I'm trying to fetch ActiveMQ Artemis using the following:
- name: Download the ActiveMQ Artemis artifact
get_url:
url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
#with fixed checksumm it works but breaks the idea of the version to be a variable.
#checksum: "sha512:4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead"
#Getting "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'"
checksum: "sha512:https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
#Also getting: fatal: [dev-broker-01]: FAILED! => {"changed": false, "dest": "/tmp/apache-artemis-2.16.0-bin.tar.gz", "elapsed": 0, "msg": "Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>", "url": "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz&action=download"}
validate_certs: no
and getting: "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'"
It's not picking up the filename from dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
Also having some issue validating the certificate.
Any ideas how can I solve both problems?
The error seems to suggest that it is looking for checksum of file closer.cgi rather than the actual tar.gz file. And the filename in the checksum URL is: apache-artemis-2.16.0-bin.tar.gz.
The other way to specify the checksum, is to just supply the checksum string (without filename). Although for that we need to come up with a couple of tasks prior to get it.
Something like below:
- uri:
url: "https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
return_content: true
register: url_sha512
- set_fact:
artemis_checksum: "{{ url_sha512.content.split(' ')[0] }}" # there are 2 spaces
- get_url:
url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
checksum: "sha512:{{ artemis_checksum }}"
# I was able to download without having below parameter
# validate_certs: no
Update:
This kind of approach can be useful when site directory cannot be browsed, and file must be obtained from a mirrored URL.
Related
I am using Ansible 2.8.1 to download from Nexus.
I want to register a variable so that in subsequent tasks, I will know what file I downloaded by looking at downloaded_file.dest.
- name: Download assembly file to /my/server/location/
get_url:
url: https://nexus.mycompany.com/service/rest/v1/search/assets/download?repository=repo-snapshots&group=group&name=name&sort=version&direction=desc
validate_certs: no
dest: /my/server/location/
force: yes
register: downloaded_file
But when running ansible-playbook 2.8.1
I get
fatal: [myserver]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (get_url) module: register Supported parameters include: attributes, backup, checksum, client_cert, client_key, content, delimiter, dest, directory_mode, follow, force, force_basic_auth, group, headers, http_agent, mode, owner, regexp, remote_src, selevel, serole, setype, seuser, sha256sum, src, timeout, tmp_dest, unsafe_writes, url, url_password, url_username, use_proxy, validate_certs"}
So it's considering the register as a parameter to get_url. Is my syntax correct here? How do I get the return values from the task?
The syntax is wrong. register is not a parameter of get_url. It's a task's level directive.
Correct
- name: Download assembly file to /my/server/location/
get_url:
url: https://nexus.mycompany.com/service/rest/v1/search/assets/download?repository=repo-snapshots&group=group&name=name&sort=version&direction=desc
validate_certs: no
dest: /my/server/location/
force: yes
register: downloaded_file
I am getting "IP not in white-list!" error when I run below playbook. How can I fix this error?
tasks:
- name: Create AD groups
uri:
url: https://server.uk.db.com:6001/governance/sims/users/jyotsnaparasjain#db.com/groups
method: POST
body: '{"nar":"123456-5", "env_list": ["PROD"], "roles": ["L1"], "approver3": "jyotsnaparasjain#gmail.com"}'
user: jyotsnaparasjain#gmail.com
body_format: json
status_code: 200
force_basic_auth: yes
headers:
X-Auth-Token: "token_comes_here"
validate_certs: no
register: create_ad_group
- name: Response of AD Group
debug:
var: create_ad_group.json
Error:
\"EXCEPTION\": \"IP not in white-list!!\"\n}\n"
It looks like this error message is an answer from a remote server. Try to talk to the administrator of the server server.uk.db.com to grant the access for your IP.
Otherwise, to get a better answer, please, provide the full error instead of small excerpt.
Using Ansible Playbook how to copy Java certs to hosts? Each host is having different JDK installed. I need to verify in all hosts which JDK is running and copy those certificate to all the hosts.
I have written the below playbook and the error that I'm getting. Please help me with figuring out what's wrong.
