Ansible suddenly uses svr4pkg as a backend of yum - ansible

Declared YUM task as below:
---
- hosts: all
vars:
tasks:
- name: install package
yum:
name: ntp
state: present
Ran following command:
ansible-playbook test.yml -i localhost, --connection=local -vvvv
Receiving error message:
TASK [install package] ***************************************************************************************************************************************************
task path: /home/osuser/dod/test.yml:6
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: osuser
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Running svr4pkg as the backend for the yum action plugin
Using module file /usr/lib/python2.7/site-packages/ansible/modules/packaging/os/svr4pkg.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
fatal: [localhost]: FAILED! => {
"ansible_facts": {
"pkg_mgr": "svr4pkg"
},
"changed": false,
"invocation": {
"module_args": {
"category": false,
"name": "ntp",
"proxy": null,
"response_file": null,
"src": null,
"state": "present",
"zone": "all"
}
},
"msg": "src is required when state=present",
"name": "ntp"
Note the following message in debug:
Running svr4pkg as the backend for the yum action plugin
Ansible decided to use "srv4pkg" module (which requires src parameter) as backend of yum.
Workaround:
Set use_backend: yum parameter on yum module... if possible ! (I cannot modify the yaml file in my real usage).
Running Ansible 2.7.15 on CentOS 7.6.. with yum installed so there is absolutely no reason svr4pkg as a back-end (which is not supported/documented by yum module).
However, as it seems to be defined as an ansible_fact, I have done following test (result is filtered):
ansible -i localhost, all -m setup -k
SUCCESS => {
"ansible_facts": {
"ansible_distribution": "CentOS",
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/redhat-release",
"ansible_distribution_file_variety": "RedHat",
"ansible_distribution_major_version": "7",
"ansible_distribution_release": "Core",
"ansible_distribution_version": "7.6.1810",
"ansible_os_family": "RedHat",
"ansible_pkg_mgr": "svr4pkg",
"ansible_python_version": "2.7.5",
"module_setup": true
},
"changed": false
}
Any clue of the reason and how to enforce ansible_pkg_mgr ?

It seems that this distribution is shipped with yum and svr4pkg as we can see below:
$ ll /usr/bin/yum
-rwxr-xr-x. 1 root root 801 Nov 5 2018 /usr/bin/yum
$ ll /usr/sbin/pkgadd
-rwxr-xr-x. 1 root root 207342 Jul 2 16:12 /usr/sbin/pkgadd
So the last available package manager resolved is kept and take precedence /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/pkg_mgr.py
# A list of dicts. If there is a platform with more than one
# package manager, put the preferred one last. If there is an
# ansible module, use that as the value for the 'name' key.
PKG_MGRS = [{'path': '/usr/bin/yum', 'name': 'yum'},
{'path': '/usr/bin/dnf', 'name': 'dnf'},
{'path': '/usr/bin/apt-get', 'name': 'apt'},
{'path': '/usr/sbin/pkgadd', 'name': 'svr4pkg'},
[...]
def collect(self, module=None, collected_facts=None):
facts_dict = {}
collected_facts = collected_facts or {}
pkg_mgr_name = 'unknown'
for pkg in PKG_MGRS:
if os.path.exists(pkg['path']):
pkg_mgr_name = pkg['name']
# Handle distro family defaults when more than one package manager is
# installed, the ansible_fact entry should be the default package
# manager provided by the distro.
if collected_facts['ansible_os_family'] == "RedHat":
if pkg_mgr_name not in ('yum', 'dnf'):
pkg_mgr_name = self._check_rh_versions(pkg_mgr_name, collected_facts)
[...]
facts_dict['pkg_mgr'] = pkg_mgr_name
return facts_dict
So it seems to be an unmanaged case on ansible.
However, I still have no idea on how to enforce the right value !

Fixed by upgrading to Ansible 2.8+.
See https://github.com/ansible/ansible/issues/49184 when multiple package managers are available on system.

