I'm very, very new to Ansible so I just need someone to break down how to set up a yaml file to use as a playbook.
I wrote this string of code that does work:
ansible Test --user exampleuser --ask-pass -c local -m ping
Output:
192.168.1.4 | SUCCESS => {
"changed": false,
"ping": "pong"
How to I format what I wrote so I can just type:
ansible-playbook test.yaml
Below is the content of yaml file should look like
---
- hosts: Test
connection: local
remote_user: exampleuser
tasks:
- ping:
Related
I want to provision a new vps. The way this is typically done: 1) try login manually as a non-root user, and 2) if that fails then perform the provisioning.
But I can't connect. I can't even login as root. (I can ssh from the shell, so the password is correct.)
hosts:
[server]
42.42.42.42
playbook.yml:
---
- hosts: all
vars:
ROOT_PASSWORD: foo
gather_facts: no
tasks:
- name: set root password
set_fact: ansible_password={{ ROOT_PASSWORD }}
- name: try login with password
local_action: "command ssh -q -o BatchMode=yes -o ConnectTimeout=3 root#{{ inventory_hostname }} 'echo ok'"
ignore_errors: true
changed_when: false
# more stuff here...
I tried the following, but all don't connect:
I stored the password in a variable like above
I prompted for the password using ansible-playbook -k playbook.yml
I moved the password to the inventory file
[server]
42.42.42.42 ansible_user=root ansible_password=foo
I added the ssh flag -o PreferredAuthentications=password to force password auth
But none of the above connects. I always get the error
root#42.42.42.42: Permission denied (publickey,password).
If I remove -o BatchMode=yes then it prompts me for a password, and does connect. But that prevents automation, the idea is to do this without user intervention.
What am I doing wrong?
This is a new vps, nothing is set up yet - so I'm looking for the simplest possible example of a playbook that connects using root and a password.
You're close. The variable is ansible_ssh_password, not ansible_ssh_pass. The variables with _ssh in the name are legacy names, so you can juse use ansible_user and ansible_password instead.
If I have an inventory like this:
[server]
example ansible_host=192.168.122.148 ansible_user=root ansible_password=secret
Then I can run this command successfully:
$ ansible all -i hosts -m ping
example | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
If the above ad-hoc command works correctly, then a playbook should work correctly as well. E.g., still assuming the above inventory, I can use the following playbook:
---
- hosts: all
gather_facts: false
tasks:
- ping:
And I can call it like this:
$ ansible-playbook playbook.yml -i hosts
PLAY [all] ***************************************************************************
TASK [ping] **************************************************************************
ok: [example]
PLAY RECAP ***************************************************************************
example : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
...and it all works just fine.
Try using --ask-become-pass
ansible-playbook -k playbook.yml --ask-become-pass
That way it's not hardcoded.
Also, inside the playbook you can invoke:
---
- hosts: all
become: true
gather_facts: no
All SO answers and blog articles I've seen so far recommend doing it the way I've shown.
But after spending much time on this, I don't believe it could work that way, so I don't understand why it is always recommended. I noticed that ansible has changed its API many times, and maybe that approach is simply outdated!
So I came up with an alternative, using sshpass:
hosts:
[server]
42.42.42.42
playbook.yml:
---
- hosts: all
vars:
ROOT_PASSWORD: foo
gather_facts: no
tasks:
- name: try login with password (using out-of-band ssh connection)
local_action: command sshpass -p {{ ROOT_PASSWORD }} ssh -q -o ConnectTimeout=3 root#{{ inventory_hostname }} 'echo ok'
ignore_errors: true
register: exists_user
- name: ping if above succeeded (using in-band ssh connection)
remote_user: root
block:
- name: set root ssh password
set_fact:
ansible_password: "{{ ROOT_PASSWORD }}"
- name: ping
ping:
data: pong
when: exists_user is success
This is just a tiny proof of concept.
The actual use case is to try connect with a non-root user, and if that fails, to provision the server. The above is the starting point for such a playbook.
Unlike #larsks' excellent alternative, this does not assume python is installed on the remote, and performs the ssh connection test out of band, assisted by sshpass.
