Some subs have automod post based on specific keywords. Maybe autopost the release documentation and some text on how the split with ansible-core, community package and galaxy works for someone asking about setting up 2.10+.

Basically a "hey, the versioning has changed for newer releases of Ansible, this is how it works"

And not specific to this sub in general, but I'd like fewer dead links on docs.ansible.com when I click through a URL from an external source. The site's layout got restructured but there's no redirects in place. I get greeted by the 404 as a lot of external documentation still points to the older site layout, like the Vagrant documentation.

ANSIBLE 2.0 HAS ARRIVED - Blog post

Changelog

Don't want to put a wall of text here, so take a look at the link for changelog.

Jeff Geerling is the ansible god so buy this :) Ansible for DevOps

I've done some quick Googling and found an article here and some docs on it here.

Basically, you can write your playbooks in JSON but its a lot cleaner to do it in YAML. I think the primary use case for JSON would be third party end points supplying data to your playbooks or your playbooks supplying data to it.

That said, the Ansible docs I linked above do mention supplying vars/arguments via the CLI in JSON.

Happy to be proven wrong on all of the above!

See: https://git-scm.com/docs/git-config#FILES

$(prefix)/etc/gitconfig - System-wide configuration file.
~/.gitconfig -  User-specific configuration file. Also called "global" configuration file.
$GIT_DIR/config - Repository specific configuration file.

A recommendation would be to use asciicinema to capture a new highlight of your repo.

Also, please include notes on your releases, just having a version number does nobody any good.

Ansible would not be your tool of choice for this. "Beyond Compare" http://www.scootersoftware.com/ would probably be a better tool for something like this. There are probably others out there as well, but again, Ansible is not the tool of choice for this task.

Yes. It'll work just fine. Whilst there is indeed a dependency on the OpenShift python library, it won't stop you using it against a vanilla Kubernetes cluster - like kubeadm will deploy.

Edit: a bit of history on the topic.

Thanks for "molecule" keyword, I've just found https://zapier.com/engineering/ansible-molecule/ - looks quite promising. Won't fix everything, but may help a lot.

I've been working on using <code>org-mode</code> in Emacs for "literate programming" for roles. I still have to write the documentation, but I can, for instance, document the defaults and vars and then tangle the documentation into the appropriate source files. My entire role can be described with a single Org file, then output all the necessary source files in the correct directories. Adding automatic tangling on save also means that my documentation and my role will always be in sync. My roles are private right now, but I can see about publishing one.

If you have two people trying to run Ansible against the same machines, you are going to have bad times. You need a locking mechanism to say, hey I am working on this right now. With a pull model that Puppet, Chef, and Salt use by default, you generally are letting the automation do the run for you. If you do try to run it manually, the agent will tell you it is busy.

Here is a Stack Overflow discussion about the problem and solutions.

https://stackoverflow.com/questions/21869912/prevent-simultaneous-deploys-with-ansible

Hey Greenfitics,

I would definitely just renew the certificates by running the Ansible play on a new instance again. You are right AWS certs don't provide you with private key, they are to be used only for AWS internal services e.g. ELBs.

If you're planning on destroying the environment many many many times a week then you should read this. If you really need to reuse the certificates, I would upload them to a versioned encrypted s3 bucket every time they are provisioned new or renewed. Then you could just download them into a new instance again. That would require utilisation of awscli and some scripting if you are into that :)

I'm not too keen on this solution, since it makes me nervous every time private keys have to leave instances where they belong.

Stefan

Did you actually read through their documentation?

There is an agent less mode but it essentially bootstraps the agent over for the duration of the run, and considered a Special Case.

I'm not sure what you want is actually configuration/state management. It sounds like you just want to distribute raw shell commands over ssh on a multitude of hosts, in which case you probably want something like clusterssh, if writing your own glue is too horrifying to contemplate.

Either that, or you're essentially trolling at this point, I can't really tell. Even if ansible didn't depend on python being available on managed hosts, I'm not sure it would work the way you want it to.

tl;dr: ansible is for agentless, centralized orchestration.