Related

Ansible: Importing GPG-keys from RPM Fusion not working

I'm trying to create a task to download and import the GPG-keys from the official RPM Fusion site but it fails.
- hosts: localhost
connection: local
name: DOWNLOADING AND IMPORTING SECURITY KEYS
tasks:
- name: Downloading the security key for RPM Fusion (free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
dest: ~/Downloads/free_keys.txt
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/free_keys.txt
- name: Deleting security key file (free)
ansible.builtin.file:
path: ~/Downloads/free_keys.txt
state: absent
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/nonfree_keys.txt
- name: Deleting security key file (non-free)
ansible.builtin.file:
path: ~/Downloads/nonfree_keys.txt
state: absent
This is the output:
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Downloading the security key for RPM Fusion (free) repo] *****************
changed: [localhost] => {"changed": true, "checksum_dest": null, "checksum_src": "554f50b16f9cf421f7caf02ce83c9069fd399b0e", "dest": "/home/[REDACTED]/Downloads/free_keys.txt", "elapsed": 0, "gid": 1000, "group": "[REDACTED]", "md5sum": "7206830528e4e9fb61d52dafc4e32ed1", "mode": "0664", "msg": "OK (1704 bytes)", "owner": "[REDACTED]", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 1704, "src": "/home/[REDACTED]/.ansible/tmp/ansible-tmp-1623521488.9204922-9892-237385967611488/tmp38djamsm", "state": "file", "status_code": 200, "uid": 1000, "url": "https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020"}
TASK [Importing (free) key] ****************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Not a valid key ~/Downloads/free_keys.txt"}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
So far I've tried to download the keys to .txt and .gpg format but none of these methods work. Any suggestion is greatly appreciated.
EDIT: To answer your questions:
1.
TASK [Importing (free) key] ****************************************************
task path: /home/[REDACTED]/Documents/ansible-playbooks/for_laptops/dell_e7270/import_keys.yml:11
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: [REDACTED]
<127.0.0.1> EXEC /bin/sh -c 'echo ~[REDACTED] && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/[REDACTED]/.ansible/tmp `"&& mkdir "` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" && echo ansible-tmp-1623533463.7691412-3758-92960382692038="` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/packaging/os/rpm_key.py
<127.0.0.1> PUT /home/[REDACTED]/.ansible/tmp/ansible-local-3682vs8hkmey/tmpjamn9upp TO /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"fingerprint": null,
"key": "~/Downloads/free_keys",
"state": "present",
"validate_certs": true
}
},
"msg": "Not a valid key ~/Downloads/free_keys"
}
The keys are the ones under 'Fedora 34' in this link.
Yes, the keys downloaded look like that.
Unfortunately, changing the permissions did not work.
Looks like a solution could be to download the distribution-gpg-keys from the official repos before installing the RPM Fusion.
Try to start ansible with very verbose logging
/bin/ansible-playbook import_gpg.yml -vvvv
As far as i know, its 2021 year now, and judging by URL (https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020), key seems to be issued for 2020 year.
I think you have downloaded and tried to import expired key.
Can you verify you downloaded file that looks like GPG key?
Something, that looks like this:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2tvGQBEAC5Q2ePLZZafOkFhYHpGZdRRBCcCd+aiLATofFV8+FjPuPLL/3R
......
kgQgWZ6F2RZm5/R28DHdAetji50XbnmXgAk/u9u2Hw2bVVJfJ0WpEVcPvA1L86SE
8i8p1fmzljwRazZAksk5Zh2QfaM0jlMYHWbKpbXQcX19Uerm7D9IkciZvDAmgBYV
S6Y=
=rOqq
-----END PGP PUBLIC KEY BLOCK-----
Probably, they use cloudflare, that blocks default ansible user agent - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html#parameter-http_agent). You can set user agent to browser one.
Or, you can set proper permissions for file being saved to disk
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
mode: 0600
Because RPM cannot import keys from world writeable files.
After some digging I found the solution and it's simpler than I thought:
---
- hosts: localhost
connection: local
name: IMPORTING SECURITY KEYS
tasks:
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
Following the official documentation, I thought you had to download the keys to your PC and then install them. Instead, you can directly enter the URL into the key section.

