Develop Reference

Ansible: Can you register the Linux banner without logging in?

I'm trying to capture the linux banner you see before you login to a Linux server - using Ansible. I don't want to login to the server, just get the banner. I was hoping to use register to save it, then use part of it's contents as a conditional for which tasks to run.
Is this possible?
I originally tried to just run a remote command and capture the output, but I only get the output of the command and not the banner so it's a little more tricky to do than I first thought.
I.e.: a standard banner:
WARNING : Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your actions
may be monitored if unauthorized usage is suspected.
MANAGED by SYSTEM-A
So if I find MANAGED by SYSTEM-A in the banner, I run specific tasks and specific host variables. If it isn't managed by system-a, I run the same tasks but use different host variables.
This would form part of a set of pre-tasks within Ansible before the main playbooks and roles are run.
What I'm seeing is the banner is probably discarded as rubbish by Ansible but there may be an output plugin I could use to save the contents?
Hopefully I've explained what I'm trying to do and someone has maybe done this previously.
**** UPDATE ****
I tested the fix offered but was unable to get it to work.
Instead, I used nc (netcat) to check the port of the servers for the
version of SSH in use. As we are migrating to a different login tool,
the version of SSH was for a very specific product and it was easy to
identify servers using the different SSH version. So I just took the
result of the nc command and used that to dynamically create an
ansible inventory of and put them into groups of [Product] vs
[nonProduct] along with the specific connection variables for each
type of SSH.
If anyone would like to see what that looked like and how I got it to
work, just post a message here.
**** UPDATE END ****

Just ignore_unreachable:
---
- name: Simple playbook to show banner
hosts: all
gather_facts: no
tasks:
- name: Try to connect
ansible.builtin.ping:
register: result
ignore_unreachable: yes
- name: Show output
ansible.builtin.debug:
var: result
I broke my own connection to show the result:
$ ansible-playbook get_banner.yml --limit Client1
PLAY [Test playbook] *****************************************************************
TASK [Try to connect] ****************************************************************
fatal: [Client1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: WARNING\n\nThis is JAX Test VM. Don't break it.\nansible#client1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "skip_reason": "Host Client1 is unreachable", "unreachable": true}
TASK [Show output] *******************************************************************
ok: [Client1] => {
"result": {
"changed": false,
"msg": "Failed to connect to the host via ssh: WARNING\n\nThis is JAX Test VM. Don't break it.\nansible#client1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",
"skip_reason": "Host Client1 is unreachable",
"unreachable": true
}
}
PLAY RECAP ***************************************************************************
Client1 : ok=1 changed=0 unreachable=1 failed=0 skipped=1 rescued=0 ignored=0

This depends on the distribution, but the banner is by default located in:
/etc/issue or /etc/issue.net
You could run a pretask like:
- name: Slurp the banner
ansible.builtin.slurp:
src: /etc/issue
register: banner
And then introduce your conditionals based on banner output

Executing python script on remote server using ansible Error

I am logged in as root#x.x.x.12 with ansible 2.8.3 Rhel 8.
I wish to copy few files to root#x.x.x.13 Rhel 8 and then execute a python script.
I am able to copy the files sucessfully using ansible. I had even copied the keys and now it is ssh-less.
But during execution of script :
'fatal: [web_node1]: FAILED! => {"changed": false, "msg": "Could not find or access '/root/ansible_copy/write_file.py' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}'
Please note that I am a novice to ansible.
I guess there is some permission issues.
Please Help me out if possible.
Thanking in anticipation
**yaml_file**
-
name: Copy_all_ansible_files_to_servers
hosts: copy_Servers
become: true
become_user: root
tasks:
-
name: copy_to_all
copy:
src: /home/testuser/ansible_project/{{item}}
dest: /root/ansible_copy/{{item}}
owner: root
group: root
mode: u=rxw,g=rxw,o=rxw
with_items:
- write_file.py
- sink.txt
- ansible_playbook_task.yaml
- copy_codes_2.yaml
notify :
- Run_date_command
-
name: Run_python_script
script: /root/ansible_copy/write_file.py > /root/ansible_copy/sink.txt
args:
#chdir: '{{ role_path }}'
executable: /usr/bin/python3.6
**inventory_file**
-
web_node1 ansible_host=x.x.x.13
[control]
thisPc ansible_connection=local
#Groups
[copy_Servers]
web_node1
Command: ansible-playbook copy_codes_2.yaml -i inventory.dat =>
PLAY [Copy_all_ansible_files_to_servers] *******************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [web_node1]
TASK [copy_to_all] *****************************************************************************************************************************************************************************************
ok: [web_node1] => (item=write_file.py)
ok: [web_node1] => (item=sink.txt)
ok: [web_node1] => (item=ansible_playbook_task.yaml)
ok: [web_node1] => (item=copy_codes_2.yaml)
TASK [Run_python_script] ***********************************************************************************************************************************************************************************
fatal: [web_node1]: FAILED! => {"changed": false, "msg": "Could not find or access '/root/ansible_copy/write_file.py' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
PLAY RECAP *************************************************************************************************************************************************************************************************
web_node1 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

