I am new to Ansible and setup a ansible server. I have also set up ssh communication between one client server and client. Now I am able to use few of ansible modules from server in order to make changes in the client one. Ping, Copy modules are working fine.
But when I am trying to install a package from ansible server to the client system using "yum" command it is not working. I am using the below command in order to execute the yum as sudo on my client machine.
Command:
ansible all -m yum -a "name=httpd state=present" -s
This command is throwing an error that -s is unidentified . Request you to please help me in this case.
You need replace -s with -b
sudo module was replaced by become module, but it does the same
tenhi#somehost:somedir$ ansible localhost -b -m yum -a 'name=mc state=present'
localhost | SUCCESS => {
"ansible_facts": {
"pkg_mgr": "apt"
},
"cache_update_time": 1557517026,
"cache_updated": false,
"changed": false
}
Related
I have been learning Cloud-Init for several days to do an automatic deployment. To achieve this, and apply certain configurations, I am using Ansible playbooks. The problem that I have found is that I am not able to make the playbook run directly on the operating system that is being installed.
I leave you the user-data file that I am using.
#cloud-config
autoinstall:
version: 1
identity:
hostname: hostname
password: "$6$cOciYeIErEet80Rv$YX8qt6vizXgcUkgIPSKD1qNZNxe77tSWOY3k/0.i8D8EpApaGNuyucxJvONmZiRj4rVM3L6EE4sLKcnzYVcMj/ "
username: ubuntu
storage:
layout:
name: direct
locale: es_ES
timezone: "Europe/Madrid"
keyboard:
layout: es
packages:
- sshpass
- ansible
- git
late-commands:
- git clone https://github.com/MarcOrfilaCarreras/dotfiles /target/root/dotfiles
- ansible-playbook -i inventory-test /root/dotfiles/ansible/playbooks/docker.yml -u ubuntu -e "ansible_password=ubuntu" -e "ansible_become_pass=ubuntu"
PS: I am using Ubuntu Server 22.04, the Ansible command is temporary and only for testing and I know that I have to change the identity fields.
If you want to configure localhost, it's better to use local transport (which is -c local in command line).
Basically, change ansible call to:
ansible-playbook -i inventory-test /root/dotfiles/ansible/playbooks/docker.yml -c local
This will bypass all SSH things and run locally.
I am trying to setup an ansible environment. The controlling server is a windows 10 machine. Therefore a cygwin was installed there. The server that are maintenanced/controlled are either windows 10 or linux machines.
For connection I could already setup a ssh connection. Therefore a openssh server was installed on the controlling server and a openssh client on the maintenanced/controller server. SSH keys (public, private) were generated and the public key transfered to the maintenanced/controlled server in the folder ssha/.ssh.
On cygwin a connection can be established. But when ansible is used I get an error. For the connection As a first step I have a simple ping and to keep it easy the host file and any playbook were both avoided. , e.g.
ansible 192.168.1.30 -u ssha -m win_ping
and the following message is then displayed.
192.168.1.30 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp". Failed command was: ( umask 77 && mkdir -p "echo ~/.ansible/tmp/ansible-tmp-1610305300.3137856-64003402380126" && echo ansible-tmp-1610305300.3137856-64003402380126="echo ~/.ansible/tmp/ansible-tmp-1610305300.3137856-64003402380126" ), exited with result 1",
"unreachable": true
}
I don't have any more ideas how to solve this issue. Your help is very much appreciated.
Hadrian
As the title says, deploying to FTP server isn't working for me from a Github Action. I've tried using a couple of actions to accomplish this (FTP-Deploy and ftp-action), but FTP-Deploy just kept running with sporadic
curl: (7) Failed to connect to ftpservername.com port 21: Connection timed out
messages and ftp-action kept running without any output. Note: The server is available, I connected and transferred some files using Filezilla without any issues.