Troubleshooting fetch_module executed from Ansible Tower (awx)

I'm trying to do a very simple fetch file from remote host. Somehow I've never gotten this to work.
Fetching from a remote Linux box to the Ansible Tower (awx) host which is also a Linux box.
Here's the Ansible code:
---
- name: get new private key for user
hosts: tag_Name_ansible_kali
become: yes
gather_facts: no
- name: fetch file
fetch:
src: /tmp/key
dest: /tmp/received/
flat: yes
Here's the result which makes it appear like the fetch worked:
{
"changed": true,
"md5sum": "42abaa3160ba875051f2cb20be0233ba",
"dest": "/tmp/received/key",
"remote_md5sum": null,
"checksum": "9416f6f64b94c331cab569035fb6bb825053bc15",
"remote_checksum": "9416f6f64b94c331cab569035fb6bb825053bc15",
"_ansible_no_log": false
}
However, going to the /tmp/received directory and ls -lah shows...
[root#ansibleserver received]# ls -lah
total 4.0K
drwxr-xr-x. 2 awx awx 6 Mar 12 15:48 .
drwxrwxrwt. 10 root root 4.0K Mar 12 15:49 ..
I've tested and if I choose a target src file that doesn't exist it won't work, so it's clearly connecting to the remote host. The problem is no matter where I point dest on the Ansible server the file doesn't actually write there. Not even sure how it can have a checksum of a file that doesn't exist. I've searched the entire drive and that file does not exist. Is there another log somewhere I can look at where it's actually writing the file? It's not on the remote host either.
Any advice would be appreciated. Seriously scratching my head here.
On a RHEL 7.9.9 system with Ansible 2.9.25, Python 2.7.5, Ansible Tower 3.7.x the output from an ad-hoc fetch task on CLI for a user on the Tower Server looks like
ansible test --user ${USER} --ask-pass --module-name fetch --args "src=/home/{{ ansible_user }}/test.txt dest=/tmp/ flat=yes"
SSH password:
test1.example.com | CHANGED => {
"changed": true,
"checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"dest": "/tmp/test.txt",
"md5sum": "d8e8fca2dc0f896fd7cb4cb0031ba249",
"remote_checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"remote_md5sum": null
}
test2.example.com | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "file not found: /home/user/test.txt"
}
and the file was left there. But the command was initiated and executed under user.
The same executed from Ansible Tower as ad-hoc command with arguments src=/home/user/test.txt dest=/tmp/ flat=yes reported
test2.example.com | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "file not found: /home/user/test.txt"
}
test1.example..com | CHANGED => {
"changed": true,
"checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"dest": "/tmp/test.txt",
"md5sum": "d8e8fca2dc0f896fd7cb4cb0031ba249",
"remote_checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"remote_md5sum": null
}
And your observation was right, there was no file on the Ansible Tower (awx) server. Changing the destination directory to the user reported, if there is an file already
}
test1.example.com | FAILED! => {
"changed": false,
"checksum": null,
"dest": "/home/user/test.txt",
"file": "/home/user/test.txt",
"md5sum": null,
"msg": "checksum mismatch",
"remote_checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"remote_md5sum": null
}
that there is an file already. However, it failed also if there was no file.
After changing the destination directory to the user under the Ansible Tower is running (awx) via arguments src=/home/user/test.txt dest=/home/awx/ flat=yes
test1.example.com | CHANGED => {
"changed": true,
"checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"dest": "/home/awx/test.txt",
"md5sum": "d8e8fca2dc0f896fd7cb4cb0031ba249",
"remote_checksum": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83",
"remote_md5sum": null
}
the file was left there correctly
ls -al /home/awx/
-rw-r--r--. 1 awx awx 5 Nov 6 10:42 test.txt
Regarding
The problem is no matter where I point dest on the Ansible server the file doesn't actually write there. ... Any advice would be appreciated. ...
it looks like it is caused by the user context and missing access/write rights and maybe other observations like "It turns out that Ansible Tower doesn't actually fetch the files to itself, but just copies them to a temporary directory on the remote server".
you can try
validate_checksum: no

