When I try to clone a repo using windows domain credentials the backslashes are removed.
git: repo="http://DOMAIN\\user:password#server/repo"
dest=/srv/clone
version=develop
The error:
failed: [x.x.x.x] => {"cmd": ["/usr/bin/git", "ls-remote", "http://DOMAINuser:password#server/repo", "-h", "refs/heads/develop"], "failed": true, "rc": 128}
stderr: fatal: Authentication failed for 'http://DOMAINuser:password#server/repo/'
msg: fatal: Authentication failed for 'http://DOMAINuser:password#server/repo/'
FATAL: all hosts have already failed -- aborting
It looks like the escape is not working?
As far as I know, active directory authentication is orthogonal to the auth scheme you can use with the HTTP method in git. Thus, DOMAIN\\USER is simply the user string that your HTTP client (in your case, git) sends to the server. \ might look strange to the client, though. Have you tried \\\\?
This may seem funny, but I've lost enough time with Ansible escaping to justify it. Try defining a var (in some constant-appropriate place) like this backslash: "\\" and use it in templates like this, backslash*2.
At the very least you get consistency among direct uses in "{{ .. }}" and indirect uses in filters, like "{{ ... | some_filter('...') }}.
Related
I am trying my hand on Ansible after having a very nice training in it. Currently, my task is to create a playbook that sets up a PostgreSQL cluster (with Patroni and etcd).
However, while installing PostgreSQL should be a pretty easy task, doing it using the zypper plugin throws an error. First, the part of the playbook that should install PostgreSQL:
- name: Installation PostgreSQL 14 Latest ohne Recommendations
become: true
zypper:
disable_recommends: true
name:
postgresql14-server
postgresql14-contrib
postgresql14-devel
update_cache: true
when: ansible_host in pgservers
The error message given is this:
fatal: [goeccdb22l]: FAILED! => {"changed": false, "cmd": ["/usr/bin/zypper", "--quiet", "--non-interactive", "--xmlout", "install", "--type", "package", "--auto-agree-with-licenses", "--no-recommends", "--", "+postgresql14-server postgresql14-contrib postgresql14-devel"], "msg": "No provider of '+postgresql14-server postgresql14-contrib postgresql14-devel' found.", "rc": 104, "stderr": "", "stderr_lines": [], "stdout": "<?xml version='1.0'?>\n<stream>\n<message type=\"error\">No provider of '+postgresql14-server postgresql14-contrib postgresql14-devel' found.</message>\n</stream>\n", "stdout_lines": ["<?xml version='1.0'?>", "<stream>", "<message type=\"error\">No provider of '+postgresql14-server postgresql14-contrib postgresql14-devel' found.</message>", "</stream>"]}
Let's extract the error message:
"msg": "No provider of '+postgresql14-server postgresql14-contrib postgresql14-devel' found."
I tried to replicate the problem using the shell on the target server. However, running the command seems to be able to install the packages:
ansible#goeccdb22l:~> sudo /usr/bin/zypper install --type package --auto-agree-with-licenses --no-recommends -- +postgresql14-server postgresql14-contrib postgresql14-devel
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following 12 NEW packages are going to be installed:
libecpg6 libopenssl-1_1-devel libpq5 postgresql postgresql14 postgresql14-contrib postgresql14-devel postgresql14-server postgresql-contrib postgresql-devel postgresql-server zlib-devel
The following package needs additional customer contract to get support:
postgresql14
12 new packages to install.
Overall download size: 8.0 MiB. Already cached: 0 B. After the operation, additional 35.4 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
I've removed only the --quiet and --non-interactive options from the command, but kept all other given options.
The best idea I have is that the user/privilege escalation workings could be different from me logging in as the Ansible user to the target and just using sudo before the command.
Edit 1: I have developed an idea what the problem could be. As I mentioned above, when I tested the command, I removed two options: --quiet and --non-interactive. Testing the command with those two options gives the message:
The flag --quiet is not known.
However, using man zypper, I can clearly see that --quiet is a documented option:
-q, --quiet
Suppress normal output. Brief (esp. result notification) messages and error messages will still be printed, though. If used together with conflicting --verbose option, the --verbose option takes preference.
Now, my idea is that Ansible calls the command it documents in the return XML, but that because somehow --quiet is not understood it interprets that as nothing providing the requested package list. So that would leave two questions:
Why is --quiet not understood, yet documented? Is that a problem of SLES vs. OpenSuse?
How to work around that?
As the Ansible zypper module has no option to suppress the --quiet option I don't see any chance of working around it with parameters. The last option would be to split the zypper task into smaller shell tasks which I would like to avoid if possible.
So, with the help of a knowledgeable sysadmin I was able to diagnose the problem.
The list of packages documented above was not in fact a list. As I missed the dashes in front of the packages, Ansible accepted the packages with the newlines and everything as one package name and tried to install it.
The solution is to change the packages into a list of packages by prefixing them with dashes/minus signs.
The problem with --quiet was that it is a positional argument, and I used the wrong position when testing it.
