Search Results

Search found 11 results on 1 pages for 'ansible'.

Page 1/1 | 1

How can I implement ansible with per-host passwords, securely?

- by supervacuo

I would like to use ansible to manage a group of existing servers. I have created an ansible_hosts file, and tested successfully (with the -K option) with commands that only target a single host ansible -i ansible_hosts host1 --sudo -K # + commands ... My problem now is that the user passwords on each host are different, but I can't find a way of handling this in Ansible. Using -K, I am only prompted for a single sudo password up-front, which then seems to be tried for all subsequent hosts without prompting: host1 | ... host2 | FAILED => Incorrect sudo password host3 | FAILED => Incorrect sudo password host4 | FAILED => Incorrect sudo password host5 | FAILED => Incorrect sudo password Research so far: a StackOverflow question with one incorrect answer ("use -K") and one response by the author saying "Found out I needed passwordless sudo" the Ansible docs, which say "Use of passwordless sudo makes things easier to automate, but it’s not required." (emphasis mine) this security StackExchange question which takes it as read that NOPASSWD is required article "Scalable and Understandable Provisioning..." which says: "running sudo may require typing a password, which is a sure way of blocking Ansible forever. A simple fix is to run visudo on the target host, and make sure that the user Ansible will use to login does not have to type a password" article "Basic Ansible Playbooks", which says "Ansible could log into the target server as root and avoid the need for sudo, or let the ansible user have sudo without a password, but the thought of doing either makes my spleen threaten to leap up my gullet and block my windpipe, so I don’t" My thoughts exactly, but then how to extend beyond a single server? ansible issue #1227, "Ansible should ask for sudo password for all users in a playbook", which was closed a year ago by mpdehaan with the comment "Haven't seen much demand for this, I think most people are sudoing from only one user account or using keys most of the time." So... how are people using Ansible in situations like these? Setting NOPASSWD in /etc/sudoers, reusing password across hosts or enabling root SSH login all seem rather drastic reductions in security.

Read the article
How do I enable additional debugging output from Ansible and Vagrant?

- by Brian Lyttle

I'm investigating Ansible for server and application provisioning. My application is currently provisioned with shell scripts in Vagrant. Rather than rewrite my scripts I've taken a sample and attempted to deploy it. It appears to deploy fine, but I've seeing a failure message after what looks like a series of successful steps: » vagrant provision ~/vm/blvagrant 1 ? [default] Running provisioner: ansible... PLAY [web-servers] ************************************************************ GATHERING FACTS *************************************************************** ok: [192.168.9.149] TASK: [install python-software-properties] ************************************ ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [add nginx ppa if it ubuntu 10.04 and up] ******************************* ok: [192.168.9.149] => {"changed": false, "item": "", "repo": "ppa:nginx/stable", "state": "present"} TASK: [update apt repo] ******************************************************* ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [install nginx] ********************************************************* ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [copy fixed init for nginx] ********************************************* ok: [192.168.9.149] => {"changed": false, "gid": 0, "group": "root", "item": "", "mode": "0755", "owner": "root", "path": "/etc/init.d/nginx", "size": 2321, "state": "file", "uid": 0} TASK: [service nginx] ********************************************************* ok: [192.168.9.149] => {"changed": false, "item": "", "name": "nginx", "state": "started"} TASK: [write nginx.conf] ****************************************************** ok: [192.168.9.149] => {"changed": false, "gid": 0, "group": "root", "item": "", "mode": "0644", "owner": "root", "path": "/etc/nginx/nginx.conf", "size": 1067, "state": "file", "uid": 0} PLAY RECAP ******************************************************************** 192.168.9.149 : ok=8 changed=0 unreachable=0 failed=0 Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. How do I go about getting additional debug information? I've already added ansible.verbose = true to my vagrant config which results in the dictionaries being displayed within the output above.

Read the article
Configure all hosts, then create a list of the config for all hosts?

- by AME

I deployed a huge number of hosts with Ansible - which did work very nice. Each host got its individual settings and configuration. Now I'd like to generate a config file for another system that uses these hosts. For it, I need for every host a part of the generated configuration (the one that configures the database). Here is an example of the situation with two hosts having different configuration and the other system that uses a part of the Ansible-generated configuration: host1 ansible configured dbA host2 ansible configured dbQ The other system: host1 = dbA host2 = dbQ The values are computed differently (dbQ instead of dbB for host2 for example) if it belongs in a different cluster and so on, making it unpractical to just read out host configuration from the host_vars. I believe I would need to iterate over the hosts and let Ansible figure out the computed values for the variables like it would when deploying, but I do not know how to put that result in one template. Please advise :)

Read the article
Idiomatic way to read .env variables in Ansible?