After that I tried using lftp, this is the command I used on a local Ubuntu machine
lftp -c "open -u username,password ftpservername.com; mirror -R locfolder remote/remotefolder"
and the file transfer worked, but when used in a Github Action it produced this output:
---- Connecting to ftpservername.com (123.456.789.123) port 21
mkdir `remote/remotefolder' [Connecting...]
**** Socket error (Connection timed out) - reconnecting
---- Closing control socket
---- Connecting to ftpservername.com (123.456.789.123) port 21
I tried setting both ftp:ssl-allow and ssl:verify-certificate to false, but this did not produce any results. Also, I do not have access to the server, so I can't check the server logs.
This is the workflow file:
name: Test
on:
push:
branches: [master]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout#v2
- name: Setup Python
uses: actions/setup-python#v2
with:
python-version: '3.x'
- name: Install pip
run: python -m pip install --upgrade pip
- name: Install packages
run: |
sudo apt install lftp
sudo apt install expect
.
.
.
- name: FTP Deploy
run: |
echo Starting...
unbuffer lftp -c "debug; set ftp:ssl-allow false; set ssl:verify-certificate false; open -u username,${{ secrets.PASSWORD }} ftpservername.com; mirror -R -v locfolder remote/remotefolder"
echo Done transferring files.
Any help is appreciated, thank you!
Found the issue, the hosting service was blocking the IP address (as it was an IP address outside of the country). After setting up a self-hosted runner and whitelisting the IP of the runner everything works fine.
I used pip to install Ansible in MacOS. But I cannot find the /etc/ansible folder. Neither the inventory file.
I want to run my playbook in minikube environment. But the playbook returns,
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: 192.168.99.105
How to solve this issue?
I looked into this matter and using Ansible for managing minikube is not an easy topic. Let me elaborate on that:
The main issue is cited below:
Most Ansible modules that execute under a POSIX environment require a Python interpreter on the target host. Unless configured otherwise, Ansible will attempt to discover a suitable Python interpreter on each target host the first time a Python module is executed for that host.
-- Ansible Docs
What that means is that most of the modules will be unusable. Even ping
Steps to reproduce:
Install Ansible
Install Virtualbox
Install minikube
Start minikube
SSH into minikube
Configure Ansible
Test
Install Ansible
As the original poster said it can be installed through pip.
For example:
$ pip3 install ansible
Install VirtualBox
Please download and install appropriate version for your system.
Install minikube
Please follow this site: Kubernetes.io
Start minikube
You can start minikube by invoking command:
$ minikube start --vm-driver=virtualbox
Parameter --vm-driver=virtualbox is important because it will be useful later for connecting to the minikube.
Please wait for minikube to successfully deploy on the Virtualbox.
SSH into minikube
It is necessary to know the IP address of minikube inside the Virtualbox.
One way of getting this IP is:
Open Virtualbox
Click on the minikube virtual machine for it to show
Enter root for account name. It should not ask for password
Execute command: $ ip a | less and find the address of network interface. It should be in format of 192.168.99.XX
From terminal that was used to start minikube please run below command:
$ minikube ssh
Command above will ssh to newly created minikube environment and it will store a private key in location:
HOME_DIRECTORY .minikube/machines/minikube/id_rsa
id_rsa will be needed to connect to the minikube
Try to login to minikube by invoking command:
ssh -i PATH_TO/id_rsa docker#IP_ADDRESS
If login has happened correctly there should be no issues with Ansible
Configure Ansible
For using ansible-playbook 2 files will be needed:
Hosts file with information about hosts
Playbook file with statements what you require from Ansible to do
Example hosts file:
[minikube_env]
minikube ansible_host=IP_ADDRESS ansible_ssh_private_key_file=./id_rsa
[minikube_env:vars]
ansible_user=docker
ansible_port=22
The ansible_ssh_private_key_file=./id_rsa will tell Ansible to use ssh key from file with correct key to this minikube instance.
Note that this declaration will need to have id_rsa file in the same location as rest of the files.