I'm trying to deployement an Openstack infrastracture multi node with kolla-ansible on Ubuntu 20.04.4.
ansible 4.10.0
ansible-core 2.11.11
kolla-ansible 13.0.1
when I execute command:
kolla-ansible -i /etc/kolla/multinode pull
or
kolla-ansible -i /etc/kolla/multinode deploy
I'm getting error:
fatal: [controller]: FAILED! => {"msg": "template error while templating string: No filter named 'select_services_enabled_and_mapped_to_host'.. String: {{ lookup('vars', (kolla_role_name | default(project_name)) + '_services') | select_services_enabled_and_mapped_to_host }}"}
fatal: [compute01]: FAILED! => {"msg": "template error while templating string: No filter named 'select_services_enabled_and_mapped_to_host'.. String: {{ lookup('vars', (kolla_role_name | default(project_name)) + '_services') | select_services_enabled_and_mapped_to_host }}"}
I have 1 deployment Node, 1 controller, 1 compute Node
Doesn't seems like a pull-issue based in the error-message. Seems like another configuration-problem with your Neutron. The default-multi-node config requires 3 controller. I don't exactly know your multi-node config for kolla-ansible, but when you only want 1 controller and 1 compute you can do something different:
Use the all-in-one-file for your setup. Should be in path kolla-ansible/ansible/inventory/all-in-one. Modify this file by replacing the localhost in the [compute]-section with the name of the host, where the compute should be created and remove the ansible_connection=local. This always worked for me, when I created a test-deployment with 1 controller and X compute-nodes.
Only in case you want the controller not on the host, where you execute the kolla-ansible, then replace all other localhost by the name of your controller-node and of course remove the ansible_connection=local everywhere.
Only the be sure: Don't forget to write the name of the host with it's ip-address in the /etc/hosts-file on the node, where you execute the kolla-ansible run.
Firstly, what's the result of kolla-ansible prechecks -i multinode_or_all-in-one command?
Dive into this method select_services_enabled_and_mapped_to_host of kolla-ansible project, you will find some clues. The method's return dependent by service_enabled and service_mapped_to_host
So, there are two step to clear your problem:
1, check the service enabled setting in /etc/kolla/globals.yml and kolla-ansible/ansible/group_vars/all.yml.
You can use this file(globals.yml) to override any variable throughout Kolla. Additional options can be found in the 'kolla-ansible/ansible/group_vars/all.yml' file.
2, check the host inventory in multinode or all-in-one file whether consistent with the really information or not.
Or everything is OK, I think you should redeploy it refer to kolla-ansible quickstar.
fatal: [default]: FAILED! => {"msg": "The conditional check 'motomo_sql_dump_create | changed' failed. The error was: No filter named 'changed' found.\n\nThe error appears to be in '/home/oem/islandora-playbook/roles/external/Islandora-Devops.matomo/tasks/console_install.yml': line 12, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name:\n ^ here\n"}
fatal: [default]: FAILED! => {"ansible_facts": {}, "ansible_included_var_files": [], "changed": false, "message": "Could not find or access 'Ubuntu-20.yml'\nSearched in:\n\t/home/oem/islandora-playbook/roles/external/geerlingguy.java/vars/Ubuntu-20.yml\n\t/home/oem/islandora-playbook/roles/external/geerlingguy.java/Ubuntu-20.yml\n\t/home/oem/islandora-playbook/roles/external/geerlingguy.java/tasks/vars/Ubuntu-20.yml\n\t/home/oem/islandora-playbook/roles/external/geerlingguy.java/tasks/Ubuntu-20.yml\n\t/home/oem/islandora-playbook/vars/Ubuntu-20.yml\n\t/home/oem/islandora-playbook/Ubuntu-20.yml on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
Probably the wrong place to ask an Islandora question. The Slack channel is the fastest. Ideally I'd suggest to switch to the ISLE (dockerized) version instead of the Ansible version. I know that's not always possible, so this looks like a previously common issue to run into. If I remember correctly it's a Ansible Version issue. The Ansible deployment of Islandora was locked into a very specific version due in part to a lack of interest in that type of build process.
The 1st error relates to changes in Ansible. In your Ansible playbook (...console_install.yml) change motomo_sql_dump_create | changed to motomo_sql_dump_create is changed. I don't know about the 2nd error
In one of my playbooks I start a service and poll for its status before moving onto the next task like the following:
- name: Poll for service status
uri:
url: http://some-service/status
register: response
until: response.status == 200
retries: 12
delay: 10
This logs a message each time it queries the URL which looks like
FAILED - RETRYING: TASK: Poll for service status
Is there a way to customise this message? Specifically remove the word FAILED.
After grepping around, I found the "FAILED - RETRYING" message in the default output callback (read about callbacks here). That means you can change the callback in ansible.cfg to something that suits your needs- or make your own. You can even search the code for v2_runner_retry to see the various outputs.
For instance, here's what stdout_callback=oneline returns. There are no "retrying" messages even at -vv. It still says "FAILED" but that's because it actually failed.
ansible-playbook -vvi localhost, p.yml
ansible-playbook 2.4.1.0
config file = /opt/app/ansible.cfg
configured module search path = ['/opt/app/library']
ansible python module location = /usr/local/lib/python3.5/dist-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.5.2 (default, Sep 14 2017, 22:51:06) [GCC 5.4.0 20160609]
Using /opt/app/ansible.cfg as config file
1 plays in p.yml
META: ran handlers
localhost | FAILED! => {"attempts": 3,"changed": false,"content": "","failed": true,"msg": "Status code was not [200]: Request failed: <urlopen error [Errno -2] Name or service not known>","redirected": false,"status": -1,"url": "http://some-service/status"}
Aside from setting it in ansible.cfg the documentation implies it can be done in a role. I have no idea how.
As #techraf said, the Ansible folks are pretty good at reviewing pull requests.
I am new to Ansible and trying to use win_ping module to ping a Windows Server 2016 (EC2 instance). Ansible is on RHEL 7.3 control machine, I have pip and pywinrm installed in control machine:
sudo pip install "pywinrm>=0.2.2"
This is my inventory file:
test ansible_connection=winrm ansible_host=34.210.164.63
[test_group]
test
[super_group:children]
test_group
[super_group:vars]
ansible_user=Administrator
ansible_password=XXXX
ansible_port=5986
ansible_winrm_server_cert_validation=ignore
This is the command I tried:
ansible all -i inventory -m win_ping
I am getting this error:
test | UNREACHABLE! => {
"changed": false,
"msg": "ssl: HTTPSConnectionPool(host='34.210.164.63', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x30df350>, 'Connection to 34.210.164.63 timed out. (connect timeout=30)'))",
"unreachable": true
}
In Windows Server 2016, Server Manager Remoting is already enabled by default, I validated it using Configure-SMremoting.exe -enable command. I did not made any configurations at Windows Server since this remoting is already enabled. Please let me know how to resolve this issue.
EDIT:
Not sure if these steps are required or notm but I tried enabling PowerShell Remoting using this command:
Enable-PSRemoting -Force
Then tried powershell.exe -File ConfigureRemotingForAnsible.ps1 and I an getting error:
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:128 char:13
+ </a> <a href="/business" class="js-selected-navigation-item na ...
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:130 char:13
+ </a> <a href="/explore" class="js-selected-navigation-item nav ...
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:132 char:17
+ </a> <a href="/marketplace" class="js-selected-navigation- ...
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:134 char:13
+ </a> <a href="/pricing" class="js-selected-navigation-item nav ...
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:136 char:11
+ </a> </nav>
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:3221 char:227
+ ... g:0;display:inline"><input name="utf8" type="hidden" value="✓" ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:3224 char:10
+ </form> </div>
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:3252 char:11
+ <li>© 2017 <span title="0.13767s from github-fe-df0f95a.cp ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks ("&") to pass it as part of a string.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:3252 char:23
+ <li>© 2017 <span title="0.13767s from github-fe-df0f95a.cp ...
+ ~
The '<' operator is reserved for future use.
At C:\Users\Administrator\Desktop\ConfigureRemotingForAnsible.ps1:3252 char:29
+ ... 2017 <span title="0.13767s from github-fe-df0f95a.cp1-iad.github.net ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unexpected token 'title="0.13767s from github-fe-df0f95a.cp1-iad.github.net">GitHub</span>' in expression or statement.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : RedirectionNotSupported
I guess I need to configure enable Remote Power Shell in my Windows Server to resolve this issue but not sure how to since I get the above erorr - please suggest.
I would go over windows logs. If they do not contain info you need - increase the verbosity.
Ping relies on winrm being up. WinRM needs execution policy changes, service configuration, ssl certificates, etc.
Maybe the safest path is to reconfigure ansible using the documentation.
The powershell remoting must be configured, in ec2 you can do this by adding user-data, running the script there, just paste the commands there.
Also, your ansible master machine must be able to connect to your target host, usually done by allowing it via security group, and creating the instance in that group.
So, in order to debug your stuff you should present the code/actions you did to setup security groups, possibly routes, and instance creation.
This is probably an AWS side issue not an ansible issue. Is your ansible server allowed to talk to your Windows EC2 instance via security group rules? By default everything is denied. You'll need to allow ICMP coming from the ansible server's address in the Windows EC2 instance's security group rules as well as from the windows server in the ansible server security group rules (if your ansible server is also an EC2 instance). If the ansible server is not an EC2 instance, make sure your firewall isn't blocking ICMP in or out for some reason.
Are these two servers on the same subnet/VPC within your account? If not, you'll have to create a VPC peering connection between the VPCs they are located on and edit route tables to point VPCs to the peering connection if traffic is coming from / going to the other VPC. The purpose of this is so that the two instances in separate VPCs can recognize and communicate with each other
I am probably late to the party, but I noticed the error you got when running powershell.exe -File ConfigureRemotingForAnsible.ps1. It's complaining about the syntax, and as far as I can tell you have HTML in that file. Did you maybe save the GitLab HTML page from the script?
Download the raw file here: https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 and try again.