I have configured a fully distributed hadoop cluster using ansible, but I want to configure ansible to execute the next command too.
I use the next to execute zookeeper, but I have the next error.
- name: ejecutar zkServer.sh
become_user: vagrant
shell: sh /opt/zookeeper-3.4.7/bin/zkServer.sh
TASK: [ejecutar | ejecutar zkServer.sh] ***************************************
failed: [172.16.8.211] => {"changed": true, "cmd": "sh /opt/zookeeper-3.4.7/bin/zkServer.sh", "delta": "0:00:00.006246", "end": "2016-01-18 14:28:44.181146", "rc": 2, "start": "2016-01-18 14:28:44.174900", "warnings": []}
stderr: /opt/zookeeper-3.4.7/bin/zkServer.sh: 81: /opt/zookeeper-3.4.7/bin/zkEnv.sh: Syntax error: "(" unexpected (expecting "fi")
FATAL: all hosts have already failed -- aborting
Thanks.
It is working like with the next command:
- name: ejecutar zkServer.sh
become_user: vagrant
command: "/opt/zookeeper-3.4.7/bin/zkServer.sh restart"
Related
trying to understand expect functionality using below piece of code... I know I can do using becom_user, but I would like to check expect module... since there is requirement where I need to use expect module for automating client app CLI
tasks:
- name: testing expect
expect:
command: sudo su
responses:
<?i>password<?i>: "password\n"
<?i>: ls
timeout: 30
echo: yes
register: exp
- debug: var=exp
fatal: [192.168.153.31]: FAILED! => {"changed": true, "cmd": "sudo su", "delta": "0:00:30.133859", "end": "2021-09-30 00:51:45.538114", "msg": "non-zero return code", "rc": 1, "start": "2021-09-30 00:51:15.404255", "stdout": "[sudo] password for XXXXXX: ", "stdout_lines": ["[sudo] password for XXXXX: "]}
Issue is that <?i>password<?i> regex does not match sudo's prompt. Ansible uses python regex and angle brackets have no special meaning there. If you want case insensetive match use (?i)password instead.
Few sidenotes:
Newline at the end of password string is superfluous. Code works without it.
command: sudo su will hang execution on success as it runs shell. It is more convenient to run something that exits, command: sudo id for example.
I have an ansible task:
- name: Get vault's binary path
shell: type -p vault
register: vault_binary_path
returns
TASK [update_vault : Get vault's binary path] **********************************************************************************************************************************************************************
fatal: [xxxxx]: FAILED! => {"changed": true, "cmd": "type -p vault", "delta": "0:00:00.003303", "end": "2020-04-08 11:37:19.636528", "msg": "non-zero return code", "rc": 1, "start": "2020-04-08 11:37:19.633225", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
but when I run it in shell it returns just fine
[root#ip-xxxxx]# type -p vault
/usr/local/bin/vault
I run ansible as root with become: true. All previous steps are fine up until this one. Any advice appreciated.
Define an update to your PATH in your playbook:
environment:
PATH: "{{ ansible_env.PATH }}:/usr/local/bin"
...so that /usr/local/bin is guaranteed to be included.
(Also, while when writing bash-specific code type is almost always preferable to which, this isn't such a case, as your shell may be /bin/sh, which isn't guaranteed to support any features that aren't given in the POSIX sh specification. Consider changing to shell: command -v vault, which is guaranteed to work as-intended on all POSIX-compliant shells).
I have configured a playbook to install, configure, and start the osquery tool. The playbook executes with an error. "osqueryd is not running. no pidfile found."
Full error
TASK [osquery-client : check agent status again] ********************************************************************************************************************
fatal: [13.57.34.71]: FAILED! => {"changed": true, "cmd": ["/usr/bin/osqueryctl", "status"], "delta": "0:00:00.021902", "end": "2019-10-16 19:19:50.523876", "msg": "non-zero return code", "rc": 7, "start": "2019-10-16 19:19:50.501974", "stderr": "", "stderr_lines": [], "stdout": "osqueryd is not running. no pidfile found.", "stdout_lines": ["osqueryd is not running. no pidfile found."]}
My task/main.yml is defined as:
- name: check agent status again
command: /usr/bin/osqueryctl status
ignore_errors: yes
And the pid file is located here
--pidfile=/var/run/osqueryd.pidfile
Is ansible looking in the wrong place for the pid?
Adding this sleep command into the task seemed to work
- name: check agent status again
command: /usr/bin/osqueryctl status
command: sleep 5
ignore_errors: yes
Ansible does not look for the pid file. It executes /usr/bin/osqueryctl status. What does it return if you execute it by hand?
Here to discuss the ansible behavior when user at managed nodes is given sudo privileges to specific commands.
I have sudo privileges on remote managed host [rm-host.company.com] to specific commands. Two of them are:
/bin/mkdir /opt/somedir/unit*
/bin/chmod 2775 /opt/somedir/unit*
PS: /opt/somedir at remote nodes exists already.