The script command will actually copy the file to the remote server before running it. Thus, when it complains about not being able to find or access the script, it's because it's trying to copy from /root/ansible_copy/write_file.py to the server.
If you don't really need the script to remain on the server after you execute it, you could remove the script from the copy task and change the script task to have the src point at /home/testuser/ansible_project/write_file.py.
Alternatively, instead of using the script command, you can manually run the script after transferring it using:
- name: run the write_file.py after it has already been transferred
command: python3.6 /root/ansible_copy/write_file.py > /root/ansible_copy/sink.txt
(Note: you may need to provide the full path to your python3.6 executable)

You need to be root to execute - ansible

I have a lab setup with ansible controller + node and exploring few areas.
I am so far setup an user account named ansible in both machines and enabled ssh keybased authentication
Also setup sudo premissions for the user in both machines
When I try to run the below playbook , It works on the local machine and fails on the other node.
--- #Install Telnet
- hosts: all
name: Install Telnet
become: true
become_user: ansible
become_method: sudo
tasks:
- yum:
name: telnet
state: latest
Output is as follows
`[ansible#host1 playbooks]$ ansible-playbook telnetDeployYUM.yml
PLAY [Install Telnet] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [192.168.64.6]
ok: [192.168.64.5]
TASK [yum] **********************************************************************************************************************************************************************************
ok: [192.168.64.5]
fatal: [192.168.64.6]: FAILED! => {"changed": true, "msg": "You need to be root to perform this command.\n", "obsoletes": {"grub2": {"dist": "x86_64", "repo": "#anaconda", "version": "1:2.02-0.64.el7.centos"}, "grub2-tools": {"dist": "x86_64", "repo": "#anaconda", "version": "1:2.02-0.64.el7.centos"}}, "rc": 1, "results": ["Loaded plugins: fastestmirror\n"]}
to retry, use: --limit #/home/ansible/playbooks/telnetDeployYUM.retry
PLAY RECAP **********************************************************************************************************************************************************************************
192.168.64.5 : ok=2 changed=0 unreachable=0 failed=0
192.168.64.6 : ok=1 changed=0 unreachable=0 failed=1
[ansible#host1 playbooks]$
`
I could also manually able to run sudo yum on the failed target as ansible user
I believe sudo set up in correct
[ansible#host2 root]$ sudo whoami
root
Can experts share some insights on what I am missing with respect to my failed machine , Thanks.

Below should work fine
- hosts: all
name: Install Telnet
become: yes
tasks:
- yum:
name: telnet
state: latest
ansible or user through which ansible is getting executed should be in sudoers file.
You are changing your user to ansible which is not required.

Run with -vvvv to see what ansible is doing.
Have you setup ansible in sudoers for password less privilege elevation?
you are getting a message that it is waiting for "escalation prompt". That means when you are running with become, you are failing to become since it needs the password. Make sure your test user is in /etc/sudoers AND you have it marked for that user to NOT need to enter a password when running sudo commands. The entry should end with :NOPASSWD on the line in that file.

Two different version of ansible gives two different outputs for same ansible playbook

- hosts: Ebonding
become: yes
become_method: sudo
tasks
- name: Clearing cache of Server4
file: path=/weblogic/bea/user_projects/domains/tmp state=absent
become: yes
become_user: wls10
Ansible version 2.0.0.0 run the above playbook successfully::
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [ggnqinfa2]
TASK [Clearing cache of Server4] ***********************************************
ok: [ggnqinfa2]
PLAY RECAP *********************************************************************
ggnqinfa2 : ok=2 changed=0 unreachable=0 failed=0
But latest version of ansible 2.5.0rc2 encountered below error::
PLAY [Ebonding] *****************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [ggnqinfa2]
TASK [Clearing cache of Server4] ************************************************************************************************************************************
fatal: [ggnqinfa2]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 2, err: chown: /var/tmp/ansible-tmp-1520704924.34-191458796685785/: Not owner\nchown: /var/tmp/ansible-tmp-1520704924.34-191458796685785/file.py: Not owner\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
PLAY RECAP **********************************************************************************************************************************************************
ggnqinfa2 : ok=1 changed=0 unreachable=0 failed=1
How can i run this playbook by latest version of ansible successfully?

Chances are the user you're using (wls10) does not have write access to the remote temporary directory /var/tmp.
This can be overridden using ansible.cfg and set via remote_tmp to a directory you have write-access to -- or, a "normal temp directory" (like /tmp) that has the sticky bit set.
For more info, see
http://docs.ansible.com/ansible/latest/intro_configuration.html#remote-tmp

Start a jboss service with ansible

I wrote a simple ansible playbook to stop and start a jboss service, problem is on the server when I start the service manually it requires a password, but when I run the playbook it throws and error even though the password is provided.
Here is the playbook.
and this is the error I get when I ran it
PLAY [dev] *********************************************************************
TASK [setup] *******************************************************************
ok: [10.33.122.122]
TASK [Stop jboss server] *******************************************************
fatal: [10.33.122.122]: FAILED! => {"changed": false, "failed": true, "msg": "standard in must be a tty\n"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'main.retry'. [Errno 2] No such file or directory: ''
PLAY RECAP *********************************************************************
10.33.122.122 : ok=1 changed=0 unreachable=0 failed=1

And you can stop jboss service with jbosssvc user from CLI?
Yes but it requires a password and i input it as required then it stops, how do I do the same on a playbook though?
It means jbosssvc is not allowed to stop the service (which is somewhat expected situation), thus you cannot use become_user: jbosssvc directive.
You must become root to perform this operation (and this requires connecting user to be able to run commands with elevated permissions).