Problem with Ansible EC2 dynamic inventory - ansible

I am trying to use ansible dynamic inventory.
I am getting the results when I run,
$ ./ec2.py --list
...
...
"ec2": [
"xx.xx.xx.xx"
]
}
But when I try to run it with ansible command, it does not run successfully.
$ ansible -i ec2.py -e "ansible_ssh_port=3003" -m ping
Usage: ansible <host-pattern> [options]
Define and run a single task 'playbook' against a set of hosts
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON, if
filename prepend with #
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
specify inventory host path or comma separated host
list. --inventory-file is deprecated
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=['/Users/luvpreetsingh/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules'])
-o, --one-line condense output
--playbook-dir=BASEDIR
Since this tool does not use playbooks, use this as a
subsitute playbook directory.This sets the relative
path for many features including roles/ group_vars/
etc.
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not
execute it
-t TREE, --tree=TREE log output to this directory
--vault-id=VAULT_IDS the vault identity to use
--vault-password-file=VAULT_PASSWORD_FILES
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=None)
(deprecated, use become)
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | doas |
dzdo | ksu | runas | pmrun | enable ]
--become-user=BECOME_USER
run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-become-pass
ask for privilege escalation password
Some modules do not make sense in Ad-Hoc (include, meta, etc)
ERROR! Missing target hosts
I get this long statement with the error of missing target hosts.
Then, when I run by specifying the region, it does not give any error but does not return any instances.
$ ansible -i ec2.py us-west-2 -e "ansible_ssh_port=3003" -m ping
[WARNING]: Could not match supplied host pattern, ignoring: us-west-2
[WARNING]: No hosts matched, nothing to do
Firstly, why is it not running? what am I doing wrong?
Secondly, why do the error changes when I specify the region? Is specifying region mandatory? shouldn't it pick the region from ec2.ini?

You do not have any hosts listed. Try adding all at the end of your ansible command:
ansible -i ec2.py -e "ansible_ssh_port=3003" -m ping all

The above command is partly right. The inventory has been specified with the -i argument but the target host group has not been specified. The command should be
ansible all -i ec2.py -e "ansible_ssh_port=3003" -m ping
# The command syntax could be written as below
ansible <target_host_group> -i <inventory> -e "extra_vars" -m "module_name" -a "module_arguments"
Please refer to the documentation on Working with patterns and Ad-Hoc Commands from the ansible documentation.

Related

create a directory test at /home/user using ansible-adhoc command

I am trying to create directory using below command
ansible app -m file -a "path=/home/user/test mode = 777 state = directory" -b
I am getting below error message. Could any one advise me what I am doing wrong here?
ERROR! this task 'file' has extra params, which is only allowed in the
following modules: ansible.builtin.raw, ansible.legacy.add_host,
ansible.builtin.meta, ansible.legacy.include,
ansible.legacy.import_role, script, ansible.legacy.raw, group_by,
ansible.builtin.shell, ansible.legacy.win_command, include, shell,
include_vars, ansible.builtin.import_tasks, add_host,
ansible.builtin.include_vars, ansible.legacy.include_role,
ansible.builtin.include_role, ansible.legacy.include_vars,
ansible.legacy.win_shell, ansible.legacy.group_by, import_tasks,
ansible.builtin.set_fact, ansible.builtin.command,
ansible.builtin.include_tasks, include_tasks, ansible.builtin.script,
ansible.builtin.include, raw, meta, ansible.legacy.set_fact,
ansible.builtin.add_host, ansible.legacy.script,
ansible.legacy.import_tasks, win_command, ansible.builtin.win_shell,
include_role, win_shell, set_fact, ansible.legacy.shell,
ansible.legacy.command, import_role, ansible.legacy.meta,
ansible.builtin.import_role, ansible.legacy.include_tasks,
ansible.builtin.group_by, ansible.builtin.win_command, command
The simplest example of an ad hoc command to create a directory using Ansible is
ansible nodes -a "mkdir /BYANSIBLE"
Try this:
ansible app -m file -a "dest=/home/user/test state=directory"
or
ansible localhost -m file -a "dest=/home/user/test state=directory"
In general, for an Ansible ad-hoc command, any module arguments are supplied using the -a option, as one single string. Due to this, the way Ansible distinguishes the individual arguments, is by spaces.
You need to remove the extra spaces you have on either side of the equal signs for the ad-hoc command to work.
Hence, the following would work:
ansible app -m file -a "path=/home/user/test mode=755 state=directory" -b
Also, check out some of the related examples in the Ansible docs.
Side note: I've modified the permissions to 755 (read/write/execute for owner + read/execute for group & others). Its almost never a good idea to give 777 permissions (full read/write/execute) on directories.