We're pretty much doing this (in some cases), but instead of StackStorm we're running ansible from RunDeck. An absolute must for the slack end is integration with hubot-auth for some control. ChatOps is cool, but it shouldn't be the wild wild west.

It looks like a lot of the requirements to reverse engineer a galaxy server are present in the source. I found that the -s option already allows for an alternative provider.

This script disappears in the 2.0 devel branch, so now I'm looking around for clues to its future. A recent-enough announcement speaks of a reinvestment in galaxy, but unclear if that means api changes.

From https://guacamole.apache.org/

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

We call it clientless because no plugins or client software are required.

Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Using Apache's official docker images, I've made this deployment a bit easier to configure with Ansible for those wanting a homelab or to build upon for a work/corporate environment.

if you want a configmap with the files in it, you can use kubectl create configmap -f <directory> to put all the files in one directory in the configmap. https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-configmaps-from-directories

We have multiple projects with multiple repos, however a single playbook will never be split across multiple repos in our case. This can be done, but it does add some complexity (trying to sync revisions between repos is not recommended). The one exception is that we have a separate repo for Jenkins shared libraries which we use for defining our pipeline jobs.

Some playbooks in the same repo do share roles, and we achieve this through symlinks. I don't recommend copy/pasting roles. If you want to have finer control over which playbook jobs are triggered (assuming you have multiple jobs for multiple playbooks), this can be achieved using included / excluded regions in the jenkins scm step.

OP, you're taking on a lot at once. a good grounding in linux before you start trying to drive a thing is useful. Learn a bit of linux first (RHCSA track is very good).

if you are serious about learning linux and ansible, then

www.linuxacademy.com

would get you trained with videos AND cloud servers you can freely spin up and break for a fraction of the cost and time it would take you to build this stuff yourself.

as you seem to be new to linux, then on your windows workstation which you likely have

install WSL (ubuntu on windows basically) install virtualbox create some VMs.

for bonus points get vagrant going with WSL https://www.vagrantup.com/docs/other/wsl.html

Depending on what you are doing, and how things are setup, Right now I have a very limited vpn, so what I do is have a VM that runs windows, with vscode, wsl, ansible, and the VPN, so my "dev" machine has no internet access when the VPN is on, but has ansible/vscode and ssh access to the intranet. Might be an option to get around the WSL limitation.

That being said, Another option is Remote VScode, that allows you to access remote files via ssh https://code.visualstudio.com/docs/remote/ssh

It's really hard to see without proper formatting.

- name: .... Is supposed to be below tasks and above the module. I guess this is just a yaml syntax issue.

I found this helpful thread and ended up building a var file template locally and then loading it in the playbook. It enabled me to utilize more logic in building the var file.

Concider posting your code via a pastebin service like https://hastebin.com/ or https://gist.github.com/.

The code you posted is mangled enough it is hard to know what is just formatting error, and what is syntax error.

Anyway, maybe try using the better syntax?

--- - hosts: PTC02 gather_facts: yes connection: local tasks: - name: GET CREDENTIALS include_vars: secrets.yaml - name: DEFINE CONNECTION set_fact: connection: authorize: yes host: "{{ inventory_hostname }}" username: "{{ creds['username'] }}" password: "{{ creds['password'] }}"

- name: RUN SHOW INTERFACES ios_command: provider: "{{ connection }}" commands: - show ip interface brief - show interface status register: ipbrief

- debug: var: ipbrief.stdout_lines

- name: SAVE OUTPUT TO A FILE copy: dest: "./output/{{ inventory_hostname }}.txt" content: "{{ ipbrief.stdout[0] }}"

As mentioned below Jeff Geerling covers ansible in his book Ansible for DevOps: Server and configuration management for humans. https://www.amazon.com/dp/0986393428/ref=cm_sw_r_cp_api_glt_i_79FCVBHVESCM65XJD0M6 I got this couple years ago and it got me up and running very quickly. <$20. He also has a YouTube series that walks through each chapter although I have not checked it out. It is often mentioned on Reddit so I assume it is a worthwhile watch. Good luck!

