can you help me? This is my ansible script:
---
- hosts: "{{host_list}}"
remote_user: root
gather_facts: true
tasks:
- name: Check if Cloudwatch Agent is Installed Already
command: service status amazon-cloudwatch-agent
register: init_status_result
ignore_errors: yes
- debug:
var: init_status_result.stderr
verbosity: 4
- name: Create Directory for Downloading Cloudwatch Agent zip
file:
path: /opt/aws/amazon-cloudwatch-zip
state: directory
owner: root
group: root
mode: '0755'
recurse: no
when: init_status_result.stderr is search ("For other actions, please try to use systemctl")
I have this error when attempting to run my playbook (I just want a way really to run through the playbook if the status check of the cloudwatch agent service is not found.):
user1#ansible01-infra-mgnt:~/.ansible/playbooks/cw_agent$ ansible-playbook -K -i /home/user1/.ansible/etc/hosts --extra-vars="host_list=11.22.33.44" install_cw_agent.yml
SUDO password:
PLAY [11.22.33.44] **************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [11.22.33.44]
TASK [Check if Cloudwatch Agent is Installed Already] ***************************************************************************************************************************************************************************************
[WARNING]: Consider using the service module rather than running service. If you need to use command because service is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid
of this message.
fatal: [11.22.33.44]: FAILED! => {"changed": false, "cmd": "service status amazon-cloudwatch-agent", "msg": "[Errno 2] No such file or directory", "rc": 2}
...ignoring
TASK [debug] ********************************************************************************************************************************************************************************************************************************
skipping: [11.22.33.44]
TASK [Create Directory for Downloading Cloudwatch Agent zip] ********************************************************************************************************************************************************************************
fatal: [11.22.33.44]: FAILED! => {"msg": "The conditional check 'init_status_result.stderr is search (\"For other actions, please try to use systemctl\")' failed. The error was: Unexpected templating type error occurred on ({% if init_status_result.stderr is search (\"For other actions, please try to use systemctl\") %} True {% else %} False {% endif %}): expected string or buffer\n\nThe error appears to have been in '/home/user1/.ansible/playbooks/cw_agent/install_cw_agent.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Create Directory for Downloading Cloudwatch Agent zip\n ^ here\n"}
to retry, use: --limit #/home/user1/.ansible/playbooks/cw_agent/install_cw_agent.retry
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
11.22.33.44 : ok=2 changed=0 unreachable=0 failed=1 ```
Try shell module to check the service status instead of command module .
shell: “service status service_name”
Related
roles/tasks/main.yml code
- name: Download and unpack node exporter binary to /usr/local/bin
unarchive:
src: https://github.com/prometheus/node_exporter/releases/download/v1.2.2/node_exporter-1.2.2.linux-amd64.tar.gz
dest: /usr/local/bin/
remote_src: yes
extra_opts: [--strip-components=1]
owner: "ec2-user"
group: "ec2-user"
node-exporter.yml code
---
- hosts: node-exporter
become: false
gather_facts: false
roles:
- roles
error message
fatal: [ip]: FAILED! => {"changed": false, "msg": "Failure downloading https://github.com/prometheus/node_exporter/releases/download/v1.2.2/node_exporter-1.2.2.linux-amd64.tar.gz, Request failed: <urlopen error [Errno -2] Name or service not known>"}
if I run "ansible -m ping node-exporter", I receive pong. and "ping www.google.com" working well
but, this code not working
Help me how to solve this problem or recommend me any code ....
(I use amazon linux)
Something weird is happening there. At your role code you have https://github.com/ and in the error ssh://github.com, are you sure that you are using the last version of your code or something like that?
I wrote a quick ansible playbook to launch a simple ec2 instance but I think I have an issue on how I want to authenticate.
What I don't want to do is set my aws access/secret keys as env variables since they expire each hour and I need to regenerate the ~/.aws/credentials file via a script.
