spurin / diveintoansible Goto Github PK
View Code? Open in Web Editor NEWContent for DiveInto.com's 'Dive Into Ansible' Course
Content for DiveInto.com's 'Dive Into Ansible' Course
Context and detail is required on the use of the host_vars and group_vars folders.
These are referenced and used in the course but, the detail explaining their usage is missing.
Video content to be updated. Please follow this issue if you're interested in updates.
Can you please tell me what is the reason and issue.I am attaching my .env file.
I am running on Windows 10 machine.
myenv.zip
Thanks
Pandu G
When trying to clone the repository I met with the error "fatal: unable to access 'https://github.com/spurin/diveintoansible.git/': server certificate verification failed. CAfile: none CRLfile: none"
See attached for a screen grab.
Thanks,
Sean Horn
As per feedback in Udemy, add to next major update.
Note to self:
Sadly, the version of ansible which is in the main repository has skewed from that of the official release. I noticed the the loader.py file which is part of our installed ansible (/usr/local/lib/python3.10/dist-packages/ansible/plugins/loader.py) differs to that of the one in the ansible source code that we cloned (/home/ansible/ansible/lib/ansible/plugins/loader.py)
When we run the test module (~/ansible/hacking/test-module) it is using the loader.py from our installed ansible version (/usr/local/lib/python3.10/dist-packages/ansible/plugins/loader.py) instead of the one in the source tree (/home/ansible/ansible/lib/ansible/plugins/loader.py) -- although this is annoying it is expected behaviour in Python, it will and should search installed paths first.
The way to fix this, we need to ensure that the ansible source code that we're using, matches our version of ansible. So for now, the instructions for this class need to be updated as follows -
# find out the ansible core version
ansible@ubuntu-c:~$ ansible --version
ansible [core 2.14.2] <----- *** Release 2.14 ***
config file = None
configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
# clone the ansible source code to ~
cd ~
git clone https://github.com/ansible/ansible.git
# checkout a specific branch, this should match the release in ansible --version
cd ansible
# show available branches
ansible@ubuntu-c:~/ansible$ git fetch -v
POST git-upload-pack (155 bytes)
From https://github.com/ansible/ansible
= [up to date] devel -> origin/devel
= [up to date] mazer_role_loader -> origin/mazer_role_loader
= [up to date] milestone -> origin/milestone
= [up to date] release1.5.0 -> origin/release1.5.0
= [up to date] release1.5.1 -> origin/release1.5.1
= [up to date] release1.5.2 -> origin/release1.5.2
= [up to date] release1.5.3 -> origin/release1.5.3
= [up to date] release1.5.4 -> origin/release1.5.4
= [up to date] release1.5.5 -> origin/release1.5.5
= [up to date] release1.6.0 -> origin/release1.6.0
= [up to date] release1.6.1 -> origin/release1.6.1
= [up to date] release1.6.10 -> origin/release1.6.10
= [up to date] release1.6.2 -> origin/release1.6.2
= [up to date] release1.6.3 -> origin/release1.6.3
= [up to date] release1.6.4 -> origin/release1.6.4
= [up to date] release1.6.5 -> origin/release1.6.5
= [up to date] release1.6.6 -> origin/release1.6.6
= [up to date] release1.6.7 -> origin/release1.6.7
= [up to date] release1.6.8 -> origin/release1.6.8
= [up to date] release1.6.9 -> origin/release1.6.9
= [up to date] release1.7.0 -> origin/release1.7.0
= [up to date] release1.7.1 -> origin/release1.7.1
= [up to date] release1.7.2 -> origin/release1.7.2
= [up to date] release1.8.0 -> origin/release1.8.0
= [up to date] release1.8.1 -> origin/release1.8.1
= [up to date] release1.8.2 -> origin/release1.8.2
= [up to date] release1.8.3 -> origin/release1.8.3
= [up to date] release1.8.4 -> origin/release1.8.4
= [up to date] stable-1.9 -> origin/stable-1.9
= [up to date] stable-2.0 -> origin/stable-2.0
= [up to date] stable-2.0-network -> origin/stable-2.0-network
= [up to date] stable-2.0.0.1 -> origin/stable-2.0.0.1
= [up to date] stable-2.1 -> origin/stable-2.1
= [up to date] stable-2.10 -> origin/stable-2.10
= [up to date] stable-2.11 -> origin/stable-2.11
= [up to date] stable-2.12 -> origin/stable-2.12
= [up to date] stable-2.13 -> origin/stable-2.13
= [up to date] stable-2.14 -> origin/stable-2.14
= [up to date] stable-2.15 -> origin/stable-2.15
= [up to date] stable-2.2 -> origin/stable-2.2
= [up to date] stable-2.3 -> origin/stable-2.3
= [up to date] stable-2.4 -> origin/stable-2.4
= [up to date] stable-2.5 -> origin/stable-2.5
= [up to date] stable-2.6 -> origin/stable-2.6
= [up to date] stable-2.7 -> origin/stable-2.7
= [up to date] stable-2.8 -> origin/stable-2.8
= [up to date] stable-2.9 -> origin/stable-2.9
= [up to date] temp-2.10-devel -> origin/temp-2.10-devel
= [up to date] threading_instead_of_forking -> origin/threading_instead_of_forking
= [up to date] threading_plus_forking -> origin/threading_plus_forking
# switch to the stable version of that branch
git checkout stable-2.14
# test the test-module (we're running this with python3 direct, change the interpreter to avoid doing this each time)
python3 ~/ansible/hacking/test-module
Usage: test-module -[options] (-h for help)
Options:
-h, --help show this help message and exit
-m MODULE_PATH, --module-path=MODULE_PATH
REQUIRED: full path of module source to execute
-a MODULE_ARGS, --args=MODULE_ARGS
module argument string
-D DEBUGGER, --debugger=DEBUGGER
path to python debugger (e.g. /usr/bin/pdb)
-I INTERPRETER_TYPE=INTERPRETER_PATH, --interpreter=INTERPRETER_TYPE=INTERPRETER_PATH
path to interpreter to use for this module (e.g.
ansible_python_interpreter=/usr/bin/python)
-c, --check run the module in check mode
-n, --noexecute do not run the resulting module
-o FILENAME, --output=FILENAME
Filename for resulting module
Hi there, I was working through the 'Lets check our Ansible knowledge' test for the Ansible Modules section (Approx 14m30s in the video). I constructed the command using the Ansible documentation and noticed a small error in the instructional video.
The command as shown was:
ansible all -m file -a 'path=/tmp/test_modules.txt state=touch mode=600'
but I noticed that the documentation states that the mode value in this case will be interpreted as decimal and not octal. I think the command should therefor be:
ansible all -m file -a 'path=/tmp/test_modules.txt state=touch mode='600''
or
ansible all -m file -a 'path=/tmp/test_modules.txt state=touch mode=0600'
SO here is the error I keep getting when I try to run the playbook after adding the restart nginx task :
TASK [Restart Nginx] ***********************************************************************************************************************************************************************
fatal: [centos1]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
fatal: [centos2]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
fatal: [ubuntu2]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
fatal: [centos3]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
fatal: [ubuntu1]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
fatal: [ubuntu3]: FAILED! => {"changed": false, "msg": "Could not find the requested service Restart: host"}
Any advice on how to fix this ?
Hi,
I'm currently in exercice 4 for inventory fiiles where we connect as root to the centos
`ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/04$ cat hosts
[centos]
centos1 ansible_user=root
centos2 ansible_user=root
centos3 ansible_user=root
[ubuntu]
ubuntu1
ubuntu2
ubuntu3
ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/04$ `
and it always five me root errors like:
centos1 | UNREACHABLE!: Failed to connect to the host via ssh: root@centos1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). centos2 | UNREACHABLE!: Failed to connect to the host via ssh: root@centos2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). centos3 | UNREACHABLE!: Failed to connect to the host via ssh: root@centos3: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). ubuntu2 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"} ubuntu3 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"} ubuntu1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"}
and when I copy the publick key via ssh to rrot this happens: ssh-copy-id -p 2222 root@centos1 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@centos1's password: bash: /root/.bashrc: Permission denied mkdir: cannot create directory ‘.ssh’: Permission denied
Can you help me?
ssh: connect to host d port 22: Connection refused
I get this error always when i try to use this command:
proxychains4 ssh -- d
Please fix the error please help me
Link in your documentation in "Ansible Playbooks, Breakdown of Sections".
found instead:
https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html
Hi @spurin! I recently signed up for this class via Udemy and am having some issues. I am using Parallels Ubuntu VM on a Mac. Every time I exit out of Parallels and try to resume, I am unable to log back into the terminal. I tried the troubleshooting steps but just ended up going back to the beginning and starting over. Once I reach the part where you do docker compose up
it ends up working, so I'm not sure which step I am having to repeat before it works.
Note: When I do docker compose up
right when I resume the VM, it says:
attaching to centos1, centos2, etc etc
and then:
error response from daemon: driver failed programming external connectivity on endpoint centos1..........Bind for 0.0.0.0:2225 failed: port is already allocated.
Any help is greatly appreciated. This is preventing me from moving forward. Thank you!
Update video/lab to match, also see: spurin/diveintoansible-lab#118
The extra templates dir causes the unarchive module to not find the zip
the ansible code password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters,digits,hexdigits,punctuation') | password_hash('sha512') }}" creates the password for the users, but how would you give that to them? you dont know what it generated. it would be better to change this to a real world example of one where the user would be able to receive their password so they could login. but since you are using ssh keys, they dont have to worry, but what if ssh-keys were broken?
Hi James,
I am going through your class on O'Reilly and liking it. I did run into some problems with the aforementioned chapter regarding creation of EC2 instances. There were a number of them. I was able to get it all working but felt I should share what I did to help everyone.
Default VPC
This isn't really a thing anymore since classic EC2 is going away. If a student has deleted the default, as I had, they might not be able to recreate one. That was my case. I had to manually create a vpc then manually create a security group referencing that VPC then I had to provide both the and the vpc_subnet_id and the group_id using the values I got from the dashboard. also, the ami referenced in the video is not current but that might not matter:
ec2: key_name: ansible **group_id: <group id>** instance_type: t2.micro **image: ami-0b0af3577fe5e3532** **vpc_subnet_id: <subnet id>** region: us-east-1 wait: true exact_count: 5 **assign_public_ip: yes** count_tag: Name: AnsibleNginxWebservers instance_tags: Name: Ansible register: ec2
Error when running the script when building the host group.
once I added the properties as noted above, the instances would get created but building the group threw this error
ERROR! Invalid empty host name provided:
to fix this, I added the assign_public_ip: yes property which fixed the issue.
These were my fixes. Not being an expert, there might have been another route to get to success but this worked for me.
references:
Migrate from EC2-Classic to a VPC
VPC Wizard instructions
amazon.aws.ec2 – create, terminate, start or stop an instance in ec2
source for the public ip property addition
Cheers, Michael.
@spurin Hello Mr Spurin, I hope, you are doing well.
I am learning Ansible by Udemy courses. In the Configuration SSH Conectivity between hosts part, when Im using cmd ssh ubuntu1, It doesnt accept the password and i got the error permission denied. Could you please guid me about that.
Thank you so much.
*.png
and *.zip
are binary
not text
Getting the following error when attempting to run the ec2_playbook.yaml
in the AWS with Ansible section:
[DEPRECATION WARNING]: amazon.aws.ec2 has been deprecated. The ec2 module is based upon a deprecated version of the AWS SDKs and is deprecated in favor of the ec2_instance module. Please update your
tasks. This feature will be removed from amazon.aws in version 4.0.0. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
Useful for a consistent editing experience.
Feedback from Udemy for course enhancement:
At 3:54, it took me longer than it should to understand differences between include_tasks and import_tasks. One point of confusion is using a negative conditional.
The video can be simplified by avoiding the negative when
directive, e.g. change include_tasks var is not defined
to include_tasks_var is defined
and adjust the expectations accordingly, same for import.
name: Create a sample Container
hosts: slave1
become: true
tasks:
I get the error:
fatal: [client1]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (Docker SDK for Python: docker (Python >= 2.7) or docker-py (Python 2.6)) on ip-'s Python /usr/bin/python3. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter, for example via pip install docker
or pip install docker-py
(Python 2.6). The error was: No module named 'docker'"}
I have configured the inventory on the master node as follows:
[production]
client1 ansible_ssh_host=
client2 ansible_ssh_host=
[production:vars]
ansible_python_interpreter=/usr/bin/python3
I cannot rid of this error. Without being installed pip it didn't work. I installed pip although I had pip3, but again nothing!
Please, any suggestion?
Add support for rancher desktop currently the default ownership and permissions for the lab container volumes are not correct, preventing password-less public key login to the lab containers [ubuntu1-3 & centos1-3] via ssh.
A workaround is to, on all 6 containers un-comment the StrictMode
and PubkeyAuthentication
lines; then set StrictMode no
in the /etc/ssh/sshd_config
file. Next run the systemctl restart sshd
, command.
A better solution and likely fix is to figure out a way where the ansible user home directory and all of its subdirectories are owned by the ansible
user and group. Instead of as it is now where the 501 user and dailout
group own it.
$ docker compose exec -u ansible -w /home/ansible ubuntu1 /bin/sh -c 'lsb_release -a'
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
Older versions of ansible-vault encrypt_string
do not append a newline at the end of its output.
If one is not careful one might copy incomplete data and wonder why it errors with FAILED! => {"msg": "Decryption failed (no vault secrets were found that could decrypt)"}
.
ansible@ubuntu-c:~/diveintoansible/Ansible Playbooks, Deep Dive/Vault/01$ ansible-vault encrypt_string --ask-vault-pass --name 'ansible_become_pass' 'password'
New Vault password:
Confirm New Vault password:
Encryption successful
ansible_become_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30333333653062613338653261313232666436336133393761623262383965383239613332326264
3664626166363533313761386465396365333939303465300a653737303464363331373462363962
34643333323263343639636133336636323237313865363537653530663832656230656536653663
3563613134383133610a353463316139316163666562303730626135656435376436383238666233
3164ansible@ubuntu-c:~/diveintoansible/Ansible Playbooks, Deep Dive/Vault/01$
⇓
ansible_become_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30333333653062613338653261313232666436336133393761623262383965383239613332326264
3664626166363533313761386465396365333939303465300a653737303464363331373462363962
34643333323263343639636133336636323237313865363537653530663832656230656536653663
3563613134383133610a353463316139316163666562303730626135656435376436383238666233
instead of
ansible_become_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30333333653062613338653261313232666436336133393761623262383965383239613332326264
3664626166363533313761386465396365333939303465300a653737303464363331373462363962
34643333323263343639636133336636323237313865363537653530663832656230656536653663
3563613134383133610a353463316139316163666562303730626135656435376436383238666233
3164
You might want to mention something like the following in your video:
"Be extra careful what you copy"
or
"If you get FAILED! => {"msg": "Decryption failed (no vault secrets were found that could decrypt)"}
check that you copied the entire digit-sequence"
is not mentioned in the video and it is not included/imported from the other playbooks.
Create a document with Docker installation instructions (feedback from Udemy student)
during the setup of ansible inventories , i have changed the sshd port - 2222 in compose.yaml and start it
ansible@ubuntu-c:/diveintoansible/Ansible Architecture and Design/Inventories/07$ ls/diveintoansible/Ansible Architecture and Design/Inventories/07$ cat hosts
ansible.cfg hosts
ansible@ubuntu-c:
[centos]
centos1:2222 ansible_user=root
centos2 ansible_user=root
centos3 ansible_user=root
i tried also after removing the known_hosts and tried after that but it said again that permission denied as below...
nsible@ubuntu-c:/diveintoansible/Ansible Architecture and Design/Inventories/07$ rm -rf /home/ansible/.ssh/known_hosts/diveintoansible/Ansible Architecture and Design/Inventories/07$ ansible centos1 -m ping -o
ansible@ubuntu-c:
centos1 | UNREACHABLE!: Failed to connect to the host via ssh: Warning: Permanently added '[centos1]:2222,[172.18.0.5]:2222' (ECDSA) to the list of known hosts.
root@centos1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/07$ ssh centos1:2222
ssh: Could not resolve hostname centos1:2222: Name or service not known
ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/07$ ssh [centos1]:2222
ssh: Could not resolve hostname [centos1]:2222: Name or service not known
In the section Ansible Playbooks, Deep Dive/Looping/
you go through all(?) variants of with_*
in a great way.
Maybe it would be worth mentioning the loop
keyword as it is promoted in the docs as:
the best choice for simple loops
(https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#comparing-loop-and-with)
Please note: this is not a criticism. Just a humble suggestion that hopefully is not annoying!
Hello,
I installed the extension from Docker Desktop extensions, also noticed that for first few folder 01 -03 I had to use -k option for Centos machine to be able to ping them. Not sure if I missed something in my initial setup but it should be plug-n-play.
Thank you
I get the following error when running docker-compose up
Attaching to centos1, centos2, centos3, docker, portal, ubuntu-c, ubuntu1, ubuntu2, ubuntu3
ubuntu3 exited with code 255
ubuntu-c exited with code 255
ubuntu2 exited with code 255
ubuntu1 exited with code 255
portal | 2022/10/12 21:32:48 [emerg] 1#1: host not found in upstream "ubuntu1" in /etc/nginx/conf.d/default.conf:45
If you do not copy those files in a previous revision they will not be found.
I am not able to find the directory /diveintoansible/Ansible Architecture and Design/inventories
I have started the hands on Lab using Google Cloud .
Step 1 : Started the Google Cloud Shell
Step 2 : Cloned the github resository
Step 3: Configured the SSH keys
Step 4: Started the docker image all virtual machines attached sucessfully
Step 5 : Logged into Ansible Control host /tower
Step 6 : Now following this specific lecture (Lecture 10 Ansible Inventories Video Course on Udemy) I am not able to find /diveintoansible/Architecture and Design/
Could you please let me know if I am missing anything here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.