i have a playbook which generates the credentials for a window host (NTLM).
how can i utilise these credentials to connect to the host after the playbook has been executed. as we are not supplying credential data when running ansible-playbook
is there a way to run a play locally(control node) to generate the credentials and another play for the windows host
Related
I am trying to set up a passwordless login (copy id_rsa.pub from server A to server B) from server A to server B while running a playbook from controller machine C. The playbook:
cannot have an inventory file. The host IP will be passed from the command line to the playbook as:
ansible-playbook -i , test.yml
Server A DNS name or IP address will be hardcoded in my playbook.
I have tried:
Using fetch module, I tried fetching ssh key(id_rsa_serverA.pub) from server A to controller C and then using copy module to copy the ssh_key(id_rsa_ServerA) to Server B. While it did the work, it does not adhere to the project guidelines I am working on.
Tried 'synchronize' module with ansible 2.5. Fails.
I did a similar thing,
i use user module on serverA with option generate_ssh_key: yes and user register: user_pubkey
then i use authorized_key module with delegate_to serverB, setting the key to "{{ user_pubkey.stdout }}" for the neededuser:`
you can pass #IP of serverB as extra_vers at launch time : ansible-playbook ... ... ... -e serverB=serverB_#IP
hope this helps
cheers
I'm setting up Ansible AWX and so far it's been working nicely.
Although when I'm trying to add remote hosts (e.g hosts that is NOT localhost) the playbook fails, even though it's possible to ssh from the machine running AWX to the nodes.
The node to be configured was added to an inventory, and under the inventory i added it as a host. I used the IP-address ad the hostname:
Then run the job:
If I try to run `ansible -m ping all from CLI:
root#node1:/home/ubuntu# ansible -m ping all
...
10.212.137.189 | SUCCESS => {
"changed": false,
"ping": "pong"
}
...
It seems a problem related to ssh credentials.
Have you correctly configured credentials on AWX/Tower?
You need to configure credential, type "Machine": follow documentation here Ansible Tower User Guide - Credentials
From ansible command line you can ping hosts because probably you have already copied ssh-keys on remote hosts, but AWX/Tower settings are independent from it.
I have a inventory within the hosts file called [WEB], it consists of the servers below.
[WEB]
WEB01
WEB02
WEB03
When I declare hosts: WEB, it will iterate through each server and run locally on that respective server to do what it needs.
How can I take the same inventory but run what I want to do on the local Ansible server when running ansible-playbook FILE.YML? For example, I want to run a URI command that has the web server name as a parameter but as said, run it on the local Ansible server to POST to a external website. This doesn't need to run on the web servers themselves but I want to take the webserver names (WEB01, WEB02, WEB03) and run the URI module to post to a site.
Thanks!
You can loop through the host name vars using with items and delegate that to local host .
OR
If you don't want to perform any action on the hosts in the web group then you can define that in a variable in the inventory then apply with items. specify hosts as hosts: localhost
I can't find any documentation on how to include a secondary server in a playbook.
If for instance, I want to install sssd on SERVERA and register with a FreeIPA server.
On the FreeIPA server (only), I need to:
get a Kerberos ticket (via kinit)
check if SERVERA is already in IPA instance
delete SERVERA from IPA if true
Since this is an installation playbook run against SERVERA, it doesn't seem right to include the IPA server in the hostlist...but nor can I see any "third party servers" module?
I presume you are searching for the delegate_to option, which allows you to delegate a task to a host that is not in the hostlist.
Often used to run things on the localhost (host running ansible), it can also be used to push a task to a host not in hostlist. The host has to be in the inventory file though.
Example:
- name: Ping the other host
ping:
delegate_to: otherhost.com # This is where you set it
More info: http://docs.ansible.com/ansible/latest/user_guide/playbooks_delegation.html#delegation
I have used Ansible Vault to encrypt a file in which I have stored sensitive data.
In my orchestration script below command is mentioned to run the playbook.
ansible-playbook -i hosts -vvv Playbook.yml --ask-vault-pass
This prompts user to provide password for Ansible vault.
Now how can I achieve the same through Ansible Tower so that no manual intervention.
I do not want this to done through password file as it is the requirement.
Any suggestion would be great help.
On Ansible Tower, go to Settings > Credentials and edit your Machine Credentials. There is an option to enter your vault password. When you run the playbook on Ansible Tower, the vault password should automatically be entered. You can also check the box "Ask at runtime?" if you want to manually enter your vault password when the playbook is running.
Here is an overview of this functionality under "Vault Support" of this page: https://www.ansible.com/blog/ansible-tower-148