How to pass username and ssh password in ansible-playbook command line - Bamboo

I have a ansible playbook which I run manually from the command line by ansible-playbook -u <username> -k playbooks/example.yml
The above works fine. It prompts me for a SSH password and runs the playbook.
The ansible version in my linux machine: 2.7.7
I need to run this in Bamboo as part of my build plan. In Bamboo, I cannot type in the password as it will not prompt me. So I want to pass the username and ssh password as part of the command as arguments.
I tried this
ansible-playbook playbooks/monitor-linux-node.yml -e "ansible_user=<username> ansible_ssh_pass=password"
This throws this error
ERROR: blockinfile is not a legal parameter in an Ansible task or handler
I also tried this
ansible-playbook -u <username> playbooks/monitor-linux-node.yml -e "ansible_ssh_pass=password"
This throws the Usage: ansible-playbook playbook.yml and lists the arguments we can use.
Any suggestions on how to pass the username and ssh password in the command line will be really helpful.
The ansible version in Bamboo machine: 1.9.4
Consider using sshpass
sshpass -p <ssh-password> ansible-playbook -u <username> --ask-pass playbooks/monitor-linux-node.yml
Will be closest to what you want. If possible consider using password file
sshpass -f <password-file> ansible-playbook -u <username> --ask-pass playbooks/monitor-linux-node.yml
Note --ask-pass key. sshpass will provide password non-interactively instead of user.
If you are fine with having password stored unencrypted in a file anyway, consider using group_vars/<group name>.yml for defining ansible_ssh_pass variable. You will still need sshpass, but ansible will use it behind the scene.

Could i use ansible playbook(tgz,zip format ) like helm charts?

I want to use ansible to manage multi service deployment, each service have many roles. Now I want to package one service as a tgz or zip file(same as helm charts), and use one file to override variables when use ansible execute(like helm install xx.tgz --values values.yml)
I am new to ansible, and have checked ansible-playbook -h, but no find some related information
Usage: ansible-playbook [options] playbook.yml [playbook2 ...]
Runs Ansible playbooks, executing the defined tasks on the targeted hosts.
Options:
--ask-vault-pass ask for vault password
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON, if
filename prepend with #
--flush-cache clear the fact cache for every host in inventory
--force-handlers run handlers even if a task fails
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
specify inventory host path or comma separated host
list. --inventory-file is deprecated
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
--list-tags list all available tags
--list-tasks list all tasks that would be executed
-M MODULE_PATH, --module-path=MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
gins/modules)
--skip-tags=SKIP_TAGS
only run plays and tasks whose tags do not match these
values
--start-at-task=START_AT_TASK
start the playbook at the task matching this name
--step one-step-at-a-time: confirm each task before running
--syntax-check perform a syntax check on the playbook, but do not
execute it
-t TAGS, --tags=TAGS only run plays and tasks tagged with these values
--vault-id=VAULT_IDS the vault identity to use
--vault-password-file=VAULT_PASSWORD_FILES
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number, config file location,
configured module search path, module location,
executable location and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo), use
`ansible-doc -t become -l` to list valid choices.
--become-user=BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
version:ansible 2.8.0
You can't package playbooks as zip or tgz files. One option would be to use ansible-pull. It checks a repository out and runs a specified playbook: https://docs.ansible.com/ansible/latest/cli/ansible-pull.html

Pass multiple commands in ad-hoc mode in Cisco ios_command module

I would like to know how can I pass multiple show commands in ios_command module in ad-hoc mode.
Sample with just one command:
ansible all -m ios_command -a "commands='show version'"
Now here I would like to send another command, say show run or any other.
Any suggestions on this would be appreciated.
You need to pass a list and you can do it using JSON string:
ansible all -m ios_command -a "commands='[ \"show version\", \"show run\" ]'"
If you leave the spaces out, you can squeeze to 'commands=["show version","show run"]'
I use the following:
ansible ios-device -m ios_command -a commands="{{ lookup('file', 'commands.txt') }}" -u username -k
where commands.txt contains
show version
You can add more commands on each line of the 'commands.txt' file.

Ansible: include group vars .yml file from command line

Our vendor sends us Ansible playbooks and scripts for deployment. I need to check availability of some IP for ansible inventory groups, like:
ansible mgm -i inventories/vrxinventory -m shell -a 'ping http://10.33.63.66/vrx/' -u user -k -v.
The destination is changing depending on the environment. Those destination IPs to ping are in group vars .yml file.
Is it possible to use variables from this group_var.yml file, through command line like:
ansible mgm -i inventories/vrxinventory -m shell -a "ping {{ vrm_repo_url }}" -u user -k -v ?
I really don't want to mess with their playbooks modification using sed/awk, during CI.
Is it possible to use variables from this group_var.yml file, through command line like: ansible mgm -i inventories/vrxinventory -m shell -a "ping {{ vrm_repo_url }}" -u user -k -v
Yes, group variables will be read by ansible command for ad-hoc commands.
No, it makes no sense to execute ping {{ vrm_repo_url }} through shell module in Ansible:
firstly, because by default ping runs infinitely (this can be mitigated with parameters);
secondly, because you won't see any output of the ping command.
What you most likely want is to use:
a wait_for module with low connect_timeout parameter to check the connectivity between the target and some other machine;
or a get_url module (as you seemingly want to check availability of web services).

Resources