I'm using Ansible 2.4
In a playbook, I retrieve a secret from an Ansible vault file and try to inject this secret as a swarm secret using docker_secret module:
- hosts: managers
become: yes
become_method: sudo
gather_facts: yes
tasks:
- name: Include secrets vars in task
include_vars: "{{ playbook_dir }}/vault/vault.yml"
name: secrets
- debug:
msg: "{{ secrets }}"
- name: Set Docker secrets in SWARM
docker_secret:
name: "secrets.properties"
data: "{{ secrets }}"
state: present
The debug outputs the correct value but the docker_secret job is crashingtelling me that there is no "secrets" attribute.
PLAY [managers]
TASK [Gathering Facts]
********************************************************* ok: [test1]
TASK [secrets]
***************************************************************** ok: [test1]
TASK [debug]
******************************************************************* ok: [test1] => {
"msg": "secrets.gitJenkinsPassword=MY_SECRET_PASSWORD" }
TASK [Set Docker secrets in SWARM]
********************************************* fatal: [test1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Shared connection to node1.mycompany.com closed.\r\n", "module_stdout":
"Traceback (most recent call last):\r\n File
\"/tmp/ansible_9JUi1H/ansible_module_docker_secret.py\", line 283, in
\r\n main()\r\n File
\"/tmp/ansible_9JUi1H/ansible_module_docker_secret.py\", line 278, in
main\r\n SecretManager(client, results)()\r\n File
\"/tmp/ansible_9JUi1H/ansible_module_docker_secret.py\", line 170, in
call\r\n self.present()\r\n File \"/tmp/ansible_9JUi1H/ansible_module_docker_secret.py\", line 209, in
present\r\n secret = self.get_secret()\r\n File
\"/tmp/ansible_9JUi1H/ansible_module_docker_secret.py\", line 177, in
get_secret\r\n secrets = self.client.secrets(filters={'name':
self.name})\r\nAttributeError: 'AnsibleDockerClient' object has no
attribute 'secrets'\r\n", "msg": "MODULE FAILURE", "rc": 0} to retry,
use: --limit
#/var/jenkins_home/workspace/deploy/ansible/playbooks/swarm.retry
As mentioned by Konstantin_Surovov, this is a docker-py library version issue. In fact it only works with docker-py 2.4 or higherr because there is a bug on the secret feature in 2.1
Related
I am trying to save the output of commands using ansible ios_command module. This work well when all the commands are executed and cisco device doesnt throw error. But as soon as if i have any command which doesnt run on that device, playbook fails and doesnt save the ouput of rest of the commans which executed successfully. If command fail, i would like to have my task running without fail.
---
- name: Backup Play
hosts: all
gather_facts: false
connection: network_cli
tasks:
- name: Execute Commands on the device
ios_command:
commands:
- show run
- show version
- show inventory
- show ip bgp summary
ignore_errors: true
register: config
- name: save output to file
copy:
content: "{{ config.stdout | replace('\\n', '\n') }}"
dest: "/DEVICE_CONFIGS/CISCO/{{ ansible_host }}.cfg"
While executing the above play, i am getting below error
server01 playbooks]$ ansible-playbook cisco-backups.yml --limit Site_01 --ask-vault-pass -e 'ansible_python_interpreter=/usr/bin/python3'
Vault password:
PLAY [Backup Play] ***********************************************************************************************************************
TASK [Execute Commands on the device] *********************************************************************************************************************************
fatal: [Switch_01]: FAILED! => {"changed": false, "msg": "show ip bgp summary\r\nshow ip bgp summary\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nSwitch_01#"}
...ignoring
TASK [save output to file] *****************************************************************************************************************
fatal: [Switch_01]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '/etc/ansible/playbooks/cisco-backups.yml': line 62, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: save output to /etc/ansible/backups\n ^ here\n"}
PLAY RECAP *************************************************************************************************************************************************
Switch_01 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=1
Output of Config when debugged:
TASK [Print output] ************************************************************************************************
task path: /etc/ansible/playbooks/cisco-backups.yml:64
ok: [switch-01] => {
"config": {
"changed": false,
"exception": " File \"/tmp/ansible_ios_command_payload_gluy0xuc/ansible_ios_command_payload.zip/ansible/module_utils/network/ios/ios.py\", line 135, in run_commands\n return connection.run_commands(commands=commands, check_rc=check_rc)\n File \"/tmp/ansible_ios_command_payload_gluy0xuc/ansible_ios_command_payload.zip/ansible/module_utils/connection.py\", line 190, in __rpc__\n raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)\n",