ansible when condition failing

Can someone help me to understand why this when condition is failing.
Below is my Playbook:
- name: restart pkgd once finally for RHEL6 and RHEL7 systems
service:
name: pkgd
enabled: yes
state: restarted
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 7
Error:
TASK [restart pkgd once finally for RHEL6 and RHEL7 systems] ******************************************************************************************************
task path: /home/user/tr_vdi.yml:250
fatal: [myhost]: FAILED! => {}
MSG:
The conditional check 'ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 7' failed. The error was: error while evaluating conditional (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 7): 'ansible_os_family' is undefined
Ansible Ad hoc:
devSanbox$ ansible myhost -m setup -a "filter=ansible_distribution_*"
/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
myhost | SUCCESS => {
"ansible_facts": {
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/redhat-release",
"ansible_distribution_file_search_string": "Red Hat",
"ansible_distribution_file_variety": "RedHat",
"ansible_distribution_major_version": "7",
"ansible_distribution_release": "Maipo",
"ansible_distribution_version": "7.8",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
devSanbox$ ansible myhost -m setup -a "filter=ansible_os_family*"
from cryptography.exceptions import InvalidSignature
myhost | SUCCESS => {
"ansible_facts": {
"ansible_os_family": "RedHat",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
ansible version: 2.9
I do not see any problem in your play section if you have gather_facts: true there.
However, I see many newbie guys overwriting this while disabling it in the ansible.cfg file.
Please check below in your ansible.cfg file, it should be the reason.
gathering = False

Why does the ansible option "--private-key" works on one host but not on another?

I installed ansible 2.8.0 on VM-1 without modifying any other default configs in ansible.cfg except the "host_key_checking = false".
Then I ran ansible all -i "<IP of VM-3>," --private-key <key of VM-3> -u root -m ping with OK on VM-3, but ran ansible all -i "<IP of VM-2>," --private-key <key of VM-2> -u root -m ping with ERROR on VM-2.
I generated a pair of ssh-key on VM-2 (user is root) and copy its private key (id_rsa) content to VM-1. I save it in a file named 'key', and set this file's mode to be '700'. Finally, I ran the command below:
ansible all -i "<ip of VM-2>," --private-key key -u root -m ping
It works wrong. The error info is:
/opt # ansible --version
ansible 2.8.0
config file = /opt/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 8 2019, 18:17:52) [GCC 8.3.0]
/opt # ls
ansible.cfg key
/opt # ansible all -i "192.168.100.100," --private-key key -u root -m ping
192.168.100.100 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root#192.168.100.100: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
Then I turned to use option "-k" instead, and it works.
/opt # ansible all -i "192.168.100.100," -k -u root -m ping
SSH password:
192.168.100.100 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
Then I tried again on VM-3 with the same steps of VM-2. The command using "--private-key" works. The environment of VM-2 and VM-3 are very similar.
I didn't find any difference between VM-2 and VM-3's sshd configure at all.
So I got very confused with these above.
In addition, the "--private-key" command will be OK after the "-k" command was run, because there is a ansible process living on the background, like this:
/opt # ansible all -i "192.168.100.100," -k -u root -m ping
SSH password:
192.168.100.100 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
/opt # ps -ef |grep ansible
126 root 0:00 ssh: /root/.ansible/cp/e42d5dc861 [mux]
/opt # ansible all -i "192.168.100.100," --private-key key -u root -m ping
192.168.100.100 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
I want to know how to use "--private-key" correctly in ansible command line.

Ansible: Can I execute role from command line?

Suppose I have a role called "apache"
Now I want to execute that role on host 192.168.0.10 from the command line from Ansible host
ansible-playbook -i "192.168.0.10" --role "path to role"
Is there a way to do that?
With ansible 2.7 you can do this:
$ ansible localhost --module-name include_role --args name=<role_name>
localhost | SUCCESS => {
"changed": false,
"include_variables": {
"name": "<role_name>"
}
}
localhost | SUCCESS => {
"msg": "<role_name>"
}
This will run role from /path/to/ansible/roles or configured role path.
Read more here:
https://github.com/ansible/ansible/pull/43131
I am not aware of this feature, but you can use tags to just run one role from your playbook.
roles:
- {role: 'mysql', tags: 'mysql'}
- {role: 'apache', tags: 'apache'}
ansible-playbook webserver.yml --tags "apache"
There is no such thing in Ansible, but if this is an often use case for you, try this script.
Put it somewhere within your searchable PATH under name ansible-role:
#!/bin/bash
if [[ $# < 2 ]]; then
cat <<HELP
Wrapper script for ansible-playbook to apply single role.
Usage: $0 <host-pattern> <role-name> [ansible-playbook options]
Examples:
$0 dest_host my_role
$0 custom_host my_role -i 'custom_host,' -vv --check
HELP
exit
fi
HOST_PATTERN=$1
shift
ROLE=$1
shift
echo "Trying to apply role \"$ROLE\" to host/group \"$HOST_PATTERN\"..."
export ANSIBLE_ROLES_PATH="$(pwd)/roles"
export ANSIBLE_RETRY_FILES_ENABLED="False"
ansible-playbook "$#" /dev/stdin <<END
---
- hosts: $HOST_PATTERN
roles:
- $ROLE
END
You could also check ansible-toolbox repository. It will allow you to use something like
ansible-role --host 192.168.0.10 --gather --user centos --become my-role
I have written a small Ansible plugin, called auto_tags, that dynamically generates for each role in your playbook a tag of the same name. You can find it here.
After installing it (instructions are in the gist above) you could then execute a specific role with:
ansible-playbook -i "192.168.0.10" --tags "name_of_role"
Have you tried that? it's super cool. I'm using 'update-os' instead of 'apache' role to give a more meaningful example. I have a role called let's say ./roles/update-os/ in my ./ I add a file called ./role-update-os.yml which looks like:
#!/usr/bin/ansible-playbook
---
- hosts: all
gather_facts: yes
become: yes
roles:
- update-os
Make this file executable (chmod +x role-update-os.yml). Now you can run and limit to whatever you have in your inventory ./update-os.yml -i inventory-dev --limit 192.168.0.10 the limit you can pass the group names as well.
--limit web,db > web and db is the group defined in your inventory
--limit 192.168.0.10,192.168.0.201
$ cat inventory-dev
[web]
192.168.0.10
[db]
192.168.0.201
Note that you can configure ssh-keys and sudoers policy to be able to execute without having to type password - ideal for automation, there are security implications with this. therefore you have to analyze your environment to see whether it's suitable.
Since in ansible 2.4 two options are available: import_role and include_role.
wohlgemuth#leela:~/workspace/rtmtb-ansible/kvm-cluster$ ansible localhost -m import_role -a name=rtmtb
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | CHANGED => {
"changed": true,
"checksum": "d31b41e68997e1c7f182bb56286edf993146dba1",
"dest": "/root/.ssh/id_rsa.github",
"gid": 0,
"group": "root",
"md5sum": "b7831c4c72f3f62207b2b96d3d7ed9b3",
"mode": "0600",
"owner": "root",
"size": 3389,
"src": "/home/wohlgemuth/.ansible/tmp/ansible-tmp-1561491049.46-139127672211209/source",
"state": "file",
"uid": 0
}
localhost | CHANGED => {
"changed": true,
"checksum": "1972ebcd25363f8e45adc91d38405dfc0386b5f0",
"dest": "/root/.ssh/config",
"gid": 0,
"group": "root",
"md5sum": "f82552a9494e40403da4a80e4c528781",
"mode": "0644",
"owner": "root",
"size": 147,
"src": "/home/wohlgemuth/.ansible/tmp/ansible-tmp-1561491049.99-214274671218454/source",
"state": "file",
"uid": 0
}
ansible.builtin.import_role – Import a role into a play
ansible.builtin.include_role – Load and execute a role
Yes, import_role is an ansible module and as such it may be invoked through ansible command. The following executes role pki on my_server
ansible my_server -m import_role \
-a "name=pki tasks_from=gencert" \
-e cn=etcdctl \
-e extended_key_usage=clientAuth
You can create the playbook files from the command line:
Install the role (if not already installed)
ansible-galaxy install git+https://github.com/user/apache-role.git
Create playbook and hosts files
cat >> playbook.yml <<EOL
---
- name: Run apache
hosts: all
roles:
- apache-role
EOL
cat >> hosts <<EOL
192.168.0.10
EOL
Run ansible
ansible-playbook playbook.yml -i hosts
Delete the files
rm playbook.yml hosts

Resources