---
- hosts: test
vars:
pack1: /ngs/app/rdrt
pack2: /usr/java/jdk*
tasks:
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca.pem"
dest: "{{ pack1 }}"
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca2.pem"
dest: "{{ pack1 }}"
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/ca-trust-check-1.0.0.jar"
dest: "{{ pack1 }}"
- name: Import SSL certificate to a given cacerts keystore
java_cert:
cert_path: "{{ pack1 }}/apple_corporate_root_ca.pem"
cert_alias: Apple_Corporate_Root_CA
cert_port: 443
keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
keystore_pass: change-it
executable: "{{ pack2 }}/bin/keytool"
state: present
- name: Import SSL certificate to a cacerts keystore
java_cert:
cert_path: "{{ pack1 }}/apple_corporate_root_ca2.pem"
cert_alias: Apple_Corporate_Root_CA2
cert_port: 443
keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
keystore_pass: changeit
executable: "{{ pack2 }}/bin/keytool"
state: present
- name: checking those files trusted or untrusted
shell: "{{ pack2 }}/bin/java -jar {{ pack1 }}/ca-trust-check-1.0.0.jar"
The error:
fatal: [c5147061#rn2-radart-lapp117.rno.apple.com]: FAILED! => {"changed": false, "cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory", "rc": 2}
fatal: [c5147061#rn2-radart-lapp121.rno.apple.com]: FAILED! => {"changed": false, "cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory", "rc": 2}
The following error is displayed:
"cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory"
As you can see, the keytool command can not be found in that location. You need to ensure that the path you're providing is actually there on the server.
Where you define the pack2 variable, you need to provide the full path instead of using a wildcard, e.g. like this:
vars:
pack2: /usr/java/jdk-1.8.0_67
Then ensure that this path exists on the remote machine, and your code should no longer show that error.
If the path is different on each node since you have a different version of Java on each node, here are some options:
Use host-specific variables for defining the path for each host, if you have that information.
Gather the information in a previous step, e.g. like here: Check Java version via Ansible playbook.
Check the JAVA_HOME environment variable to see if that is set.
I had the same error that the keytool utility was not found (on my PATH), but that was because I did not use the become_user which has the correct PATH value.
So my solution was to add the following line to my playbook:
become: yes
become_user: wls
(wls is the weblogic user but can be another system account depending on your needs)
I had the same error because keytool was link to a really old version of the JDK (version 6).
By using a more recent version (JDK version 11), I fixed this error.
Ansible automated script:
tasks:
- name: copying catalina.out to /tmp/jagthish location
fetch:
src:
- yes
- /usr/tomcat/tomcat8/logs/catalina.out
dest: /tmp/jagthish/
error message:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'list' object has no attribute 'startswith'
fatal: [ip]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
I tried to copy a file (catalina.out) from remote server to my local server. it shows above error.
You can't provide a list to the src argument of fetch module. It expects a path to a file in a string.
You seem to want this:
- name: copying catalina.out to /tmp/jagthish location
fetch:
src: /usr/tomcat/tomcat8/logs/catalina.out
dest: /tmp/jagthish/
flat: yes
I'm trying to download a protected file using HTTP from a remote server with the get_url module but the username password does not seem to get passed in the request and the task therefore fails.
I'm using Ansible 1.9.2
Here is the get_url definition I'm using:
- name: Downloading Artifact
get_url:
url: "http://myserver/somefile.tar.gz"
dest: "/home/jdoe/somefile.tar.gz"
url_username: "jdoe"
url_password: "mysecret"
mode: 0600
Here is the error I get:
failed: [myserver] => {"dest": "/home/jdoe/somefile.tar.gz", "failed": true,
"response": "HTTP Error 403: Forbidden", "state": "absent",
"status_code": 403, "url": "http://myserver/somefile.tar.gz"}
msg: Request failed
FATAL: all hosts have already failed -- aborting
Now, I tried to download the file using cURL and it works.
Any help is appreciated as I've struggling with this for 2 days.
You can use the uri module:
---
- hosts: hostname
tasks:
- name: "download file"
uri:
url: "http://somedomain.com/file.json"
method: GET
user: "{{ somedomain.user }}"
password: "{{ somedomain.password }}"
force_basic_auth: yes
dest: /tmp/somedomain.file.json
return_content: yes
If this doesn't work, probably it will have something to do with the httplib2 library version.
The problem is that your server does not return 401 status so that the httplib2 library can send over the BASIC authentication credentials afterwards. The solution is to upgrade to ansible >= 2.0 and use force_basic_auth: True so that the BASIC authentication credentials from the beginning.
I've had a similar issue in ansible 2.9.
Turns out curl was also getting HTTP 403 but showing content anyway. GET_URL module is just more strict.
For me, the issue was solved by switching from the default Apache welcome page to the smth custom made.