I'm using ovirt.ovirt.ovirt_role of ansible to create roles in RHV(Red hat Virtulization) environment. I need to create a role which will provide all permissions to user to perform operations. As per below example do I have to list all permissions or is there any keyword which will enable all permits? I have copied the example from below link. Thanks in advance.
link: https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_role_module.html
- ovirt.ovirt.ovirt_role:
name: role
administrative: true
permits:
- manipulate_permissions
- create_instance
sorry but as far as I know you need to enable one by one.
For further issues please add them also to GitHub which I check more frequently http://github.com/ovirt/ovirt-ansible-collection
Related
After I successfully installed APISIX, I found that the configuration file contains admin key information and all control requests need to contain this credential, do I need to change this configuration? How do I make the change take effect?
for security reasons, we would encourage any users to generate a different API key before using Apache APISIX, please check its documentation[1].
NOTE: API Key is only a string, you can generate a new one in your preferred way. For me, I would use https://www.random.org/strings/.
[1] https://apisix.apache.org/docs/apisix/admin-api/
[2] https://github.com/apache/apisix/blob/master/conf/config.yaml#L46
I have tested the Ansible snow_record_find module towards my own ServiceNow Developer Instance and it is working fine. However, when I want to implement it in my project Testing environment by using my own company ServiceNow, I got error mentioned "HTTPSConnectionPool(host='domainname.com**.ng.service-now.com**', port=443): Max retries exceeded with url: //ap".
From this link: (https://github.com/ansible/awx/issues/2515), I found out that it has something to do with the instance parameter as the host parameter highlighted by the error shows that the ".service-now.com" is appended to my company ServiceNow instance url.
Hence, I concluded that is why I got this error. But, when I try to find out other alternative parameter for the instance like 'host' or 'url', there isn't anything like that.
Or perhaps, there is other work around that I can do for this? The main objectice here is using this module to retrieve record from ServiceNow table by using Query as shown as in the Ansible snow_record_find documentation: (https://docs.ansible.com/ansible/latest/modules/snow_record_find_module.html)
Thanks in advance
Regrettably, it appears the snow_record_find module only supports instance, and (as you experienced) pysnow prioritizes instance over host
It appears based on some traffic on a similar PR that they are now suggesting that one use the new ansible collections functionality
If you're not on ansible 2.9, then "forking" the snow_record_find.py into the library folder of your playbook is the only recourse I know of through which you can add a host module arg and then pass that arg into pysnow.OAuthClient to behave like you wish
I'd like to write some role and push it to the opensource. Before doing that, I'm interested in one thing - how to properly include third party galaxy roles ? I know, that I need to do specify this roles in meta/main.yml, I also read somewhere about requirements.yml, but to be honest, I didn't saw a complete example on how to do it. Could someone list a step-by-step instruction on how to do it ?
Late to the game but this seems to be what you're looking for:
http://docs.ansible.com/ansible/latest/galaxy.html#dependencies
So in your meta/main.yml you'd put something like:
dependencies:
- src: geerlingguy.ansible
- src: git+https://github.com/geerlingguy/ansible-role-composer.git
version: 775396299f2da1f519f0d8885022ca2d6ee80ee8
name: composer
One of my roles has two different variable types. One is public (things like package versions and other benign information). These can be committed to SCM without a worry. It also requires some private information (such as API keys and other secret information). I'm using ansible-vault to encrypt secret information. My solution was to have vars/main.yaml for pulic, and vars/vault.yml for the encrypted private information.
I came across a problem and am uncertain what's the best practice or actual solution here. It seems that ansible only loads the vars/main.yml file. Naturally I do not want to encrypt the public information so I looked for solution. So far the only solution I came up with (suggested on IRC) is to create group_vars/all/vault.yml and prefix all variables with the role name. This works because ansible seems to recursively load everything under group_vars. This does work but seems organizationally incorrect because the variables are for a specific role and not "globally universally true". I also tried to put include: vars/vault.yml into vars/main.yml but that did not work.
Is there a proper way to do this?
As very first task in your role you could have an include_vars task.
- include_vars: vault.yml
I have never tried it but according to the docs vault encrypted files can be used with the include_vars module.
The vault feature can encrypt any structured data file used by Ansible. This can include “group_vars/” or “host_vars/” inventory variables, variables loaded by “include_vars” or “vars_files” [...]
In case anyone is still trying to do that, instead of having the following structure:
vars/main.yml
vars/vault.yml
which won't work like you saw, you can instead organise your role like this:
vars/main/vars.yml
vars/main/vault.yml
Every vars file in the 'main' dir will be loaded by your role and you can encrypt your 'vault.yml' file only.
Using Vault is a good idea. But you should not do this in a role.
The reason is, your role just declares a variable and its default. A playbook will use this or set its one value.
If a variable is private, you should declare the variable as required, but without a default. So if anybody is using your role he must declare the variable in order to make it run.
One solution to ask for a required variable is a simple condition:
- fail: msg="Variable foo is required"
when: foo is not defined
So the handling of vault encrypted variables is on playbook level an. It's an implementation detail which should not be in a role.
What is equivalent LDAP attributes for Active Directory
I am looking for password using Net::LDAP.
I dont know to how to set the user password using Net::LDAP
Here is a helpful article from Microsoft with some sample code that you might be able to adapt: https://support.microsoft.com/en-us/help/269190/how-to-change-a-windows-active-directory-and-lds-user-password-through
The essential attribute, it seems is: unicodePwd
(a.k.a. Unicode-Pwd
https://msdn.microsoft.com/en-us/library/ms680513(v=vs.85).aspx
)
Also note some cautions and advice from this answer: https://serverfault.com/questions/423345/changing-active-directory-password-over-ldap-using-passwd-ldappasswd-samba
AD attribute names with cross reference of LDAP attribute names
https://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx