I'm trying to set up my firewalld through Ansible on my Fedora 23 server from my Fedora client (Yes I like fedora :D ).
However, each time I try to execute a playbook with some commands including firewalld (Example - firewalld: service=https permanent=true state=enabled), the playbook execution fail with the following message :
failed: [w.x.y.z] => {"failed": true, "parsed": false}
failed=True msg='firewalld required for this module'
I have firewalld up and running on the remote server :
# firewall-cmd --version
0.3.14.2
On my computer :
$ ansible --version
ansible 1.9.4
configured module search path = None
Does anyone know where it could come from ?
Thank you !
--
EDIT: At this line in Ansible source code, firewall library seems not to be imported (and execute error which display that there is no firewall). However, this library exists in Python3 and not Python2 which is used by Ansible.
$ locate firewall
[...]
/usr/lib/python3.4/site-packages/firewall
[...]
I will continue to search, but if someone has an idea...
I found the explanation and solution :
Following my edit, I installed python-firewall which is python 2 bindings of firewalld. But, the execution was incorrect because of the absence of cockpit.
So I had to install cockpit too...
Long story, short story, this is what I've done on remote machine :
# dnf install python-firewall cockpit -y
Related
We need to install LDAP client over 156 machines. So we want to use ansible to complete this task.
apt-get install ldap-utils libpam-ldapd libnss-ldapd nscd
But when we install it asked lot of question in response (popup box) and we are facing issue how we can handle those response in playbook.
I have used expect module but it was working well when we see question/response on screen not in popup box like below:
- name: run command to install rubyencoder
expect:
chdir: /home/ubuntu/rubyencoder-evaluation/bin
command: /home/ubuntu/rubyencoder-evaluation/bin/rubyencoder
responses:
'.*Press return key to continue.*': ""
'.*type \"I AGREE\".*': "I AGREE"
'.*Your RubyEncoder profile e-mail.*': "abc#xyz.com"
'.*Your RubyEncoder profile password.*': ""
Above config handle response properly but same method is not working in ldap client installation.
I am using below playbook:
---
- hosts: test1
become: true
# remote_user: dagar
# sudo: yes
tasks:
- name: install ldap client packages
expect:
command: apt-get install ldap-utils libpam-ldapd libnss-ldapd nscd
responses:
'.*Do you want to continue?.*': ""
'.*LDAP server URI.*': "Ok"
'.*LDAP server search base.*': "Ok"
'.*Name servives to configure.*': "Ok"
'.*Restart services during package upgrades without asking?.*': "No"
'.*Services to restart to make them use the new libraries.*': "Ok"
Can anybody please help me on above issue.
Any help or guidance will be appriciated.
Thanks.
This accepted answer may help: How to do an initial setup of slapd OLC with ldapmodify
It uses slapd and a heredoc to define the answers for debconf-set-selections to consume.
I run a one line command to join nodes to ldap (assuming the packages are installed and relevant services started. I use nslcd)
authconfig --enableldapauth --ldapserver="ldapserver.example.com" --ldapbasedn="dc=example,dc=com" --update
So Ansible method would be:
- name: This command will join a node to an LDAP server
ansible.builtin.shell:
cmd: authconfig --enableldapauth --ldapserver="ldapserver.example.com" --ldapbasedn="dc=example,dc=com" --update
That should also update /etc/nsswitch.conf, but if not, you can always replace the file with ansible
I'm not sure how to do this with only ansible, but since you are already using expect for automating script responses you could use something like autohotkeys or sikuli to answer popups. You could have ansible run your expect script to answer the scripted responses and run the autohotkeys script to answer the popup. Or perhaps you can just modify whatever script you are running for the install in order to not make a popup.
You can see more info:
https://github.com/sikuli/sikuli
https://www.autohotkey.com/docs/Hotkeys.htm
I came across a code as;
- pip: name=ansible version=<ansible_version> extra_args='--ignore-installed'
During my test I confirmed the upgrade of Ansible version.
I also tried this with raw module;
- raw: pip install ansible==<ansible_version>
but the following tasks after this fails during playbook execution. There are various types of errors:
ImportError: cannot import name AnsiblePlugin
TypeError: mkdtemp() takes at most 4 arguments (5 given)
...
or playbook execution even hangs on next task.
I wonder is it really possible to upgrade version of Ansible by using ansible-playbook execution itself. Would it be possible by reloading Ansible core modules somehow after Ansible version upgrade?
Ansible can be upgraded via pip module of Ansible itself, but any subsequent tasks might fail after the upgrade, this is a natural behavior.