One thing that you might like are Digital Oceans one-click installs, if you're not married to Vultr. It can take the pain out of setting up a server

https://www.digitalocean.com/features/one-click-apps/

Do you have all that plugins for overriding?

I agree how you deal with your .galaxy/roles. As I understand you are cloning into sub-directory (or using Git https://git-scm.com/book/en/v2/Git-Tools-Submodules ?) so there is no need to run ansible-galaxy collection install, plain old roles import them automatically...

Did you try google and the resulting answers?

https://stackoverflow.com/questions/28691517/ansible-windows-winrm-401

https://github.com/ansible/ansible/issues/12324

--> check if you use a domain user, check firewall...

This book (Ansible for DevOps: Server and configuration management for humans https://www.amazon.com/dp/0986393428/ref=cm_sw_r_cp_api_glt_fabc_S489WS9WNQTPTXHB7TPV ) did it for me and Jeff also covers each chapter on YouTube I believe. One of the best $20 I spent on learning

I'd say don't use directories for versioning that was a very bad practice from the days when we didn't have proper version control software.

&#x200B;

Its Best to use git and tag the version. One can just use the git module for ansible instead that way its completely managed by a playbook.

Thanks for the clarification, I saw the --what-if declaration, but I didn't notice was that you're creating your own internal Uninstall-ChocolateyPackage function. I was referring to the one within the Choco source.

OP mentioned that they're seeing "changed" but the packages aren't being uninstalled, but nothing jumps out in either ansible's code, or Choco's (from what I've checked, tis been enlightening on their coding choices... and love of backticks :S shudders ).
Looking at the chocolateyuninstall.ps1 for notepadplusplus, I'm not seeing any error there short of there being a badkey situation, which should be fixed by the choco package maintainer, so I guess my advice to OP is... have you tried it again? :)

The copy-module can copy files to the remote-host.

Did you know that the pip-module can work inside a virtualenv? In general there's rarely a need to use the raw-module that often.

I guess you workflow would be:

• create the virtualenv with the pip-module,

  - pip: name=bottle virtualenv=/my_app/venv

• copy your script to the venv

  - copy: src=my_script dest=/my_app/venv/my_script

• run the script with the full path

  - shell: /my_app/venv/bin/python /my_app/venv/my_script

Maybe the answers here help, too: https://stackoverflow.com/questions/20040141/ansible-command-from-inside-virtualenv

i love ansible, but for this behavior i like to use other tools.

one thing you can do with k8s is label everything and use kubect —prune https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects

> Something for us all to contribute with :)

Will they take this article as a PR, perhaps imho a Tutorials (in the classical sense) section? I would also include in such a section how to create custom filters.

I think using the ios_acls module paired with ipaddr filter would do the trick.

I don't get to use pypy in my day to day but I could give it a shot in the future -- for science !

Mitogen doesn't conflict with ara that I know of and it's performance has already been covered in blogs posts like this one and that one. Maybe one day :)

Your problem doesn't seem appropriate for Ansible, IMO.

I would look at using something like Logstash to poll the switches and the csv output plugin to save it to a CSV file format.

It generates Snippets, based on a given Jinja2 template, You could use it to generate an Atom Snippets for every Module that comes with Ansible. here https://atom.io/packages/snippets you can find the official documentation, on how a Snippet is constructed.

I might give Atom a try, it has many great Plugins. If i do so, i will probably write a Jinja2 Template to generate Snippets for Atom, if there is no Plugin that already fulfills my Needs.

Can you just re launch the instance? that seems to be most peoples responses.

I would be more inclined though to investigate what has happened to your python installation. What is the current alternatives setup for python?

$ sudo alternatives --config python

Does the python binary exist? yum should work with python2.6, python2.7. Do you have a python virtualenv setup up to use a different version?

See this

https://coreos.com/blog/managing-coreos-with-ansible/

for alternate python locations.

Nothing really ansible related but as docker gameserver managment panel I can recommend https://pterodactyl.io/

So you could handle the wings setup with ansible and the gameserver would be managed by the panel with docker.

Checkout the WSL (Windows Subsystem For Linux). You'll have a much easier time than trying to use Cygwin and the skills you learn from WSL will transfer to normal Linux boxes without even thinking about it.

https://docs.microsoft.com/en-us/windows/wsl/about

Like /u/cryonine said, Ansible doesn't feel like the right tool for this. Up/down status is something that a tool like Nagios (dashboard screenshot) is good at, plus it already has a web UI. If you really wanted to do this in Ansible, you might perform a netcat connect or curl test as a local command against the service ports that you're hosts are offering. Then, set it up to run on a cron to perform your various health checks and publish your results to a file on disk or a database or something. Then roll a separate UI to display the results.

You can (we do) use core (CLI) ansible for any number of servers. There is no limit and no restrictions. You only need Tower when you want additional capabilities outlined here: Tower Features.

Namely:

• Web UI
• RBAC
• REST API
• Scheduling

As mentioned with the RH acquisition all of this will also become a community open source project and you won't have to pay going forward for these features. The paid product will then be differentiated by official support.

If you enable fact caching, you could probably use hostvars to make the determination in a later task/play. Not sure if there's a benefit to that method, just typing out loud.

Also, FWIW, this might be a nice use case for the upcoming system tracking in Tower, although I'm not sure of its implementation. http://www.ansible.com/blog/ansible-tower-2.2-preview

you can host the package internally with several options https://chocolatey.org/docs/how-to-host-feed

and customize the package to do a check for current version and decide if the upgrade is needed.

I asked the guys at serverfault.com for a solution and they came up with this:

http://serverfault.com/questions/695201/can-i-use-my-roles-from-ansible-in-ansible-tower

Maybe someone needs this in the future :)

> DHCP and DNS, on a Windows AD environment, linux DHCP doesn't register in DNS. you can change the scope settings to allow any DHCP client to register. This works well, but may not be available for security reasons.

I don't really understand the issue. Did you try dnsmasq?

Me again, So I can see that wevistes like https://www.browserling.com/tools/xml-to-yaml will convert XML to YAML.. Does that mean that my non-devs can use Excel to create the XML and pass said XML file to the Dev's who can then convert that to YAML and use it in Ansible, as simple as that?? Sounds too good to be true

I would rather go with something that is essentially built for this from the start, like Netbox. There are a few modules for working with Netbox but also a way to use it as an inventory source. Advantage here is that you can ask Netbox for the next free IP from a specified ip-net.

There might be others that suites you better so look around the module listings and the inventory plugin list. Foreman might be a good alternative, but I haven't worked with it.

AFAICT ansible is still using imperative operations for managing k8s objects. I’ve been meaning to open an issue and/or PR. The core modules should really move to the declarative model

Well, it's not terribly fun, but zabbix has a json-rpc 2.0 api you can use to collect information in a playbook, i.e. with the uri module, and perform action based on what you want to automate, e.g. https://www.zabbix.com/documentation/4.0/manual/api/reference
Of course this would be a poller, and so slower than sending a REST api call from a zabbix trigger using an authentication token that allows zabbix to only do 'safe' actions

I never experienced a Problem with a module not working with a bastion host in use.

If a module/plugin uses something other than SSH, it might be problematic, also if you delegate certain tasks to your own machine, or something alike.

You could work around that by using something like https://github.com/sshuttle/sshuttle which will allow you to use other protocols and stuff easily.

As others have said, take a look at the tutorials first.

I've just started out with Ansible / YAML, it's a vast improvement over PowerShell. The documentation is brilliant too.

For example:

Install/uninstall with win_command

• name: Download the 7-Zip package

win_get_url:

url: https://www.7-zip.org/a/7z1701-x64.msi

dest: C:\temp\7z.msi

https://docs.ansible.com/ansible/latest/user_guide/windows_usage.html

One tip..... The indents make a difference.

> How can I get AWX to create that baseline with the configurations of the 3 devices we have now?