"failed": true,
"msg": "show switch\r\nshow switch\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-01#"
}
}
Created below test yml file against test switches to nail down configs, error below. I defined provider in last task with no luck as well
---
- hosts: aus2-mdf-testswitches
gather_facts: no
connection: local
tasks:
- name: OBTAIN LOGIN CREDENTIALS
include_vars: secret.yml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: Delete users with aggregate
ios_user:
aggregate:
- name: chase
state: absent
Error that was presented. Please keep in mind that I am new with ansible and this problem might be super easy for this group but I appreciate any help. FYI, reading from https://docs.ansible.com/ansible/2.4/ios_user_module.html
[ansible#dc1netansible automation]$ ansible-playbook -i inventories/prod/hosts playbooks/deleteUsername.yml
PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************
TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
to retry, use: --limit #/home/ansible/automation/playbooks/deleteUsername.retry
PLAY RECAP **************************************************************************************************************************************************************
aus2-mdf-testsw1 : ok=2 changed=0 unreachable=0 failed=1
aus2-mdf-testsw2 : ok=2 changed=0 unreachable=0 failed=1
****updated error with new yml config****
---
- hosts: aus2-mdf-testswitches
gather_facts: no
connection: local
tasks:
- name: OBTAIN LOGIN CREDENTIALS
include_vars: secret.yml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: Delete users with aggregate
ios_user:
users:
- name: chase
authorize: yes
provider: "{{ provider }}"
state: absent
register: result
[ansible#dc1netansible automation]$ ansible-playbook -i inventories/prod/hosts playbooks/deleteUsername.yml
PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************
TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
to retry, use: --limit #/home/ansible/automation/playbooks/deleteUsername.retry
PLAY RECAP **************************************************************************************************************************************************************
aus2-mdf-testsw1 : ok=2 changed=0 unreachable=0 failed=1
aus2-mdf-testsw2 : ok=2 changed=0 unreachable=0 failed=1
Could be my IOS version is too old, as I am using 12x train on a Cisco switch. Ansible mentions this is tested on the 15x train.
****last update****
PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************
TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]
TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to retrieve current config", "stderr": "show running-config | section username\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\naus2-mdf-testsw2#", "stderr_lines": ["show running-config | section username", " ^", "% Invalid input detected at '^' marker.", "", "aus2-mdf-testsw2#"]}
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to retrieve current config", "stderr": "show running-config | section username\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\naus2-mdf-testsw1#", "stderr_lines": ["show running-config | section username", " ^", "% Invalid input detected at '^' marker.", "", "aus2-mdf-testsw1#"]}
to retry, use: --limit #/home/ansible/automation/playbooks/deleteUsername.retry
Configs listed here do not work on the IOS I have on my Cisco switch.
I wrote a simple ansible script to create a temporary directory and want to save the name of this directory into a variable. My .yml file is:
- hosts: " {{ lookup('env', 'HOSTNAME') }} "
tasks:
- name : Create staging directory
tempfile:
state: directory
suffix: staging
path: "{{ lookup('env', 'HOME') }}"
become: true
register: output
- name: print stdout
debug: msg="{{ output }}"
The output from running the above prints a dict
$ ansible-playbook -i hosts tempfile.yml
PLAY [localhost] ******************************************************************************************
TASK [Gathering Facts] ************************************************************************************
ok: [localhost]
TASK [Create staging directory] ***************************************************************************
changed: [localhost]
TASK [print stdout] ***************************************************************************************
ok: [localhost] => {
"msg": {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/home/xxxx/ansible.Fb7rbKstaging",
"size": 4096,
"state": "directory",
"uid": 0
}
}
PLAY RECAP ************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0
How do I get access to some_dict['localhost']['msg']['path']? I looked up the hostvars variable and do see my temporary directory in it, but can't figure out how to get access to it.