My ansible control machine version:
ansible 2.7.10
python version = 2.7.5 (default, Mar 26 2019, 22:13:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
YAML code fails when I use ansbile "file" module even though I have sudo privileges to chmod and mkdir as listed above.
- name: 7|Ensure Directory - "/opt/somedir/{{ ENV_CHOSEN }}" Permissions are 2775
become: yes
become_method: sudo
file: path="/opt/somedir/{{ ENV_CHOSEN }}" state=directory mode=2775
when:
- ansible_facts['os_family'] == "CentOS" or ansible_facts['os_family'] == "RedHat"
- ansible_distribution_version | int >= 6
- http_dir_path.stat.exists == true
- http_dir_path.stat.isdir == true
- CreateWebAgentEnvDir is defined
- CreateWebAgentEnvDir is succeeded
register: ChangeDirPermission
- debug:
var: ChangeDirPermission
Runtime error:
TASK [7|Ensure Directory - "/opt/somedir/unitc" Permissions are 2775] **************************************************************************************************************************************************************************************
fatal: [rm-host.company.com]: FAILED! => {"changed": false, "module_stderr": "FIPS mode initialized\r\nShared connection to rm-host.company.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
to retry, use: --limit #/u/joker/scripts/Ansible/playbooks/agent/plays/agent_Install.retry
PLAY RECAP ***************************************************************************************************************************************************************************************************************************************************
rm-host.company.com : ok=9 changed=2 unreachable=0 failed=1
But succeeds when I use command module, like so:
- name: 7|Ensure Directory - "/opt/somedir/{{ ENV_CHOSEN }}" Permissions are 2775
command: sudo /bin/chmod 2775 "/opt/somedir/{{ ENV_CHOSEN }}"
when:
- ansible_facts['os_family'] == "CentOS" or ansible_facts['os_family'] == "RedHat"
- ansible_distribution_version | int >= 6
- http_dir_path.stat.exists == true
- http_dir_path.stat.isdir == true
- CreateagentEnvDir is defined
- CreateagentEnvDir is succeeded
register: ChangeDirPermission
- debug:
var: ChangeDirPermission
Success Runtime debug output captured:
TASK [7|Ensure Directory - "/opt/somedir/unitc" Permissions are 2775] **************************************************************************************************************************************************************************************
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo
changed: [rm-host.company.com]
TASK [debug] *************************************************************************************************************************************************************************************************************************************************
ok: [rm-host.company.com] => {
"ChangeDirPermission": {
"changed": true,
"cmd": [
"sudo",
"/bin/chmod",
"2775",
"/opt/somedir/unitc"
],
"delta": "0:00:00.301570",
"end": "2019-06-22 13:20:17.300266",
"failed": false,
"rc": 0,
"start": "2019-06-22 13:20:16.998696",
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": [],
"warnings": [
"Consider using 'become', 'become_method', and 'become_user' rather than running sudo"
]
}
}
Question:
How can I make this work without using command module? I want to stick to ansible core modules using 'become', 'become_method' rather than running sudo in command module.
Note:
It works when sudo is enabled for ALL commands. But [ user ALL=(ALL) NOPASSWD: ALL ] cannot be given on remote host. Not allowed by company policy for the group I am in.
The short answer is you can't. The way ansible works is by executing python scripts in the remote host (except for the raw, command and shell modules). See the docs.
The file module executes this script with a long line of parameters. But ansible will first become the required user, in this case root by running sudo -H -S -n -u root /bin/sh in the remote ssh session (please bear in mind that this command might be slightly different in your case).
Once the user logged remotely has become the root user, Ansible will upload and execute the file.py script.
It looks like in your case, you'll need to revert to use the raw, command or shell in the cases you need to run the privileged commands.
To understand this a bit better and see the detail and order of the commands being executed, run ansible-playbook with the parameter -vvvv.
I solved this issue by removing the become_method and become_user off my playbook.
First, I specified the user in the inventory file using ansible_user=your_user. Then, I removed the become_method and become_user off my playbook leaving just become=yes
For more details about this answer, look on this other answer.
My ansible command fails with error as below:
$ ansible all -i /tmp/myhosts -m shell -a 'uname -a' -u user1 -k
SSH password:
host1.mycomp.com | FAILED! => {
"changed": false,
"module_stderr": "",
"module_stdout": " File \"/home/user1/.ansible/tmp/ansible-tmp-1556597037.27-168849792658772/AnsiballZ_command.py\", line 39\r\n with open(module, 'wb') as f:\r\n ^\r\nSyntaxError: invalid syntax\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
I do not know how to See stdout/stderr from single command line. Any suggestion how to view std out/err would be great.
$ more /tmp/myhosts
[mybox]
host1.mycomp.com
[dev]
host1.mycomp.com
[allserver:children]
mybox
dev
[allserver:vars]
variable=somestring
/tmp/hosts has good permissions.
I'm also able to ssh to the target server using the userid
$ ssh user1#host1.mycomp.com
Password:
Last login: Tue Apr 30 00:03:57 2019 from 10.123.235.126
$ hostname
host1
ansible --version
2.7.1
Can you please help me overcome the error ?