Right now, my ansible playbook looks like this:
--- # Launch ec2
- name: Create ec2 instance
hosts: local
connection: local
gather_facts: false
vars:
profile: profile_xxxx
key_pair: usrxxx
region: us-east-1
subnet: subnet-38xxxxx
security_groups: ['sg-e54xxxx', 'sg-bfcxxxx', 'sg-a9dxxx']
image: ami-031xxx
instance_type: t2.small
num_instances: 1
tag_name: ansibletest
hdd_volumes:
- device_name: /dev/sdf
volume_size: 50
delete_on_termination: true
- device_name: /dev/sdh
volume_size: 50
delete_on_termination: true
tasks:
- name: launch ec2
ec2:
count: 1
key_name: "{{ key_pair }}"
profile: "{{ profile }}"
group_id: "{{ security_groups }}"
instance_type: "{{ instance_type }}"
image: "{{ image }}"
region: "{{ region }}"
vpc_subnet_id: "{{ subnet }}"
assign_public_ip: false
volumes: "{{ hdd_volumes }}"
instance_tags:
Name: "{{ tag_name }}"
ASV: "{{ tag_asv }}"
CMDBEnvironment: "{{ tag_cmdbEnv }}"
EID: "{{ tag_eid }}"
OwnerContact: "{{ tag_eid }}"
register: ec2
- name: print ec2 vars
debug: var=ec
my hosts file is this:
[local]
localhost ansible_python_interpreter=/usr/local/bin/python2.7
I run my playbook like this:
ansible-playbook -i hosts launchec2.yml -vvv
and then get this back:
PLAYBOOK: launchec2.yml ********************************************************
1 plays in launchec2.yml
PLAY [Create ec2 instance] *****************************************************
TASK [launch ec2] **************************************************************
task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.yml:27
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: usrxxx
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" && echo ansible-tmp-1485527483.82-106272618422730="` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" ) && sleep 0'
<localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpnk2rh5 TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py
<localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpEpwenH TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args; rm -rf "/Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_name": "ec2"
},
"module_stderr": "usage: ec2.py [-h] [--list] [--host HOST] [--refresh-cache]\n [--profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args\n",
"module_stdout": "",
"msg": "MODULE FAILURE"
}
to retry, use: --limit #/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry
PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1
I noticed in the ec2.py file it says this:
NOTE: This script assumes Ansible is being executed where the environment
variables needed for Boto have already been set:
export AWS_ACCESS_KEY_ID='AK123'
export AWS_SECRET_ACCESS_KEY='abc123'
This script also assumes there is an ec2.ini file alongside it. To specify a
different path to ec2.ini, define the EC2_INI_PATH environment variable:
export EC2_INI_PATH=/path/to/my_ec2.ini
If you're using eucalyptus you need to set the above variables and
you need to define:
export EC2_URL=http://hostname_of_your_cc:port/services/Eucalyptus
If you're using boto profiles (requires boto>=2.24.0) you can choose a profile
using the --boto-profile command line argument (e.g. ec2.py --boto-profile prod) or using
the AWS_PROFILE variable:
AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml
so I ran it like this:
AWS_PROFILE=profile_xxxx ansible-playbook -i hosts launchec2.yml -vvv
but still got the same results...
----EDIT-----
I also ran it like this:
export ANSIBLE_HOST_KEY_CHECKING=false
export AWS_ACCESS_KEY=<your aws access key here>
export AWS_SECRET_KEY=<your aws secret key here>
ansible-playbook -i hosts launchec2.yml
but still got this back...still seems to be a credentials issue?