- by Arms

I'm provisioning a Vagrant box with Ansible, and using Benno Joy's MySQL role to setup MySQL (including creating a database and users.) The database name and credentials are stored in a .env file in the project's root. What would be the idiomatic way to use these variables when provisioning MySQL? Should I write a custom script that generates a YAML file from my .env, and then use the include_vars module? Or is there a simpler way?

Read the article
Error compiling PHP 5.5.9 on CentOS 6.5 during make command

- by Chris Mancini

Here is the error message: cc: internal compiler error: Killed (program cc1) Please submit a full bug report, with preprocessed source if appropriate. See <file:///usr/share/doc/gcc-4.6/README.Bugs> for instructions. make: *** [ext/fileinfo/libmagic/apprentice.lo] Error 1 The very last thing make was processing is apprentice.lo which appears to be part of the image manipulation libraries (maybe?). I am using Ansible to provision my instance. It is a Digital Ocean single core 512MB VM. I have been using vagrant / ansible with the same config locally for dev and it has compiled fine, this is the first cloud VM I am attempting to provision. The only difference is the base image for my DO server is coming from DO and for my local dev, I built my own Vagrant box via VirtualBox from a stock CentOS basic server install. I pull it down from my DropBox. The problem has been experienced by others and reported as a php bug report My php ansible role up to the error: --- - name: Download php source get_url: url={{ php_source_url }} dest=/tmp register: get_url_result - name: untar the source package command: tar -xvf php-{{ php_version }}.tar.gz chdir=/tmp when: get_url_result.changed or php_reinstall - name: configure php 5.5 command: > ./configure --prefix={{ php_prefix }} --with-config-file-path={{ php_config_file_path }} --enable-fpm --enable-ftp --enable-mbstring --enable-pdo --enable-soap --enable-sockets=shared --enable-zip --with-curl --with-fpm-group={{ nginx_group }} --with-fpm-user={{ nginx_user }} --with-freetype-dir=/usr/lib64/ --with-gd --with-jpeg-dir=/usr/lib64/ --with-libdir=lib64 --with-mcrypt --with-openssl --with-pdo-mysql --with-pear --with-readline --with-tidy --with-xsl --with-zlib --without-pdo-sqlite --without-sqlite3 chdir=/tmp/php-{{ php_version }} when: get_url_result.changed or php_reinstall - name: make clean when reinstalling command: make clean chdir=/tmp/php-{{ php_version }} when: php_reinstall - name: make php command: make chdir=/tmp/php-{{ php_version }} when: get_url_result.changed or php_reinstall Thanks in advance for any help. :)

Read the article
Advantages of a deployment tool over shell

- by Jimmy

Currently I have all of my deployment scripts in shell, which installs about 10 programs and configures them. The way I see it shell is a fantastic tool for this: Modular: Only one program per script, this way I can spread the programs across different servers Simple: Shell scripts are extremely simple and don't need any other software installed One-click: I only have to run the shell script once and everything is setup Agnostic: Most programmers can figure out shell, and don't need to know how to use a specific program. Versioning: Since my code is on github a simple git pull and restart all of supervisor will run my latest code. My question is, with all of these advantages, why is it people are constantly telling me to use a tool such as ansible or chef, and not to use shell.

Read the article
Simple Windows+Linux server provisioning? Chef/Puppet/Ansible etc

- by Andrew

I'm primarily a developer, part time devops; and manage servers here and there for my projects. I want to automate provisioning of web/app/database servers going forward for my projects I manage a mixture of both Windows and Linux servers (VPS, cloud and dedicated) I've looked at investigated Chef/Puppet/Ansible briefly; and I am wanting to find something that: Is easy to learn and understand. I don't want to invest weeks into understanding a complicated piece of tech. Ideally does not require a server ("master server") to hold the configurations Supports provisioning of Windows and Linux servers Comes with suitable documentation to get started Does anyone have any advice on what tool is best suited? Thanks

Read the article
Enter response once prompt returns?

- by mjb

It's neither a secure idea nor one I'd recommend elsewhere, but I have a situation when occasionally it takes a while for my Ansible ad-hoc command to respond. I'd love to pipe or args or whatever is needed to push the required text into the prompt so I can walk away and know it will finish. Ex: $ ansible all -m shell -a "reboot" --ask-pass Password: blah blah blah it worked I'd love to send an argument or << or something to get the password in. Is that possible?