Only exception is remote host here. If your installation or upgrade of Ansible is performed by an Ansible task which is executed on a remote host, it would proceed without causing a failure. Because in this scenario, actual installation of Ansible is done on remote host without updating any configuration of Ansible on localhost.
I have created two Ubuntu machines on virtual box. I am able to ping the other machine from the terminal of the other.
However when I ping from ansible I get the following error.
My /etc/ansible/hosts file is :
Can I get the solution for this ?
If you read the documentation you will notice:
This is NOT ICMP ping
So the way in which the ping command works and the way in which Ansible module works is different.
Reading further, Ansible ping module is described as:
Try to connect to host, verify a usable Python and return pong on success.
So Ansible tries to connect (and the default connection method is SSH) and execute Python code.
In your case Ansible failed to connect.
SSH connectivity is a prerequisite, so you need to configure that before you'll be able to use Ansible. For Ubuntu 16.04 you might need to additionally install OpenSSH.
Refer to the official guide for the installation and configuration steps.
On top of that, Ubuntu Server 16.04 does not install Python 2 by default, so you need to manually add it (Ansible support for Python 3 is still experimental).
Refer to answers under this question on AskUbuntu.
Then you still might need to set a parameter in the inventory file to tell Ansible to use Python 2. Or make Python 2 the default interpreter.
Overview: I'm trying to install supervisor and run program process within an ansible playbook.
I'm able to install supervisor and such but when I try to get into supervisorctl to run a simple program, it's unable to find the executable supervisorctl.
This is the portion of the code that fails:
- supervisorctl:
name=program:CAT
state=started
config=/etc/supervisor/supervisord.conf
with the resulting error:
TASK [supervisorctl] ***********************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to find required executable supervisorctl"}
However, when I run the simple command in my terminal, it works:
supervisord -c /etc/supervisord.conf
and I can view the program running by going into 'supervisorctl' in the terminal and typing 'status':
$ supervisorctl
CAT STOPPED Dec 27 04:12 PM
supervisor>
Can anyone point me to what/where my error most likely is?
I would guess the error message is suggesting I did not correctly install supervisor but the fact that I can do these things out of the playbook makes me think I can. I tried specifiying the path to the executable 'supervisorctl' but I don't think that's legal syntax in the playbook because that creates other errors.
*Worth noting, I'm in a virtualenv that runs python2.7
I realized that there is a parameter option in the configure documentation that allows me to specify the path to the supervisorctl executable and that worked! (in that I now have a different error)
Modified the above script to look like:
- supervisorctl:
name=program:CAT
state=started
config=/etc/supervisor/supervisord.conf
supervisorctl_path=/usr/bin/supervisorctl
I am running an Ansible playbook that uses the route53 module and getting an error saying I need 'boto' installed:
TASK [dns : Retrieve DNS record] ***********************************************
fatal: [10.13.25.12]: FAILED! => {"changed": false, "failed": true, "msg": "boto required for this module"}
I do have 'boto' installed on my Ansible machine.
Question: Do all Ansible modules cited in Playbook tasks actually run on the remote host machine?
I have added tasks that install 'python-pip' and 'boto', but it seems that boto should be running on my Ansible server. I feel like I've done something wrong here.
Here are my tasks for installing pip/boto on my remote host machine which do result in no more errors in the running of the route53 module:
- name: Install Pip
apt: name=python-pip state=present
- name: Install boto
pip: name=boto
Modules are executed remotely. Though this only is half of the truth. Many modules bring action plugins with them. These action plugins run locally and invoke their module component (or other modules) later.
For instance the template module actually is an action plugin which renders the template locally and then invokes the copy module.
Unfortunately you can not know what is a module and what is an action plugin without looking at the source. The documentation does not even mention action plugins do exists...
You can find all core action plugins here. As you can see there is no route53 plugin so this really is a module and therefore runs remotely.
Why you still get this error after installing boto I can't explain. I can only suggest you look at the source and try to reproduce the problem without Ansible.
These few import statements do not run without errors on the remote machine.
import boto
import boto.ec2
from boto import route53
from boto.route53 import Route53Connection
from boto.route53.record import Record, ResourceRecordSets
from boto.route53.status import Status
Udondan's answer covers the how some modules have a local component as well as remote actions but for general use all you need to know is that for these modules that interact with a remote service (such as all of the cloud modules) rather than a remote host you might be best off running these as a local action to force Ansible to run the module locally rather than on the remote host that the playbook/role is currently targeting.
You can do this easily by using local_action in your task definition like this:
- name: Retrieve DNS record
local_action:
module: route53_facts
query: record_sets
hosted_zone_id: '{{ route53_hosted_zone_id }}'
...
register: dns_records