SweetOps #ansible for June, 2020

Discussions related to ansible configuration management

2020-06-03

sahil kamboj

Hey Guys how can i improve this or make it more productive

- name: installing bench 
  hosts: localhost
  become: true
  gather_facts: False
  vars:
    - bench_command: bench init frappe-bench --skip-redis-config-generation --apps_path apps.json
  
  vars_prompt:
    - name: user_password
      prompt: "Set frappe user password?"
      confirm: yes
    - name: efs_id
      prompt: "Please enter efs-id-"


  tasks:
  
  - name: Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
    user:
      name: frappe
      password: "{{ user_password }}"
      generate_ssh_key: yes
      ssh_key_bits: 2048
      ssh_key_file: .ssh/id_rsa
      state: present
    become: true

  - name: Ansible check efs-utils exists example.
    stat:
      path: /home/ubuntu/efs-utils
    register: efs_detail
  - debug:
      msg: "efs-utils is installed"
    when: efs_detail.stat.exists

  - name: install nfs-utils
    become: true
    git:
      repo: <https://github.com/aws/efs-utils>
      dest: /home/ubuntu/efs-utils
      clone: yes
      update: no
    when: not efs_detail.stat.exists


  - name: installing efs
    shell: "{{ item }}"
    args:
      chdir: /home/ubuntu/efs-utils
    with_items:
      - "./build-deb.sh"
      - "sudo apt-get -y install ./build/amazon-efs-utils-1.25-3.deb"
    when: not efs_detail.stat.exists

  - name: Install a list of packages
    apt:
      pkg:
      - 'nginx'
      - 'supervisor'
      - 'python3-pip'
      state: present
    become: true
    
  - name: Ansible check mount exists example.
    stat:
      path: /home/frappe/mount/
    register: mount_detail
    
  - name: mount efs to mount directory
    command: "{{ item }}"
    args:
      chdir: "/home/frappe"
    with_items:
      - "mkdir mount"
      - "mount -t efs {{ efs_id }}:/ /home/frappe/mount/"
      - "chown frappe:frappe  -R /home/frappe/mount"
    become: true
    when: not mount_detail.stat.exists

- name: install incomplete
  hosts: localhost
  become_user: frappe
  gather_facts: False

  tasks:
  - name: install nvm and v10
    shell: >
      curl -o- <https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh> | bash
    args:
      executable: /bin/bash
      chdir: "/home/ubuntu"
      creates: "/home/ubuntu/.nvm/nvm.sh"

  - name: npm and another dependenciews as frappe
    shell: >
        . /home/ubuntu/.nvm/nvm.sh && nvm install {{ item }}
    args:
      executable: /bin/bash
      chdir: /home/ubuntu
      creates: "/home/ubuntu/.nvm/versions/{{ item }}"
    with_items:
      - v10
      

2020-06-19

Brij S

02:03:27 PM

Hey guys, I am using a solution from stackoverflow with the following

  tasks:
    - name: obtain iam role info
      iam_role_info:
        name: dns-management
      register: role_info

    - name: obtain current trust relationship policy 
      set_fact:
        trust_relationship: "{{ role_info | json_query('iam_roles[0].assume_role_policy_document.statement[0]') }}"

    - name: add account id to trust relationship
      json_modify:
        data: "{{ trust_relationship }}"
        pointer: "/principal/aws/0"
        action: extend
        extend:
          - "arn:aws:iam::001122334455:root"
          - "arn:aws:iam::001122334455:root"
      register: result

    - debug:
        var: result

the trust relationship var holds the following

    "trust_relationship": {
        "action": "sts:AssumeRole",
        "effect": "Allow",
        "principal": {
            "aws": [
                "arn:aws:iam::123456789012:root",
                "arn:aws:iam::098765432123:root"
            ]
        }
    }
}

but when I run it I get the following error

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'str' object has no attribute 'extend'
fatal: [localhost]: FAILED!

best way to modify json in ansible

I have a variable (via set_fact) containing a json string: { “PolicyVersion”: { “CreateDate”: “2017-08-07T0205Z”, “Document”: { “Statement”: [ { “Action”: “sts:

Brij S

02:03:37 PM

any idea how to fix this

2020-06-23

David Medinets

11:27:41 PM

Hi. I am using Centos7 and using dnf to install packages. The system is trying to install python3-dnf but it can’t be found. Any ideas?

Brij S

03:01:04 PM

https://github.com/ansible/ansible/issues/67083

Ansible dnf python3 is not working with Centos 7 · Issue #67083 · ansible/ansible

SUMMARY Using ansible dnf module with python 3 in Centos 7 is impossible due to missing python3 modules. The python3-dnf doesn't exist as package for Centos 7 (was "backported" in EPE…

David Medinets

03:02:47 PM

Thanks. That’s fairly amazing to me. But easy to work around using ansible_python_interpreter.

2020-06-24

2020-06-26

David Medinets

06:30:53 PM

The ansible password_hash provides sha512. I tried using sha1028 out of curiosity and it was not supported. Is there another way to get better hashing?

2020-06-29

Brij S

10:04:10 PM

has anyone here written ansible modules before?

David Medinets

01:55:44 PM

do you want a general introduction or do you have a specific question?

2020-06-30

Saichovsky

08:58:24 AM

Hello,

I just installed auditd using this module https://github.com/robertdebock/ansible-role-auditd

It generates /etc/audit/auditd.conf from defaults/main.yml I would like to change a value in auditd.conf (or main.yaml - whichever needs modification). How do I go about achieving this? I would like to change the value of auditd_log_group before starting auditd

robertdebock/ansible-role-auditd

Install and configure auditd on your system. Contribute to robertdebock/ansible-role-auditd development by creating an account on GitHub.

Saichovsky

12:02:00 PM

Figured it out… disregard above request