Fuction possible: set random pw and get pw to a certain host to add in csv[possible like tis?]

Hello!
im at a project where i want to set thepassword of buntu servers to a random one, change pw, get some infos like hostname,ip and add them into an csv file.
First i tried to use a sharewhere each host connects, but there are some that are not allowed to connect to storages etc.
So i thought i could use an seperate host where the csv will be generated, but the host will be excluded from the pasword change process.
I now have the problem that the variables doesnt seem to reach the host itself in the step to inisert the data into the csv.
Is my direction correct?
The playbook:

---
- name: Add data in win share
  hosts: all
  become: yes
  vars:
    usr_2_edit: pwchangeuser
    csv_pth: /mnt/fs6_transfer/bw_pw_add_gsa_test.csv
    log_host: 192.168.151.241
    mnt_path: /mnt/fs6_transfer

  tasks:

    - name: Ensure the mount point directory exists
      ansible.builtin.file:
        path: "{{ mnt_path }}"
        state: directory
      when: ansible_host == log_host

    - name: Verify the share is mounted
      ansible.builtin.shell:
        cmd: "mount | grep {{ mnt_path }}"
      register: mount_output
      when: ansible_host == log_host

    - name: Print mount output
      ansible.builtin.debug:
        msg: "{{ mount_output.stdout }}"
      when: ansible_host == log_host

    - name: Ensure the CSV file exists
      ansible.builtin.file:
        path: "{{ csv_pth }}"
        state: touch
      when: ansible_host == log_host

    - name: Add header to CSV file if missing
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: 'folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp'
        insertbefore: BOF
        state: present
      when: ansible_host == log_host

    - name: Get the hostname
      ansible.builtin.command: "hostname"
      register: hostname_result
      when: ansible_host != log_host

    - name: Get the current date in HH:MM_DD.mm.yyyy format
      ansible.builtin.command: "date +'%H:%M_%d.%m.%Y'"
      register: date_result
      when: ansible_host != log_host

    - name: Generate a random password
      ansible.builtin.command: "openssl rand -base64 12"
      register: password_result
      when: ansible_host != log_host

    - name: Get the primary IP address
      ansible.builtin.set_fact:
        ip_address: "{{ ansible_default_ipv4.address }}"
      when: ansible_host != log_host

    - name: Update or create user with the specified username and password
      ansible.builtin.user:
        name: "{{ usr_2_edit }}"
        password: "{{ password_result.stdout | password_hash('sha512') }}"
        state: present
      when: ansible_host != log_host

    - name: Append data to CSV file
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: ",,login,{{ hostname_result.stdout }},{{ date_result.stdout }},,0,{{ ip_address }},{{ usr_2_edit }},{{ password_result.stdout }},"
        insertafter: EOF
      when: ansible_host == log_host

    - name: Install the python3-pexpect module
      ansible.builtin.package:
        name: python3-pexpect
        state: present
      become: yes
      when: ansible_host != log_host

    - name: Test the user password
      ansible.builtin.expect:
        command: "su - {{ usr_2_edit }}"
        responses:
          "Password:": "{{ password_result.stdout }}"
      register: password_test
      failed_when: "'authentication failure' in password_test.stdout"
      when: ansible_host != log_host

    - name: Print password test result
      ansible.builtin.debug:
        msg: "Password change for user {{ usr_2_edit }} was successful."
      when: 
        - ansible_host != log_host
        - password_test.rc == 0

Thank you very much in advance again!!!

I would just split it out into 2 plays, #1 does the work, #2 logs everything on localhost (avoids per host mounts mess)

- name: Do password work
  hosts: all:!loghost
  become: yes
  vars:
    usr_2_edit: pwchangeuser
  tasks:
    - name: Get the hostname
      ansible.builtin.command: "hostname"
      register: hostname_result

    - name: Get the current date in HH:MM_DD.mm.yyyy format
      ansible.builtin.command: "date +'%H:%M_%d.%m.%Y'"
      register: date_result

    - name: Generate a random password
      ansible.builtin.command: "openssl rand -base64 12"
      register: password_result

    - name: Get the primary IP address
      ansible.builtin.set_fact:
        ip_address: "{{ ansible_default_ipv4.address }}"

    - name: Update or create user with the specified username and password
      ansible.builtin.user:
        name: "{{ usr_2_edit }}"
        password: "{{ password_result.stdout | password_hash('sha512') }}"
        state: present

      ansible.builtin.package:
        name: python3-pexpect
        state: present
      become: yes

    - name: Test the user password
      ansible.builtin.expect:
        command: "su - {{ usr_2_edit }}"
        responses:
          "Password:": "{{ password_result.stdout }}"
      register: password_test
      failed_when: "'authentication failure' in password_test.stdout"

- name: log all the password work
  hosts: localhost  # or you can use loghost and then check mounts again
  gather_facts: false
  vars:
    csv_pth: /somwhere/on/localhost/fs6_transfer/bw_pw_add_gsa_test.csv
    usr_2_edit: pwchangeuser
  tasks:
    - name: all this really runs on localhost
      block:
        - name: Ensure the CSV file exists
          ansible.builtin.file:
            path: "{{ csv_pth }}"
            state: touch

        - name: Add header to CSV file if missing
          ansible.builtin.lineinfile:
            path: "{{ csv_pth }}"
            line: 'folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp'
            insertbefore: BOF

        - name: Append data to CSV file
          ansible.builtin.lineinfile:
            path: "{{ csv_pth }}"
            line: ",,login,{{ hostname_result.stdout }},{{ date_result.stdout }},,0,{{ ip_address }},{{ usr_2_edit }},{{ password_result.stdout }},"
            insertafter: EOF
          loop: '{{ lookup("inventory_hostnames", "all") }}'
          vars:
             hostname_result: "{{ hostvars[item]['hostname_result'] }}"
             date_result: "{{ hostvars[item]['date_result'] }}"
             ip_address: "{{ hostvars[item]['ip_address'] }}"
             password_result: "{{ hostvars[item]['password_result'] }}"

        - name: Print password test result
          ansible.builtin.debug:
            msg: "Password change for user {{ usr_2_edit }} was successful."
1 Like

I tried , but the variables are empty too seems like the variables doesnt get transferred into the next playbook part- can i cerate in awx some envs wich the playbook could overwrite as a sort of “cache” ?
I even tried using set fact, but even they are empty in the end and when i understand set fact correct the var ist only stored in relation of each host so if i get the var at a diffrent host the var ist emty for him.

The only method i have in mind would be the csv gets on each host generated and then their contend extracted from the log host in a second playbook.

I try to sent them via rsync, but doesnt know how - the files doesnt get transtmitted.
I let my testmachines get the csv files in tmp thi iths hostname in the beginning of the name and rest the same.

here is my task i got until now:

    - name: Synchronize files from all other hosts to target
      ansible.builtin.command:
        cmd: rsync -avz -e "ssh -i /home/remcpyusr/.ssh/id_rsa -o StrictHostKeyChecking=no" remcpyusr@{{ item }}:/tmp/*_bw_files.csv /tmp/
      loop: "{{ ansible_play_hosts }}"
      when: item != 'log_host'  # Exclude log_host

first i tried hosts: all:!log_host but now im trying a loop.

This ‘works’ if you keep both plays in the same playbook, if you are using workflows in awx/Controller you need to ‘set stats’ instead.

OKay - i dont get where i could use them the dos doesnt contain alot examples.

My current playbook:

---
- name: Add data in win share
  hosts: all
  become: yes
  vars:
    usr_2_edit: gsa
    log_host: 192.168.151.241
  tasks:

    - name: Get the hostname
      ansible.builtin.command: "hostname"
      register: hostname_result
      when: ansible_host != log_host

    - name: Set the CSV file path based on hostname
      ansible.builtin.set_fact:
        csv_pth: "/tmp/{{ hostname_result.stdout }}_bw_files.csv"
      when: ansible_host != log_host

    - name: Ensure the CSV file exists
      ansible.builtin.file:
        path: "{{ csv_pth }}"
        state: touch
      when: ansible_host != log_host

    - name: Add header to CSV file if missing
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: 'folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp'
        insertbefore: BOF
        state: present
      when: ansible_host != log_host

    - name: Get the current date in HH:MM_DD.mm.yyyy format
      ansible.builtin.command: "date +'%H:%M_%d.%m.%Y'"
      register: date_result
      when: ansible_host != log_host

    - name: Generate a random password
      ansible.builtin.command: "openssl rand -base64 12"
      register: password_result
      when: ansible_host != log_host

    - name: Get the primary IP address
      ansible.builtin.set_fact:
        ip_address: "{{ ansible_default_ipv4.address }}"
      when: ansible_host != log_host

    - name: Update or create user with the specified username and password
      ansible.builtin.user:
        name: "{{ usr_2_edit }}"
        password: "{{ password_result.stdout | password_hash('sha512') }}"
        state: present
      when: ansible_host != log_host

    - name: Append data to CSV file
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: ",,login,{{ hostname_result.stdout }},{{ date_result.stdout }},,0,{{ ip_address }},{{ usr_2_edit }},{{ password_result.stdout }},"
        insertafter: EOF
      when: ansible_host != log_host

    - name: Install the python3-pexpect module
      ansible.builtin.package:
        name: python3-pexpect
        state: present
      become: yes
      when: ansible_host != log_host

    - name: Test the user password
      ansible.builtin.expect:
        command: "su - {{ usr_2_edit }}"
        responses:
          "Password:": "{{ password_result.stdout }}"
      register: password_test
      failed_when: "'authentication failure' in password_test.stdout"
      when: ansible_host != log_host

    - name: Print password test result
      ansible.builtin.debug:
        msg: "Password change for user {{ usr_2_edit }} was successful."
      when:
        - ansible_host != log_host
        - password_test is defined
        - password_test.rc == 0

- name: Create SSH keypair in /tmp
  hosts: localhost
  tasks:
    - name: Create SSH keypair in /tmp
      ansible.builtin.openssh_keypair:
        path: /tmp/id_rsa_remcpyusr
        type: rsa
        force: true
        comment: "remcpyusr"
      run_once: true

- name: Distribute the SSH public key
  hosts: all
  tasks:
    - name: Distribute the SSH public key
      ansible.builtin.copy:
        src: /tmp/id_rsa_remcpyusr.pub
        dest: /home/remcpyusr/.ssh/authorized_keys
        owner: remcpyusr
        mode: '0644'
        force: yes

- name: Distribute the SSH private key
  hosts: all
  tasks:
    - name: Distribute the SSH private key
      ansible.builtin.copy:
        src: /tmp/id_rsa_remcpyusr
        dest: /home/remcpyusr/.ssh/id_rsa
        owner: remcpyusr
        mode: '0600'
        force: yes

- name: Synchronize files from all other hosts to target
  hosts: all:!log_host
  tasks:
    - name: Synchronize files from all other hosts to target
      ansible.builtin.command:
        cmd: rsync -avz -e "ssh -i /home/remcpyusr/.ssh/id_rsa -o StrictHostKeyChecking=no" remcpyusr@192.168.151.241:/tmp/*_bw_files.csv /tmp/

- name: Ensure key pair is absent on the controller and hosts
  hosts: all
  tasks:
    - name: Ensure key pair is absent on the controller and hosts
      ansible.builtin.file:
        path: "{{ item }}"
        state: absent
      loop:
        - /tmp/id_rsa_remcpyusr
        - /tmp/id_rsa_remcpyusr.pub
        - /home/remcpyusr/.ssh/authorized_keys
        - /home/remcpyusr/.ssh/id_rsa

I got it now going via “localhost”
Its the unoptimized but workling version:

---
- name: Do password work
  hosts: all
  become: yes
  vars:
    ntp_server: "time.gruen.net"
    timezone: "Europe/Berlin"
    usr_2_edit: awx
  tasks:
    - name: Set the timezone to Europe/Berlin
      ansible.builtin.timezone:
        name: "{{ timezone }}"


    - name: Configure NTP server in timesyncd.conf
      ansible.builtin.lineinfile:
        path: "/etc/systemd/timesyncd.conf"
        regexp: "^NTP="
        line: "NTP={{ ntp_server }}"
        state: present

    - name: Restart systemd-timesyncd service
      ansible.builtin.systemd:
        name: systemd-timesyncd
        state: restarted

    - name: Get the hostname
      ansible.builtin.command: "hostname"
      register: hostname_result

    - name: Set csv_pth variable based on hostname
      set_fact:
        csv_pth: "/tmp/{{ hostname_result.stdout }}_bw_pw_add_gsa_test.csv"

    - name: Ensure the CSV file exists
      ansible.builtin.file:
        path: "{{ csv_pth }}"
        state: touch

    - name: Add header to CSV file if missing
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: 'folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp'
        insertbefore: BOF
        state: present

    - name: Get the current date in HH:MM_DD.mm.yyyy format
      ansible.builtin.command: "date +'%H:%M_%d.%m.%Y'"
      register: date_result

    - name: Generate a random password
      ansible.builtin.command: "openssl rand -base64 12"
      register: password_result

    - name: Get the primary IP address
      ansible.builtin.set_fact:
        ip_address: "{{ ansible_default_ipv4.address }}"
    
    - name: Update or create user with the specified username and password
      ansible.builtin.user:
        name: "{{ usr_2_edit }}"
        password: "{{ password_result.stdout | password_hash('sha512') }}"
        state: present

    - name: Append data to CSV file
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: ",,login,{{ hostname_result.stdout }},{{ date_result.stdout }},,0,{{ ip_address }},{{ usr_2_edit }},{{ password_result.stdout }},"
        insertafter: EOF

    - name: Install the python3-pexpect module
      ansible.builtin.package:
        name: python3-pexpect
        state: present

    - name: Test the user password
      ansible.builtin.expect:
        command: "su - {{ usr_2_edit }}"
        responses:
          "Password:": "{{ password_result.stdout }}"
      register: password_test
      failed_when: "'authentication failure' in password_test.stdout"

    - name: Print password test result
      ansible.builtin.debug:
        msg: "Password change for user {{ usr_2_edit }} was successful."
      when: password_test.rc == 0

    - name: Copy the file to the Ansible controller
      ansible.builtin.fetch:
        src: "{{ csv_pth }}"
        dest: /tmp/
        flat: yes

- name: Show contents of /tmp directory on the Ansible controller
  hosts: localhost
  tasks:
    - name: List only the relevant test files in /tmp directory on localhost
      ansible.builtin.shell: "ls -l /tmp | grep '_bw_pw_add_gsa_test.csv'"
      register: tmp_contents_local

    - name: Display filtered /tmp contents on localhost
      ansible.builtin.debug:
        msg: "{{ tmp_contents_local.stdout }}"

    - name: Get a list of all txt files on the controller
      ansible.builtin.find:
        paths: /tmp/
        patterns: "*_bw_pw_add_gsa_test.csv"
      register: txt_files

- name: Copy all txt files from localhost to 192.168.151.241
  hosts: 192.168.151.241
  tasks:
    - name: Copy all txt files to the remote host
      ansible.builtin.copy:
        src: "{{ item.path }}"
        dest: /opt/awx/passwords/new
        remote_src: no
        force: yes
      loop: "{{ hostvars['localhost']['txt_files']['files'] }}"

After testing wit some hosts i tried to use some more (24) and the playbook runs, but the last task gets skipped:
PLAY [Copy all txt files from localhost to 192.168.151.241] ********************
skipping: no hosts matched

---
- name: Do password work
  hosts: all
  become: yes
  vars:
    ntp_server: "time.gruen.net"
    timezone: "Europe/Berlin"
    usr_2_edit: gsa
  tasks:


    - name: Get the hostname
      ansible.builtin.command: "hostname"
      register: hostname_result

    - name: Set csv_pth variable based on hostname
      set_fact:
        csv_pth: "/tmp/{{ hostname_result.stdout }}_bw_pw_add_gsa_test.csv"

    - name: Ensure the CSV file exists
      ansible.builtin.file:
        path: "{{ csv_pth }}"
        state: touch

    - name: Add header to CSV file if missing
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: 'folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp'
        insertbefore: BOF
        state: present

    - name: Get the current date in HH:MM_DD.mm.yyyy format
      ansible.builtin.command: "date +'%H:%M_%d.%m.%Y'"
      register: date_result

    - name: Generate a random password
      ansible.builtin.command: "openssl rand -base64 12"
      register: password_result

    - name: Get the primary IP address
      ansible.builtin.set_fact:
        ip_address: "{{ ansible_default_ipv4.address }}"
    
    - name: Update or create user with the specified username and password
      ansible.builtin.user:
        name: "{{ usr_2_edit }}"
        password: "{{ password_result.stdout | password_hash('sha512') }}"
        state: present

    - name: Append data to CSV file
      ansible.builtin.lineinfile:
        path: "{{ csv_pth }}"
        line: ",,login,{{ hostname_result.stdout }},{{ date_result.stdout }},,0,{{ ip_address }},{{ usr_2_edit }},{{ password_result.stdout }},"
        insertafter: EOF

    - name: Install the python3-pexpect module
      ansible.builtin.package:
        name: python3-pexpect
        state: present

    - name: Test the user password
      ansible.builtin.expect:
        command: "su - {{ usr_2_edit }}"
        responses:
          "Password:": "{{ password_result.stdout }}"
      register: password_test
      failed_when: "'authentication failure' in password_test.stdout"

    - name: Print password test result
      ansible.builtin.debug:
        msg: "Password change for user {{ usr_2_edit }} was successful."
      when: password_test.rc == 0

    - name: Copy the file to the Ansible controller
      ansible.builtin.fetch:
        src: "{{ csv_pth }}"
        dest: /tmp/
        flat: yes

- name: Show contents of /tmp directory on the Ansible controller
  hosts: localhost
  tasks:
    - name: List only the relevant test files in /tmp directory on localhost
      ansible.builtin.shell: "ls -l /tmp | grep '_bw_pw_add_gsa_test.csv'"
      register: tmp_contents_local

    - name: Display filtered /tmp contents on localhost
      ansible.builtin.debug:
        msg: "{{ tmp_contents_local.stdout }}"

    - name: Get a list of all txt files on the controller
      ansible.builtin.find:
        paths: /tmp/
        patterns: "*_bw_pw_add_gsa_test.csv"
      register: txt_files

- name: Copy all txt files from localhost to 192.168.151.241
  hosts: 192.168.151.241
  tasks:
    - name: Copy all txt files to the remote host
      ansible.builtin.copy:
        src: "{{ item.path }}"
        dest: /opt/awx/passwords/new
        remote_src: no
        force: yes
      loop: "{{ hostvars['localhost']['txt_files']['files'] }}"

the test outpu show that for all the hosts where successfully the csv files generated.
I dont get why with less hosts everything is fine

TASK [Display filtered /tmp contents on localhost] *****************************
task path: /runner/project/functions/user/change_gsa_pw_random_BW_API/changepw_ansiblcntrll_gsa_randpw_functionabel.yaml:87
ok: [localhost] => {
    "msg": "-rw-r--r-- 1 1000 root      342 Aug 22 14:41 Limesurvey-118_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 MySQL-10_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 MySQL-96_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      330 Aug 22 14:41 MySQL8-238_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 Nagios40_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      342 Aug 22 14:41 RADIUS-NAC-100_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      330 Aug 22 14:41 Syslog-186_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      330 Aug 22 14:41 ansiblesrv_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 apiwork_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      771 Aug 22 14:41 awxgsatransfersrv_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      172 Aug 22 14:41 backup-2_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      300 Aug 22 14:41 chat_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      339 Aug 22 14:41 devtest-151-30_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      312 Aug 22 14:41 dms2_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      330 Aug 22 14:41 docker-196_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      339 Aug 22 14:41 giftgruen-245_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      318 Aug 22 14:41 git-246_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      624 Aug 22 14:41 glpi-172_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      333 Aug 22 14:41 jenkins-240_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 mysql-42_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      321 Aug 22 14:41 mysql-57_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      354 Aug 22 14:41 nomin-websrv-19-201_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      345 Aug 22 14:41 nominatim-19-200_bw_pw_add_gsa_test.csv\\n-rw-r--r-- 1 1000 root      675 Aug 22 14:41 web-89_bw_pw_add_gsa_test.csv"
}

TASK [Get a list of all txt files on the controller] ***************************
task path: /runner/project/functions/user/change_gsa_pw_random_BW_API/changepw_ansiblcntrll_gsa_randpw_functionabel.yaml:91
ok: [localhost] => {"changed": false, "examined": 29, "files": [{"atime": 1724337699.450172, "ctime": 1724337699.450172, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986653, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.450172, "nlink": 1, "path": "/tmp/docker-196_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 330, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.8462186, "ctime": 1724337700.8462186, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986665, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.8462186, "nlink": 1, "path": "/tmp/awxgsatransfersrv_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 771, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337699.3301678, "ctime": 1724337699.3301678, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986651, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.3301678, "nlink": 1, "path": "/tmp/MySQL-96_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337701.5622425, "ctime": 1724337701.5622425, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986672, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337701.5622425, "nlink": 1, "path": "/tmp/giftgruen-245_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 339, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337698.142128, "ctime": 1724337698.142128, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986640, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337698.142128, "nlink": 1, "path": "/tmp/mysql-42_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337699.5501752, "ctime": 1724337699.5501752, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986654, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.5501752, "nlink": 1, "path": "/tmp/jenkins-240_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 333, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337697.7981164, "ctime": 1724337697.7981164, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986635, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337697.7981164, "nlink": 1, "path": "/tmp/apiwork_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.4782064, "ctime": 1724337700.4782064, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986663, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.4782064, "nlink": 1, "path": "/tmp/Syslog-186_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 330, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.9862232, "ctime": 1724337700.9862232, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986666, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.9862232, "nlink": 1, "path": "/tmp/nomin-websrv-19-201_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 354, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.7502153, "ctime": 1724337700.7502153, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986662, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.7502153, "nlink": 1, "path": "/tmp/glpi-172_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 624, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337701.1382284, "ctime": 1724337701.1382284, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986669, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337701.1382284, "nlink": 1, "path": "/tmp/nominatim-19-200_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 345, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337697.7861161, "ctime": 1724337697.7861161, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986625, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337697.7861161, "nlink": 1, "path": "/tmp/MySQL-10_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.950222, "ctime": 1724337700.950222, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986667, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.950222, "nlink": 1, "path": "/tmp/Nagios40_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337701.48224, "ctime": 1724337701.48224, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986671, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337701.48224, "nlink": 1, "path": "/tmp/dms2_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 312, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.2821996, "ctime": 1724337700.2821996, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986660, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.2821996, "nlink": 1, "path": "/tmp/web-89_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 675, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337697.726114, "ctime": 1724337697.722114, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986634, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337697.722114, "nlink": 1, "path": "/tmp/ansiblesrv_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 330, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337701.3182344, "ctime": 1724337701.3182344, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986668, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337701.3182344, "nlink": 1, "path": "/tmp/chat_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 300, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.0021904, "ctime": 1724337699.9981902, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986659, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.9981902, "nlink": 1, "path": "/tmp/git-246_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 318, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.8462186, "ctime": 1724337700.8462186, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986664, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.8462186, "nlink": 1, "path": "/tmp/devtest-151-30_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 339, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337700.382203, "ctime": 1724337700.382203, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986661, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337700.382203, "nlink": 1, "path": "/tmp/MySQL8-238_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 330, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337699.3501685, "ctime": 1724337699.3501685, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986652, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.3501685, "nlink": 1, "path": "/tmp/mysql-57_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 321, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337701.4182377, "ctime": 1724337701.4182377, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986670, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337701.4182377, "nlink": 1, "path": "/tmp/RADIUS-NAC-100_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 342, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337698.0061235, "ctime": 1724337698.0061235, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986638, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337698.0061235, "nlink": 1, "path": "/tmp/backup-2_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 172, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1724337699.122161, "ctime": 1724337699.122161, "dev": 1048632, "gid": 0, "gr_name": "root", "inode": 1986631, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1724337699.122161, "nlink": 1, "path": "/tmp/Limesurvey-118_bw_pw_add_gsa_test.csv", "pw_name": "1000", "rgrp": true, "roth": true, "rusr": true, "size": 342, "uid": 1000, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 24, "msg": "All paths examined", "skipped_paths": {}}
[WARNING]: Could not match supplied host pattern, ignoring: 192.168.151.241

PLAY [Copy all txt files from localhost to 192.168.151.241] ********************
skipping: no hosts matched

the verbose log.

192.168.151.241 is not in your inventory, so the last step is skipped.

1 Like

The Host is in the used inventory:


I Think the playbook looks for the ip and i have int he name the hostname.

Do i have to use whats in the hosts “Name” field in the playbooks?

I need is this using the real hostnames or just the names from the inventory for internal use?

I need to change the playbook to save everything somewhere else than temp - somehow the playbook sets the full tmp folders permissions ant ruin the sql services which need to access tmp with 777.

i try to use opt, but i cant create anything at the awx localhost because of permission issue and i cant use become in localhost so what coud i do?
My test playbook:

---
- name: Manage /opt directory
  hosts: localhost
  tasks:
    - name: Change permissions of /opt to 755
      ansible.builtin.file:
        path: /opt
        state: directory
        mode: '0755'
      become: yes

    - name: Create a text file in /opt
      ansible.builtin.file:
        path: /opt/example.txt
        state: touch
        mode: '0644'
      become: yes

    - name: List the contents of /opt directory
      ansible.builtin.shell: "ls -l /opt"
      register: opt_contents
      become: yes

    - name: Display the contents of /opt directory
      ansible.builtin.debug:
        var: opt_contents.stdout

While you can get away with storing some temporary “scratch-pad”-type files in /tmp on your Ansible controller, you shouldn’t try to store data on an AWX instance if you need that data to last longer than a playbook run.

The environments in which you can run Ansible vary, and it greatly impacts what you can and can’t do on the Ansible controller. For example, when I run ansible-playbook on my laptop and target hosts: localhost, I can do anything I want to.

When I run with my “at-home” inventory, I’m targeting all the machines in my house (plus a few I manage remotely for family and friends in their homes). In that case, my Ansible controller is one of those machines, so I have to pay careful attention to whether I’m doing something that affects that host in its role as a workstation vs. something to do with its role as an Ansible controller. But even so, I can do pretty much whatever I want to it.

But when running Ansible in a container, more strict rules apply. Generally speaking, playbooks intended to run on containerized instances (like AWX) should not target hosts: localhost because you aren’t (or at least you shouldn’t be trying to) manage the containerized instance.

If you need to store this data long-term, pick some place besides an ephemeral container instance.


As to your prior question about “hosts: 192.168.151.241” failing — You showed a screenshot for the AWX inventory host “awx_gsa_transfer_srv” for which you had defined the variable "ansible_host": "192.168.151.241". Well, “ansible_host” is a connection variable rather than an inventory name. You can’t use values of host variables in a hosts: pattern.

Okay - i probed aroud and found that var/tmp in localhost is accessable the same way.
I ccant mount the target network share to all hosts which contains the csv, so i have to let the hosts create eac their own csv locally upload them to localhost and then upload from localhost → my new transfer srv. Then a second plaxbook to merge the last line of the csvs into a single one.

What i dont get is, that i have around 85 hosting customer vms an to test if all hosts do, as expected i created i file in /tmp and debug ouput the content and deleted it, and somehow the permissions of the full folder got changed, ad the sql services could not reach the directory for 10 minutes and the websites where not reachable.

i used:

---
- name: Create a text file named awx_mad_testfile, add the hostname, output its content, and remove the file
  hosts: all
  become: yes
  tasks:
    - name: Ensure the /tmp directory exists
      ansible.builtin.file:
        path: /tmp
        state: directory
        mode: '0755'

    - name: Create the file and add the hostname
      ansible.builtin.copy:
        content: "{{ inventory_hostname }}"
        dest: "/tmp/awx_mad_testfile"
        mode: '0644'

    - name: Display the content of the file
      ansible.builtin.command: cat /tmp/awx_mad_testfile
      register: file_content

    - name: Show the content of awx_mad_testfile
      ansible.builtin.debug:
        msg: "The content of the file is: {{ file_content.stdout }}"

    - name: Remove the file after use
      ansible.builtin.file:
        path: /tmp/awx_mad_testfile
        state: absent

The permissions where the 755 from the tmp folder check.
So could ansible.builtin.file change the permissions too with the mode part?

I solved the problem of host not found in changing the name into the ip


I propably could use the hostname i have now in the descrition, but i rater like using the ip.

By including mode: '0755' on the first file task, you are explicitly stating that there should be a directory at /tmp with that mode. I don’t recall ever finding a working Linux host without a /tmp directory, and their mode is invariably '1777'. Changing that will break many things. I’m impressed and surprised the systems recovered.

tl;dr: Don’t ever change /tmp.

A better approach would be to assume … (I can’t believe I’m typing this, but I think it’s true) … to assume /tmp exists and start at your second task, creating the file in /tmp, and letting the playbook fail on hosts where that’s a problem. Because whatever the problem is, you aren’t going to fix it with more playbook logic. Someone needs to take a look at it in that case. Besides, it’s never* going to fail, and when it does you’re going to want to see it for yourself before some years-old playbook no-one remembers comes along and “fixes it” in a way that makes things even worse.

Naming things is hard!

[I’m going to ramble a bit. Feel free to ignore this. I just want to get this out of my head.]

I’m spoiled because all our hosts are in DNS, and because we didn’t know what we were doing when we first started on our Ansible journey, all our inventory host names are the hosts’ FQDNs. And all those names are functional rather than just fun. That is, rather than being obscure ancient Egyptian gods (yes, we did that for a while, many years ago), their `hostname -s` is a concatenation of <service_line_abbreviation>, <service_architectural_role>, <digit(s)>, and <environment_designator>. So “xkcdweb02p” and “xkcdapp01d” are web and app servers in the prd and dev environments of the xkcd service.

We have a similar thing going on with our inventory group names. We’re the “Middleware” team, so all our inventory group names – at least those in the “middleware” inventory source – start with “mw_<service_line_abbreviation>”. They continue with a “_”-delimited list of: 3-letter environment code, optional architectural role, and optional sub-role. For example “mw_xkcd_spt_mds_head” and “mw_xkcd_prd_mid_worker” are, respectively, metadata server head nodes in the support environment, and mid-tier worker nodes in the production environment, of the XKCD project. Furthermore, these groups are “fully articulated”, which means if group “mw_xkcd_spt_mds_head” exists, then so do groups “mw_xkcd_spt_mds”, “mw_xkcd_spt”, and “mw_xkcd”. In cases where we’ve needed them, corresponding groups with environment designator “all” may also exist. In that case the group “mw_xkcd_all_mds_head” would have the “_mds_head” groups for production, support, development, and test environments as children.

My point in spelling all that out is this: For any string that comes from our inventory, we can instantly recognize its purpose and relationship to other strings that come from the same inventory source. It’s clearly either an inventory group name or inventory host name.

What suddenly concerns me, though, about how we use hosts’ FQDNs as inventory host names became clear when I saw how you are using an IP address as an inventory host name. That really bothered me for some reason that I couldn’t articulate at first. But now it dawns on me that it’s similar to using FQDNs, except that names can carry some meaning that would be impossible to get from IPs alone.

We went through a period where we conflated '{{ inventory_hostname }}', FQDN, output from `hostname`, '{{ ansible_fqdn }}', and probably several other things. But they are all different things even though they may have the same value (when they exist at all). It’s extremely important, then, to be concise in code and between people when referring to any networked assets.

Hosts get renamed and re-IPed all the time. In my (extremely limited) testing, if you do use an IP as an inventory host name, as you have done with 192.168.151.241 / awx_gsa_transfer_srv, you don’t need to also set the “ansible_host” variable; Ansible will do the Right Thing. The fact that Ansible itself trusts DNS for resolving the “normal” case suggests that I should too.

So I’m sticking with FQDNs for my inventory host names.

1 Like

I created a small playbook that sets tmp to 777 again and in 10 minutes everything was fine again :laughing:

I Can relate - and i switched 2 inventorys ago to hostnames, but here the hostnames are not this informative, like at you.
I have to get used to used using the hostnames in the playbooks.

i would like to have al hosts in the DNS, but the DNS here is used like just the AD services and FS, the rest gets an url like service.ourdomain.net via autodns.

It probably was initially '1777'. “Working” and “fine” aren’t necessarily the same.

1 Like

Yeah youre right - i will set it correct, bevore i continue