I just want to ping a host(DNS host) to check reachability. Looks there is no proper way to do this? I'm not sure. Below is my playbook with net_ping
---
- name: Set User
hosts: web_servers
gather_facts: false
become: false
vars:
ansible_network_os: linux
tasks:
- name: Pinging Host
net_ping
dest: 10.250.30.11
But,
TASK [Pinging Host] *******************************************************************************************************************
task path: /home/veeru/PycharmProjects/Miscellaneous/tests/ping_test.yml:10
ok: [10.250.30.11] => {
"changed": false,
"msg": "Could not find implementation module net_ping for linux"
}
With ping module
---
- name: Set User
hosts: dns
gather_facts: false
become: false
tasks:
- name: Pinging Host
action: ping
Looks like it is trying to ssh into the IP.(Checked in verbose mode). I don't know why? How can I do ICMP ping? I don't want to put the DNS IP in inventory also.
UPDATE1:
hmm, Looks like there no support for linux in ansible_network_os.
https://www.reddit.com/r/ansible/comments/9dn5ff/possible_values_for_ansible_network_os/
You can use ping command:
---
- hosts: all
gather_facts: False
connection: local
tasks:
- name: ping
shell: ping -c 1 -w 2 8.8.8.8
ignore_errors: true
Try to use delegate_to module to specify that this task should be executed on localhost. Maybe ansible is trying to connect to those devices to execute ping shell command. The following code sample works for me.
tasks:
- name: ping test
shell: ping -c 1 -w 2 {{ ansible_host }}
delegate_to: localhost
ignore_errors: true
can also run/check ping latency by below adhoc command in ansible
ansible all -m shell -a "ping -c3 google.com"
I am trying to use ansible to connect to my switches and just do a show version. For some reason when i run the ansible playbook i keep getting the error "Failed to open session", i don't know why i keep getting it. I am able to ssh directly to the box with no issues.
[Ansible.cfg]
enable_task_debugger=True
hostfile=inventory
transport=paramiko
host_key_checking=False
[inventory/hosts]
127.0.0.1 ansible_connection=local
[routers]
192.168.10.1
[test.yaml]
---
- hosts: routers
gather_facts: true
connection: paramiko
tasks:
- name: show run
ios_command:
commands:
- show version
then i try to run it like this
ansible-playbook -vvv -i inventory test.yaml -u username -k
And then this is the last line of the error
EXEC /bin/sh -c 'echo ~ && sleep 0'
fatal: [192.168.10.1]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to open session",
"unreachable": true
}
Anisble version is 2.4.2.0
Please use::
connection: local
change - hosts: routers to - hosts: localhost
I am trying to create an ansible task in a playbook that will run a windows batch command and register the output in a variable. Later this will be printed by ansible debug module. Here is what i have done so far.
---
- name: verify port listening
raw: netstat -na | find "8080" register=result
- debug: msg="{{result}}"
tags: mnc-verify
Then run my playbook with this
ansible-playbook -i hosts service.yml --tags "mnc-verify"
The error i get
fatal: [v0560a.vstage.co]: FAILED! => {"failed": true, "msg": "'result' is undefined"}
Could anyone help me please
-Raf
You are mixing YAML syntax (key: value) with Ansible syntax (key=value).
The correct form is:
---
- name: verify port listening
raw: netstat -na | find "8080"
register: result
- debug: msg="{{result}}"
tags: mnc-verify
I am new to Ansible, so I assume I am making a silly mistake, however when I try to run a playbook with roles for a group of hosts, Ansible doesn't see any hosts in some groups. In particular
Inventory has among others the following group:
[master]
clm01
It seems to be working OK with Ad-hoc commands:
:~/ansible/splunk# ansible master -i hosts -m ping -u USERNAME
clm01 | SUCCESS => {
"changed": false,
"ping": "pong"
}
However, when I try to run the following, Ansible can't see any hosts:
- name: initialize master
hosts: master
remote_user: USERNAME
become: yes
roles:
- cluster_master
[...]
ansible-playbook site.yml --ask-sudo-pass --list-hosts
[...]
play #2 (master): initialize master TAGS: []
pattern: [u'master']
hosts (0):
[...]
Some of the groups in the inventory are working with other plays defined in the same file, so I would assume there is a syntax error on my side. I have also tried changing group name, hoping I am using a reserved name etc.
It doesn't see any hosts, because you omitted -i hosts parameter in the second command.
Run the following:
ansible-playbook site.yml -i hosts --ask-sudo-pass --list-hosts
I think it needs to look like this:
- hosts: master
remote_user: USERNAME
become: yes
become_user: root
roles:
- cluster_master
That name tag is for plays.