usrxxx$ ansible-playbook -i hosts launchec2.yml
PLAY [Create ec2 instance] *****************************************************
TASK [launch ec2] **************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "module_stderr": "usage: ec2.py [-h] [--list] [--host HOST] [--refresh-cache]\n [--profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485531356.01-33528208838066/args\n", "module_stdout": "", "msg": "MODULE FAILURE"}
to retry, use: --limit #/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry
PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1
---EDIT 2------
Completely removed ansible and then installed with homebrew but got the same error....so I think went to the directory that its looking for ec2.py (Using module file /usr/local/Cellar/ansible/2.2.1.0/libexec/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py) and replaced that ec2.py with this one...https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py....but now get this error:
Using /Users/usrxxx/ansible/ansible.cfg as config file
PLAYBOOK: launchec2.yml ********************************************************
1 plays in launchec2.yml
PLAY [Create ec2 instance] *****************************************************
TASK [aws : launch ec2] ********************************************************
task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/roles/aws/tasks/main.yml:1
Using module file /usr/local/Cellar/ansible/2.2.1.0/libexec/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py
fatal: [localhost]: FAILED! => {
"failed": true,
"msg": "module (ec2) is missing interpreter line"
}
Seems you have placed ec2.py inventory script into your /path/to/playbook/library/ folder.
You should not put dynamic inventory scripts there – this way Ansible runs inventory script instead of ec2 module.
Remove ec2.py from your project's library folder (or Ansible global library defined in ansible.cfg) and try again.
I wish to combine the output of two commands into one new variable that i can use as args for another command:
---
- hosts: '{{target}}'
tasks:
- name: determine storage nfs mount points
shell: /usr/sbin/showmount -d | grep -v Directories
register: nfs
ignore_errors: yes
- debug: var=nfs.stdout_lines
- name: determine storage xrd mount points
shell: df | grep /xrd | awk '{print $6}'
register: xrd
- debug: var=xrd.stdout_lines
- name: determine all mount points
set_fact: mounts="{{ nfs.stdout_lines }} + {{ xrd.stdout_lines }}"
- name: run gather script
script: gather.py {{mounts.stdout_lines|join(" ")}} > /tmp/gather.txt
register: gather
however, when i run it it comes out with:
PLAY [ltda-srv050] *************************************************************
TASK [setup] *******************************************************************
ok: [ltda-srv050]
TASK [determine storage nfs mount points] **************************************
fatal: [ltda-srv050]: FAILED! => {"changed": true, "cmd": "/usr/sbin/showmount -d | grep -v Directories", "delta": "0:00:00.011269", "end": "2016-09-14 23:48:14.489385", "failed": true, "rc": 1, "start": "2016-09-14 23:48:14.478116", "stderr": "clnt_create: RPC: Program not registered", "stdout": "", "stdout_lines": [], "warnings": []}
...ignoring
TASK [debug] *******************************************************************
ok: [ltda-srv050] => {
"nfs.stdout_lines": []
}
TASK [determine storage xrd mount points] **************************************
changed: [ltda-srv050]
TASK [debug] *******************************************************************
ok: [ltda-srv050] => {
"xrd.stdout_lines": [
"/xrd/cache1",
"/xrd/cache2",
"/xrd/cache3",
"/xrd/cache4",
"/xrd/cache5",
"/xrd/cache6",
"/xrd/cache7",
"/xrd/cache8",
"/xrd/cache9",
"/xrd/cache10",
"/xrd/cache11"
]
}
TASK [determine all mount points] **********************************************
ok: [ltda-srv050]
TASK [run gather script] *******************************************************
fatal: [ltda-srv050]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'list object' has no attribute 'stdout_lines'\n\nThe error appears to have been in '/afs/slac.stanford.edu/u/sf/ytl/work/storage/gather_file_attributes/retrieve_file_attributes.yml': line 21, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: run gather script\n ^ here\n"}
NO MORE HOSTS LEFT *************************************************************
[WARNING]: Could not create retry file 'retrieve_file_attributes.retry'. [Errno 2] No such file or directory: ''
PLAY RECAP *********************************************************************
ltda-srv050 : ok=6 changed=1 unreachable=0 failed=1
help...?
mounts is already a list, so removing it trying to call .stdout_lines on it fails - removing .stdout_lines works :)
I'm new to Ansible, Ansible Tower, and AWS Cloud Formation and am trying to have Ansible Tower deploy an EC2 Container Service using a Cloud Formation template. I try to run the deploy job and am running into this error below.
