ansible win_user, create is fine, but replaying playbook fails - ansible

I am able to create a user on a windows server as part of a playbook, but when the playbook is re-run, the create task fails.
I'm trying to work out if I am missing something.
playbook:
---
# vim: set filetype=ansible ff=unix ts=2 sw=2 ai expandtab :
#
# Playbook to configure the environment
- hosts: createuser
tasks:
- name: create user
run_once: true
win_user:
name: gary
password: 'B0bP4ssw0rd123!^'
password_never_expires: true
account_disabled: no
account_locked: no
password_expired: no
state: present
groups:
- Administrators
- Users
if I run the playbook when the user does not exist, the create works fine.
When I re-run, I get:
PLAY [createuser] *******************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************************************************************************
ok: [dsy-demo-mssql02]
TASK [create user] ******************************************************************************************************************************************************************************************************************
fatal: [dsy-demo-mssql02]: FAILED! => {"changed": false, "failed": true, "msg": "Exception calling \"ValidateCredentials\" with \"2\" argument(s): \"The network path was not found.\r\n\""}
I have verified that I can logon to the server using the created user credentials.
Anyone seen this before, or understand what can be happening?

It looks to me like it might be the
run_once: true
is only telling the task to run once. For the ansible documentation on that delegation you can go here https://docs.ansible.com/ansible/playbooks_delegation.html#run-once

Related

Problem when invoking Ansible from Jenkins

When i Invoking Ansible through Jenkins i have added the below script in my Playbook
- name: HELLO WORLD PLAY
hosts: webserver
become: yes
become_method: sudo
tasks:
- debug:
msg: "HELLO......."
- shell: echo "HELLO WORLD"
I am getting below error when i build job
TASK [setup] *******************************************************************
fatal: [10.142.0.13]: UNREACHABLE! =>
{
"changed": false,
"msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue",
"unreachable": true
}
when I run this playbook through CLI it is running successfully
but I am not able to run through Jenkins as (i have already done the set up by pasting private key in Jenkins)

remote1 uses facts of remote2

I seem to miss some basic concept of ansible and can't get it right.
My hosts:
[win10]
dev1
mep1
my role has a task to create a link on the desktop, to do so, I need to know the username, preferably also the path to the user profile.
The versions of my task I tried:
- name: create desktop shortcut
win_shortcut:
src: "{{ ansible_env.ProgramFiles }}\\chrome\\chrome.exe"
args: "--dev"
dest: "C:\\Users\\{{ ansible_user }}\\Desktop\\chrome.lnk"
state: present
- name: create desktop shortcut
win_shortcut:
src: "{{ ansible_env.ProgramFiles }}\\chrome\\chrome.exe"
args: "--dev"
dest: "{{ setup.ansible_facts.ansible_user_dir }}\\Desktop\\chrome.lnk"
When I run my role, the variables represent the those of the "dev1" remote and always fail on "mep1" remote, because the usernames are different.
Also, gathering facts runs twice, so I believe I fail on a ansible concept.
PLAY [win10] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [dev1]
ok: [mep1]
PLAY [win10] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [dev1]
ok: [mep1]
TASK [install_chrome : create desktop shortcut] **************************
fatal: [dev1]: FAILED! => {"args": "--dev", "changed": true, "description": "", "dest": "C:\\Users\\tom\\Desktop\\chrome.lnk", "directory": "", "hotkey": "", "icon": ",0", "msg": "Failed to create shortcut 'C:\\Users\\tom\\Desktop\\chrome.lnk'. (Unable to save shortcut \"C:\\Users\\tom\\Desktop\\chrome.lnk\".)", "src": "C:\\Program Files\\chrome\\chrome.exe", "state": "present", "windowstyle": "normal"}
ok: [mep1]
Please push me in the right direction.
Do you want to run the ansible playbook to only one of the hosts? If yes you can limit the inventory when executing the playbook with the host you need.
Example:
ansible-playbook playbook.yml --limit dev1
My understanding of the error output was that my play was using the facts of one remote host on the other. In my case, the user name and the user profile location.
Seems my play was correct.
The problem was that the "Desktop" is simply not in "C:\User\Username" but somewhere else.
Sorry for anyone coming across this ;)

Run playbook against Openstack with Ansible Tower

I am trying to run a simple playbook against Openstack in admin tenant using Ansible Tower, both running on localhost. Here is the script:
--- #
- hosts: localhost
gather_facts: no
connection: local
tasks:
- name: Security Group
os_security_group:
state: present
name: example
I have done the following configuration:
Credentials:
Template:
Inventory test:
With this configuration, I am getting this error:
TASK [Security Group] **********************************************************
13:35:48
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Any idea what can be? Looks like is a credential problem.
Untick Enable Privilege Escalation - it's not necessary. Your OpenStack privilege/authorisation will be tied to your OpenStack credentials (admin in this case), not the user running the Ansible task.

Conditional role inclusion fails in Ansible

I want to run an Ansible role conditionally, i.e. only when some binary does NOT exist (which for me implies absence of some particular app installation).
Something like the pattern used here.
Using the following code in my playbook:
- hosts: my_host
tasks:
- name: check app existence
command: /opt/my_app/somebinary
register: myapp_exists
ignore_errors: yes
roles:
- { role: myconditional_role, when: myapp_exists|failed }
- another_role_to_be_included_either_way
Here is the output:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [my_host ]
TASK [ myconditional_role : create temporary installation directory] ***********************
fatal: [my_host]: FAILED! => {"failed": true, "msg": "ERROR! The conditional check 'myapp_exists|failed' failed. The error was: ERROR! |failed expects a dictionary"}
Why is the conditional check failing?
Using ansible 2.0.0.2 on Ubuntu 16.04.01
btw: "create temporary installation directory" is the name of the first main task of the conditionally included role.
Tasks are executed after roles, so myapp_exists is undefined.
Use pre_tasks instead.
Also keep in mind that when is not actually a conditional role, it just attaches this when statement to every task in your role.

Invoke another 'play' based on output of another play - Ansible

I am trying to use Ansible to check if SELinux is enabled (set to Enforcing), and if not, enable it. The play to enable SELinux must be invoked only if SELinux is disabled.
The playbook looks like so:
- hosts: all
# root should execute this.
remote_user: root
become: yes
tasks:
# Check if SELinux is enabled.
- name: check if selinux is enabled
tags: selinuxCheck
register: selinuxCheckOut
command: getenforce
- debug: var=selinuxCheckOut.stdout_lines
- name: enable selinux if not enabled already
tags: enableSELinux
selinux: policy=targeted state=enforcing
when: selinuxCheckOut.stdout_lines == "Enforcing"
- debug: var=enableSELinuxOut.stdout_lines
When I run this, the task enableSELinux fails with the reason, "Conditional check failed". The output is:
TASK [debug] *******************************************************************
task path: /root/ansible/playbooks/selinuxConfig.yml:24
ok: [localhost] => {
"selinuxCheckOut.stdout_lines": [
"Enforcing"
]
}
TASK [enable selinux if not enabled already] ***********************************
task path: /root/ansible/playbooks/selinuxConfig.yml:26
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}
My questions:
1. Is this the correct way to get a play to execute depending on the output from another play?
2. How do I get this to work?
Your playbook is correct. But stdout_lines is a list. You have to compare the first element in that list. Try this:
when: selinuxCheckOut.stdout_lines[0] == "Enforcing"

Resources