_pass > inventory/group_vars/all.ymltest.yml- name: Vault test hosts: group_1 tasks: - name: Read Json set_fact: version_file: "{{ lookup('template','template/test.j2') | to_json }}" run_once: trueinventory/hosts[group_1]xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=rootxxx.xxx.com ans...Read more

How can I use an ansible-vault encrypted password in inventory file?

I want to use encrypted passoword in my inventory file with ansible-vault, then run playbooks against that file. Something like:ansible-playbook --ask-vault-pass -i inventory test.ymlI tried for single password for all the hosts and it worked fine, but need to use different password for different hosts. How we can use the variable generated using ansible-vault in inventory file?Below is the code I have tired:Generate ansible-vault encrypted string ansible-vault encrypt_string 'abc123' --name ansible_ssh_pass > a_password_filetest.yml file- h...Read more

How to automatically pass vault password when running Ansible playbook?

I have an Ansible playbook with vault, and I want to ask for vault password through the prompt box in my web interface and then pass the posted password when running ansible playbook. I tried to use:echo $password | ansible-playbook test.yml --ask-vault-passto pass the password to the playbook, but it doesn't work, the error message is: "msg": "Attempting to decrypt but no vault secrets found"I don't want to store password in file for some resons and now I just want to try to automatically pass password to the playbook while running it. Is the...Read more

ansible - Inline encrypted variable not JSON serializable

I'm trying to understand how to encrypt single variables with vault. First I encrypt the string with ansible-vault encrypt_string -n -p, then I write the output into my playbook. When I execute the playbook it says that the decrypted string isn't JSON serializable.Encrypted string: "inline_name"I also tried it with inline_name and inlinename, every time with the same result.My playbook:---- name: Build System hosts: dev tasks: - name: Create mysql_db: state: present name: !vault | $ANSIBLE_VAULT;1.1;AES256 396...Read more

Using vault in Ansible gives: cannot concatenate 'str' and 'AnsibleVaultEncryptedUnicode'

I'm trying to use debops.nullmailer on Ansible (2.4) to configure nullmailer on my hosts. I want to keep the password encrypted in the variable, so am looking to use the vault functionality to encrypt the secret. My playbook looks like this:---- name: My baseline hosts: all become: true vars: nullmailer__default_remotes: - port: "587" host: smtp.mailgun.org user: myusername pass: !vault | $ANSIBLE_VAULT;1.1;AES256 6430...63433 roles: - role: debops.nullmailerHowever, applying this with --ask-vau...Read more