You can't. Not with configuration management.

There have been attempts for things that try. http://devstructure.com/blueprint/ for example. Last update was 6 years ago... The problem is, things like that software don't know to check for unknowns.

Usually you want to approach configuration management by saying "what should this system do" and then deploy and check for that behavior.

If your approach is "I don't know what this is doing, but I want all of it" then maybe something like https://clonezilla.org/

Have you heard of Crystal Lang? https://crystal-lang.org/

Chef is an IT tools for me. New dev joins the team, chef will create the dev machine. We also have 3rd party systems and legacy apps that we keep chef around for. Ultimately We mainly use Chef for compliance auditing (Chef inspec) and the occasional bundling of legacy apps into docker containers (Chef habitat). But I agree that it is a dying tech for developers.

Thank you!

nanvault is a standalone tool - it is not a part of Ansible and does not depend on it to work.

So, from this point of view, there are no new dependencies to track.

Crystal is a compiled language, so you don't need to install Crystal to run nanvault binaries.

Moreover, nanvault binaries are statically linked, so you're free from other libs dependencies too.

The first and second are equivalent as far as the semantics of the YAML parser is concerned. (See http://www.yaml.org/spec/1.2/spec.html#id2772075). The greater-than symbol indicates that the value for the key "service" will comprise the subsequent indented lines (with newlines and trailing whitespace expunged).

From what I seen in the script, they seems just to protect their API using an Oauth client grant flow.

This could be done with some URI module calls to the appliance. For details on the flow you can look at https://auth0.com/docs/authorization/flows/client-credentials-flow

Basically it is called the ELK stack (Elasticsearch, Logstash and Kibana) + Filebeats. Kibana specifically is the UI.

The entire stack is free unless you want commercial functionality (Which honestly isn't required unless you want something like a publicly facing Kibana (Security)).

https://www.elastic.co/products/kibana

Kibana itself is very powerful, I think of the ELK stack as more of a big data solution that happens to work fantastically for monitoring.

Con: Due to the flexibility of the product it can come across as a bit complex but if you just install Elasticsearch and Kibana on a Linux server and have a play around creating visualizations and dashboards you will be blown away!

Let me know if you want any specific details.

&#x200B;

There's a limit to the max number of open file descriptors a user can have. Maybe you are reaching the limit. It's part of limits so ulimits command as the user running ansible or system settings, don't know where it's on Debian but etc/security on RHEL.

P.s there's a deb repo from elasticsearch one can use to skip downloading the deb:

https://www.elastic.co/guide/en/elasticsearch/reference/1.7/setup-repositories.html

Also 1.7 is old :)

The deb module's deb= to download from http was added in ansible 2.1 - which version are you running?

Jenkins Job Builder is probably what you want: https://docs.openstack.org/infra/jenkins-job-builder/

You create jobs in YAML, with layers of templating so you can share config and jobs across multiple projects, and when run JJB converts them to XML and loads them into Jenkins. Can keep all the job config in a git repo, so no more fiddling with the Jenkins UI.

If you're using pipeline, if you use the declarative syntax you can have your Jenkins instance lint the pipeline groovy files - see here: https://jenkins.io/doc/book/pipeline/development/#linter

How does this compare performance wise with Vagrant's ansible and local ansible provisioning?

most of these buttons land in some place of the https://docs.ansible.com/ansible/latest/index.html tree and there is a search box in the navigation on the left side. You just need to scroll up. But yeah, it's an UX fail.

Other than that I use https://devdocs.io/ and have a Chrome short cut for the search, so I just type dd in the omnibox and then be able to search these from my chrome bar.

Also, in case you didn't know, there is ansible-doc on your command line.

Check this out : https://tinychat.com/room/gottastudy (password : getstudying)

It's an amazing community with people all over the world and from different fields (medical, biology, computer science, law ...) the users either share their desktop screen or put camera on to avoid slacking while study periods. and eventually they can chat and help each other during breaks :)

I didn’t see a link on the article.

Google Play - GitHub App Store - GitHub