TASK [create/update stack] *****************************************************
task path: /var/lib/awx/projects/_6__api/tasks/create_stack.yml:2
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: awx
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790 `" && echo ansible-tmp-1470427494.79-207756006727790="` echo $HOME/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpgAsKKv TO /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-coqlkeqywlqhagfixtfpfotjgknremaw; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 AWS_DEFAULT_REGION=us-west-2 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation; rm -rf "/var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/" > /dev/null 2>&1'"'"' && sleep 0'
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "cloudformation"}, "module_stderr": "/bin/sh: /usr/bin/sudo: Permission denied\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}
This is the create/update task:
---
- name: create/update stack
cloudformation:
stack_name: my-stack
state: present
template: templates/stack.yml
template_format: yaml
template_parameters:
VpcId: "{{ vpc_id }}"
SubnetId: "{{ subnet_id }}"
KeyPair: "{{ ec2_keypair }}"
DbUsername: "{{ db_username }}"
DbPassword: "{{ db_password }}"
InstanceCount: "{{ instance_count | default(1) }}"
tags:
Environment: test
register: cf_stack
- debug: msg={{ cf_stack }}
when: debug is defined
The playbook that Ansible Tower executes is a site.yml file:
---
- name: Deployment Playbook
hosts: localhost
connection: local
gather_facts: no
environment:
AWS_DEFAULT_REGION: "{{ lookup('env', 'AWS_DEFAULT_REGION') | default('us-west-2', true) }}"
tasks:
- include: tasks/create_stack.yml
- include: tasks/deploy_app.yml
This is what my playbook folder structure looks like:
/deploy
/group_vars
all
/library
aws_ecs_service.py
aws_ecs_task.py
aws_ecs_taskdefinition.py
/tasks
stack.yml
/templates
site.yml
I'm basing everything really on Justin Menga's pluralsight course "Continuous Delivery using Docker and Ansible", but he uses Jenkins, not Ansible Tower, which is probably why the disconnect. Anyway, hopefully that is enough information, let me know if I should also provide the stack.yml file. The files under the library directory are Menga's customized modules from his video course.
Thanks for reading all this and for any potential help! This is a link to his deploy playbook repository that I closely modeled everything after, https://github.com/jmenga/todobackend-deploy. Things that I took out are the DB RDS stuff.
If you look at the two last lines of the error message you can see that it is attempting to escalate privileges but failing:
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-coqlkeqywlqhagfixtfpfotjgknremaw; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 AWS_DEFAULT_REGION=us-west-2 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/cloudformation; rm -rf "/var/lib/awx/.ansible/tmp/ansible-tmp-1470427494.79-207756006727790/" > /dev/null 2>&1'"'"' && sleep 0'
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "cloudformation"}, "module_stderr": "/bin/sh: /usr/bin/sudo: Permission denied\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}
As this is a local task it is attempting to switch to the root user on the box that Ansible Tower is running on and the user presumably (and for good reason) doesn't have the privileges to do this.
With normal Ansible you can avoid this by not specifying the --become or -b flags on the command line or by specifying become: false in the task/play definition.
As you pointed out in the comments, with Ansible Tower it's a case of unticking the "Enable Privilege Escalation" option in the job template.
I've being trying to run this ansible playbook to get a AWS resource tags:
- name: list resource tags
local_action: ec2_tag resource=i-abcdefg region=us-east-1 state=list
register: result
And this error is returned:
failed: [ec2-11-222-333-444.compute-1.amazonaws.com] => {"failed":
true, "parsed": false} invalid output was: [sudo via ansible,
key=heoqwlqnhxlxyzwnxmtbvmdtvmvjbsux] password:
FATAL: all hosts have already failed -- aborting
How can I fix that
You cannot run this local_action as root. Change your task to be:
- name: list resource tags
sudo: false
local_action: ec2_tag resource=i-abcdefg region=us-east-1 state=list
register: result