Example playbook:
- name: Playbook for checking connection between hosts
hosts: all
gather_facts: no
tasks:
- name: Task to check the connection
ping:
You can test the connection by invoking command:
$ ansible-playbook -i hosts_file ping.yaml
Above command should fail because there is no Python interpreter installed.
fatal: [minikube]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Shared connection to 192.168.99.101 closed.\r\n", "module_stdout": "/bin/sh: /usr/bin/python: No such file or directory\r\n", "msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error", "rc": 127}
There is a successful connection between Ansible and minikube but there is no Python interpreter to back it up.
There is a way to use Ansible without Python interpreter.
This Ansible documentation is explaining the use of raw module.
When I tried to ping my Windows instance using ansible windows -i hosts.ini -m win_ping, I got the following error:
54.197.197.91 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
My hosts.ini file looks like:
[windows]
54.197.197.91
[windows:vars]
ansible_ssh_user=Administrator
ansible_ssh_pass=MyPassword123!
ansible_ssh_port=5985
ansible_connection=winrm
To solve that, I have done this :
ansible-vault create secret.yml
and entered my password there like this:
win_initial_password: MyPassword123!
Then, my hosts.ini file looked like:
[windows]
54.197.197.91
[windows:vars]
ansible_ssh_user=Administrator
ansible_ssh_pass={{ win_initial_password }}
ansible_ssh_port=5985
ansible_connection=winrm
When I tried pinging, I got the below error :
54.197.197.91 | FAILED! => {
"failed": true,
"msg": "the field 'password' has an invalid value, which appears to include a variable that is undefined. The error was: 'win_initial_password' is undefined"
}
Where am I going wrong?
I solved it by changing these :
ansible_ssh_port=5986
ansible_winrm_server_cert_validation=ignore
This worked.
As I was following an Ansible example similar to the original post, the accepted answer didn't work for me, the following got it working
Note: This is sending password in plain text so don't use in production
On the target machine, run a powershell with admin rights and enter these commands:
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $true
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
Also verify your firewall is configured correctly to allow the necessary ports through (TCP/5985, TCP/5986)
Sources:
http://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#authentication-options
https://github.com/diyan/pywinrm/issues/114
Still was an issue for me. My solution was to reinstall python-pip packages related to winrm from scratch. I had to use official Ansible documentation. As per documentation:
apt-get install python-pip git libffi-dev libssl-dev -y
pip install ansible pywinrm
Port number for Windows is 5986 so you var configuration should be ansible_ssh_port: 5986
I came across this same issue even with "AllowUnencrypted" set to true. I observed that win_ping was working for IEUser that was added to Administrator group but failing with
windows-server | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
for test-user that was not in Administrator group.
So I added the test-user to Administrator group and the issue got resolved.
I've googled a lot and finally the below configuration worked for me. I've added ntlm to my config file.
ansible_user: user#DOMAIN.COM
ansible_password: password
ansible_connection: winrm
ansible_ssh_port: 5986
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
Windows:
I have installed UBUNTU18-LTE in windows and face a lot of issues. So sharing my experience with the same error. Hope this will help.
The user must be local. Guys remember the user(ansible) must be a local(host - 192.168.11.22) admin user else no use of the below process.
Hosts file example.
cat /etc/ansible/hosts
[win]
192.168.11.22
[win:vars]
ansible_connection=winrm
ansible_user=ansible # Local admin user of host machine 192.168.11.22
ansible_password=ansible123
ansible_winrm_server_cert_validation=ignore
ansible_winrm_trasport=basic
ansible_port=5985 #HTTP
Run the below command on host PowerShell windows.
winrm configsddl default #Give permission to ansible user
Post step 2 configuration execute below 2 commands on host PowerShell.
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
The Other use-full PowerShell commands to test the winrm connection.
winrm enumerate winrm/config/Listener.
winrm get winrm/config
WinRM quickconfig #Check winrm service is running
winrs -r:http://hostservername:5985/wsman -u:RDPusername -p:RDPpassword ipconfig/all