Check the Registered variables section in the docs to get more details, from your example register: output you could access the path by using something like this:
- name: print stdout
debug:
msg: "{{ output.path }}"
I have an Ansible script where i am simply using junos_command module to get users list from Juniper switch, below is the snippet of my code. I keep getting the RuntimeWarning whenever i try to run this. Moreover I have been successfully able to run commands like 'show version' using the below code itself. Please help
Script:
name: / GET USERS / Get list of all the current users on switch
action: junos_command
args: { commands: 'show configuration system login',
provider: "{{ netconf }}" }
register: curr_users_on_switch
Error:
TASK [/ GET USERS / Get list of all the current users on switch] ***************
fatal: [rlab-er1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "/home/mbhadoria/.local/lib/python2.7/site-packages/jnpr/junos/device.py:429: RuntimeWarning: CLI command is for debug use only!
\n warnings.warn(\"CLI command is for debug use only!\", RuntimeWarning)\nTraceback (most recent call last):
\n File \"/tmp/ansible_lVOmPp/ansible_module_junos_command.py\", line 261, in <module>
\n main()
\n File \"/tmp/ansible_lVOmPp/ansible_module_junos_command.py\", line 233, in main
\n xmlout.append(xml_to_string(response[index]))
\n File \"/tmp/ansible_lVOmPp/ansible_modlib.zip/ansible/module_utils/junos.py\", line 79, in xml_to_string\n File \"src/lxml/lxml.etree.pyx\", line 3350, in lxml.etree.tostring (src/lxml/lxml.etree.c:84534)\nTypeError: Type 'str' cannot be serialized.
\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}
junos_command only support operation junos commands. What you are trying to run is configurational command. Hence you see "show version" which is operational command working but not "show configuration system login".
For such configuration data you can should use rpc option (get-configuration) with junos_command.
junos_command:
rpcs:
- "get_configuration
You can also use junos_get_config.
http://junos-ansible-modules.readthedocs.io/en/latest/junos_get_config.html
or junos_rpc
https://github.com/Juniper/ansible-junos-stdlib/blob/master/library/junos_rpc
ex:
- name: Junos OS version
hosts: all
connection: local
gather_facts: no
tasks:
- name: Get rpc run
junos_rpc:
host={{ inventory_hostname }}
user=xxxx
passwd=xxx
rpc=get-config
dest=get_config.conf
filter_xml="<configuration><system><login/></system></configuration>"
register: junos
or
tasks:
- name: Get rpc run
junos_get_config:
host: "{{ inventory_hostname }}"
user: xxxx
passwd: xxxx
logfile: get_config.log
dest: "{{ inventory_hostname }}.xml"
format: xml
filter: "system/login"
TASK [Get rpc run] *************************************************************
......
PLAY RECAP *********************************************************************
xxxk : ok=1 changed=1 unreachable=0 failed=0
I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault (https://github.com/jhaals/ansible-vault), but it will fail on missing environment variables every time. Can anyone help? Thanks for the help.
PS: token is for a test purposes
There is condition in lookup module :
url = os.getenv('VAULT_ADDR')
if not url:
raise AnsibleError('VAULT_ADDR environment variable is missing')
Playbook:
---
- hosts: localhost
vars:
vault1_env:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
tasks:
- shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
environment: "{{ vault1_env }}"
register: shellout
- debug: var=shellout
- debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
output:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [command] *****************************************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"shellout": {
"changed": true,
"cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY",
"delta": "0:00:00.001268",
"end": "2016-05-17 15:46:34.144735",
"rc": 0,
"start": "2016-05-17 15:46:34.143467",
"stderr": "",
"stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True",
"stdout_lines": [
"VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
],
"warnings": []
}
}
TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1
Here you are only setting environmental variables for the shell module, and not for the others. If you want to use variables across multiple modules, or for an entire a host, you should use the environment attribute on all of the modules, or on the host itself, something like this:
---
- hosts: localhost
environment:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
Why don't you make use of the vault feature to encrypt a variable file and then include this file in your playbook.
http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault