Ansible tags

 

To run specific part or exclude specific part in a playbook we an use tags attrubute.

Here is my example playbook with name tags_example.yml:

---
- hosts: all
  tasks:
    - name: Hello
      shell: "echo hello"
      tags:
         - hello

    - name: Bye
      shell: "echo bye"
      tags:
         - bye

In above playbook we have two tasks Hello and Bye with tags hello and bye tags respectively.

To execute above playbook use following command:

$ ansible-playbook yml/tags_example.yml

Above command will execute both tasks Hello and Bye respectively.

Now lets see how to execute specific part of play book.

We can use --tags "<tagName>" argument with ansible-playbook to execute only specific tasks and use --skip-tasks "<tagName>" to skip specific tasks from execution.

To execute all tasks with hello tag use following command:

$ ansible-playbook yml/tags_example.yml --tags "hello"

To skip all tasks with hello tag use following command:

$ ansible-playbook yml/tags_example.yml --skip-tags "hello"

To execute multiple tags use following command:

$ ansible-playbook yml/tags_example.yml --tags "hello,bye"

To skip multiple tags use following command:

$ ansible-playbook yml/tags_example.yml --skip-tags "hello,bye"

I hope this will helps to understand tags concept in Ansible.

bash – get previous command status

 

To get previous command status in bash use “$?” variable.

echo $? will return zero if previous command is success & if its non zero it indicates failure.

Example:

$ ls ; echo $?

Output of the above command is list of files, directories and next line it will return number.

We can use condition for check if previous command is success or failure:

any_command
if [ $? -eq 0 ] 
then
    echo SUCCESS
else
    echo FAIL
fi

Ansible – Create user with password in Ubuntu/Linux

Ansible is an open-source software platform for configuring and managing computers.

In this article I will explain how to create new user with password.

Ansible has a user module to create a user. You can refer user module docs for more details.

I would like to create a user with name “guest” and password “guest123″.

Ansible will take only encrypted password as input password i.e, if we give passowrd as “guest123″ it will decrypt the given password and set, obviosely if we decrypt “guest123″ it wont be same as “guest123″.

After deciding username and password generate encrypted password:

python -c ‘import crypt; print crypt.crypt(“guest123″, “guest”)’

Output:

gu2KmqcJp0Yyo

In above example I using guest as key to encrypt the password.

After creating password add following code in ansible-playbook:


---
- hosts: yourhostname
  user: root
  sudo: no

  #Define user and password variables
  vars:
    # created with:
    # python -c 'python -c 'import crypt; print crypt.crypt("guest123", "guest")'
    password : gu2KmqcJp0Yyo
    user : guest

  # Define task to add user
  tasks:
    - name: add user
      action: user name={{ user }} password={{ password }} update_password=always 
                   shell=/bin/bash home=/home/{{ user }}
      tags:
        - user

After updating code run above playbook and it will create new user with given password.

Print only response headers with curl

To print only response headers with curl use following command:

$ curl -s -D – http://www.google.com -o /dev/null

Output:

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.in/?gfe_rd=cr&ei=YLBZVLDTCajV8gfJ44GwBQ
Content-Length: 261
Date: Wed, 05 Nov 2014 05:06:40 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.01

Python – ImportError: No module named dateutil.relativedelta

Recently while I am trying to use dateutil module in a python code I got following error:

ImportError: No module named dateutil.relativedelta

After debugging this issue I got to know that its because of no dateutil module available in my machine.

To install dateutil module use following code:

$ sudo apt-get install python-dateutil

After installing python-dateutil above issue got resolved.

Nagios – Check Ping /bin/ping Unknown status problem

Recently while I am trying to setup Nagios on Ubuntu 14.04 OS I got the error saying /bin/ping Unknown status.

After debugging a wile I got to know that, this issue is because of permissions for /bin/ping script.

To resolve this issue just run following command ( use root or sudo):

$ chmod u+s /bin/ping

After running above command /bin/ping script permissions look like below:

$ ls -l /bin/ping

-rwsr-xr-x 1 root root 44168 Mar 15  2014 /bin/ping*

After a while, nagios should be able to ping your servers without any issue.

Ubuntu 14.04 – ping icmp open socket operation not permitted

Recently when I am trying to do ping got following exception:

$ ping host.example.com

Output:

ping: icmp open socket: Operation not permitted

Reason for the issue:

On Linux (and other flavours) you have to be root to open up a socket. The SUID bit must be set in the ping binary to allow it to open sockets. This issue is common on jailing users as most disto’s ping binary will have this set by default.

Set the SUID bit:

chmod u+s bin/ping

Now check SUID bit:

ls -la bin/ping

Output:
-rwsr-xr-x 1 root root 41704 2011-04-06 15:13 bin/ping
Now you can try ping command, it should work without any issue.

Python – convert dictionary to json

 

To convert any dictionary to json use json.dumps(YourDictionary).

Below is an example to convert a dictionary to json:

import json

def toJson():
    d = {'a' : 'Apple', 'b' : 2}
    return json.dumps(d)

print toJson()

Output:

{“a”: “Apple”, “b”: 2}

lighttpd – allow/block ip range

 

To allow some or multiple ip rages use below code:

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    server.document-root = "/var/www"
}

Above code will allow only 192.18.1.* and 10.2.20.* ip rages and blocks all other ip’s.

To block some or multiple ip ragnes use below code

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    url.access-deny = ( "" )
}

Above code will block 192.168.1.* and 10.2.20.* ip rages and allow all other ip’s.