Read the article
Windows Server Configuration Management Best Practices

- by Anton Gogolev

Chef/Pupper/Ansible are cool and all, but they are second-class citizens on Windows at best. We have a bunch of "snowflake" (one of a kind) machines (baremetal and virtual) that nobody really know what's going on with. What I want is to start establishing basic configuration management for said servers, starting from installing Windows, installing and enabling various Roles and Features, setting up Services, Shares, Users and deploying webapps. PowerShell DSC looks promising, but it's not yet here and appears to be over-engineered, Puppet and the like are again not first-class. There's a bunch of tooks and TLAs like Windows ADK, DISM, OCSetup, etc. and it seems to me that the "Configuration Management" story on Windows is not precisely rainbows and unicorns. What I want is a Puppet/Chef-like, lightweight tool (no System Center Configuration Management, please) which would allow us to "version-control our server infrastructure" and bring all the benefits of CM. So, where do I look for the tool that does this kind of thing?

Read the article
Cannot use apt-get/dpkg -- Input/output error

- by mecho

I have bumped into an issue that doesn't allow me to do anything related to apt-get: install, remove, etc. Whenever I try to do something (e.g. sudo apt-get install firefox -f) it gives me the same error message: Reading database ... dpkg: unrecoverable fatal error, aborting: unable to open files list file for package `fontconfig-config': Input/output error E: Sub-process /usr/bin/dpkg returned an error code (2) I have tried to deal with the package `fontconfig-config' without success. I have found that the "Input/output error" is usually linked with physical problems of the hd, but I do not think that's the case I am using that hd without any other problem. I have tried removing the mention to the package in /var/lib/dpkg/status as mentioned here. I have tried deleting all files related to the package in /var/lib/dpkg/info as I found somewhere. But I still cannot do anything. The funny bit comes when I look for the file that is giving me troubles: mecho@Ansible-MS-7680:/var/lib/dpkg/info$ ls fontconfig* ls: cannot access fontconfig-config.list: Input/output error fontconfig.list fontconfig.postinst fontconfig.preinst fontconfig.triggers fontconfig.md5sums fontconfig.postrm fontconfig.prerm This is done after I deleted all files ... it looks like fontconfig-config.list still exists but it doesn't show up! Any idea about how to solve the problem? I am on kubuntu precise, fontconfig-config_2.8.0-3ubuntu9.1

Read the article
Puppet Decentralized Setup

- by paul.tw

I want to migrate my existing Puppet setup from master/client to a decentralized solution. I know other solutions, such as Ansible are easier to setup for that purpose, but I really want to stay with Puppet. I found "supply_drop"(https://github.com/pitluga/supply_drop) on github, so I followed the instructions and did the following: rvm gemset create testing rvm use 1.9.3@testing gem install supply_drop The output is the following: [m@ms-MacBook-Pro:~ $ irb 1.9.3-p547 :001 require 'supply_drop' NameError: uninitialized constant Capistrano from /Users/m/.rvm/gems/ruby-1.9.3-p547@testing/gems/supply_drop-0.17.0/lib/supply_drop/tasks.rb:1:in `' from /Users/m/.rvm/rubies/ruby-1.9.3-p547/lib/ruby/site_ruby/1.9.1/rubygems/core_ext/kernel_require.rb:55:in `require' from /Users/m/.rvm/rubies/ruby-1.9.3-p547/lib/ruby/site_ruby/1.9.1/rubygems/core_ext/kernel_require.rb:55:in `require' from /Users/m/.rvm/gems/ruby-1.9.3-p547@testing/gems/supply_drop-0.17.0/lib/supply_drop.rb:10:in `' from /Users/m/.rvm/rubies/ruby-1.9.3-p547/lib/ruby/site_ruby/1.9.1/rubygems/core_ext/kernel_require.rb:135:in `require' from /Users/m/.rvm/rubies/ruby-1.9.3-p547/lib/ruby/site_ruby/1.9.1/rubygems/core_ext/kernel_require.rb:135:in `rescue in require' from /Users/m/.rvm/rubies/ruby-1.9.3-p547/lib/ruby/site_ruby/1.9.1/rubygems/core_ext/kernel_require.rb:144:in `require' from (irb):1 from /Users/m/.rvm/rubies/ruby-1.9.3-p547/bin/irb:12:in `' Since that doesn't work without problems, I was wondering which alternatives are there available to do the same. Do you have any suggestings?

Read the article

1