I'm developing a webhook to trigger a job, but I can't find a way to specified the target Node who is in charge to execute it, it is possible send in the json payload a param to overwrite the Node Filter before start an execution?
A good way to do that is to put an option in your job, put that option in your node filter nodes tab (in this format: ${option.myoption}) and then call the webhook in this way.
I left a job definition example:
- defaultTab: nodes
description: ''
executionEnabled: true
id: 70a8bdb2-3ff6-419b-8311-394eeb470992
loglevel: INFO
name: HelloWorld
nodeFilterEditable: false
nodefilters:
dispatch:
excludePrecedence: true
keepgoing: false
rankOrder: ascending
successOnEmptyNodeFilter: false
threadcount: '1'
filter: ${option.opt1}
nodesSelectedByDefault: true
options:
- name: opt1
plugins:
ExecutionLifecycle: null
scheduleEnabled: true
sequence:
commands:
- exec: whoami
keepgoing: false
strategy: node-first
uuid: 70a8bdb2-3ff6-419b-8311-394eeb470992
And the webhook call example:
curl -H "Content-Type: application/json" -X POST -d '{"field1":"localhost"}' http://localhost:4440/api/41/webhook/98d1Bp0Pcb8QpIc2OzLodQ5AThtmuP1y#TestWebhook
Related
I've just started get into ansible so can you please help me or maybe give some advice?
The point is that i`m trying to install and configurate wireguard with ansible-playbook (just in case i know how to configure wireguard without ansible)
So i want to share public keys through ansible
(and then read them in wg0.conf by PublicKey = {{ lookup('file', '/etc/wireguard/publickey_client') }} )
I'm trying to use ansible.posix.synchronize in my playbook, but when it goes to task "sharing keys" it just start thinking but don't do anything (for a long time) till i stop the proccess.
Starting playbook with -vv also don't show anything
Playbook wireguard_configuration.yml:
---
- hosts: client
name: make wg keys on client
become: true
tasks:
- name: wg0.conf client file
ansible.builtin.copy:
src: /etc/ansible/conf/wg0_client.conf
dest: /etc/wireguard/wg0.conf
mode: 0755
owner: owner
- name: creating wg keys on client
ansible.builtin.shell:
cmd: wg genkey | tee privatekey_client | wg pubkey > publickey_client
chdir: /etc/wireguard
- name: share pubkey from client to server
ansible.posix.synchronize:
src: /etc/wireguard/publickey_client
dest: /etc/wireguard/publickey_client
delegate_to: server
- hosts: server
name: make wg keys on server
become: true
tasks:
- name: wg0.conf server file
ansible.builtin.copy:
src: /etc/ansible/conf/wg0_server.conf
dest: /etc/wireguard/wg0.conf
mode: 0755
owner: owner
- name: creating wg keys on client
ansible.builtin.shell:
cmd: wg genkey | tee privatekey_server | wg pubkey > publickey_server
chdir: /etc/wireguard
- name: share pubkey from server to client
ansible.posix.synchronize:
src: /etc/wireguard/publickey_server
dest: /etc/wireguard/publickey_server
delegate_to: client
You don't need the synchronize module here: you're not trying to copy a large hierarchy of files; you're only trying to bring a single value from the client to the server. I think a better option is just to stick that value in a variable on the client and then access it via hostvars on the server.
The following playbook is one way of doing that. A few things to note:
I've tried to document the tasks, but let me know if something isn't clear.
This playbook is written to be idempotent: you can run it multiple times and it will only generate the private key once.
- hosts: client
gather_facts: false
become: true
tasks:
# Read an existing private key if it is available. We set
# failed_when to false because an "error" simply means that
# the key doesn't exist and we need to generate it.
- name: read private key
command: cat /etc/wireguard/privatekey_client
failed_when: false
changed_when: wg_private_read.rc != 0
register: wg_private_read
# Generate a new key if necessary. We used the "is changed" test
# here so that we only generate a new key if we failed to read an
# existing key in the previous task.
- name: generate private key
when: wg_private_read is changed
command: wg genkey
register: wg_private_create
# This will either create the privatekey_client file or leave it
# unmodified (because the content matches what we read from it
# earlier in the "read private key" task).
- name: write private key
when: wg_private_read is changed
copy:
content: "{{ wg_private_create.stdout }}"
dest: /etc/wireguard/privatekey_client
# We generate a public key but we don't bother writing it to disk.
# The client doesn't need it and we can always generate it from
# the private key.
- name: generate public key
shell:
cmd: wg pubkey
stdin: "{{ (wg_private_read is changed)|ternary(wg_private_create.stdout, wg_private_read.stdout) }}"
changed_when: false
register: wg_public
- hosts: server
gather_facts: false
become: true
tasks:
- name: write client public key
copy:
content: "{{ hostvars.client.wg_public.stdout }}"
dest: "/etc/wireguard/publickey_client"
Some useful documentation links:
About failed_when and changed_when
The ternary filter
In my swaggerhub API definition (openAPI 2), I defined this, an api takes these three parameters as FormVariables
/token:
post:
tags:
- Authentication
summary: Request an Access Token
operationId: createAccessToken
description: |
To get access token for our api
consumes:
- multipart/form-data
parameters:
- name: Client_ID
in: formData
required: true
type: string
- name: Client_Secret
in: formData
required: true
type: string
- name: Scope
in: formData
required: true
type: string
- name: Grant_Type
in: formData
required: true
type: string
default: "client_credentials"
When I click execute button on the swaggerhub UI to try, I got a 400 error {"error":"invalid_request"}.
When trying In postman, content-type need to be set as multipart/form-data, otherwise it will produce the same error.
In swaggerhub's UI, following command is created when executing this mehtod.
curl -X 'POST'
'https://example.com/token'
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d 'Client_ID=123&Client_Secret=111&Scope=fff&Grant_Type=client_credentials'
Is there a way to set content-type?
How to pass map of variables from the yaml file to variable in the jenkins file or just print in the text file.
For Ex:
i have test.yaml file it contains:
processor-create:
{
service: true
ingress: true
path: /tmp/data
},
processo-update:
{
service: false
ingress: false
path: /tmp/data
}
i will provide input service_name: processor-create as a parameter from the pipeline and it has to go and look for that service in test.yaml, then whatever variables has "processor-create" it should assign to variable or print into another text file, so that i will pass that file as extra variable file for ansible script in the next stage, Thanks.
are you sure this is a valid yaml file ?
to me the right syntax must be:
processo-update:
ingress: false
path: /tmp/data
service: false
processor-create:
ingress: true
path: /tmp/data
service: true
to parse the yml you can use snakeyaml, something similar to :
#Grab('org.yaml:snakeyaml:1.17')
import org.yaml.snakeyaml.Yaml
Yaml parser = new Yaml()
map = parser.load( new File('text.yml').text )
println map[args[0]]
read this post to a more elaborate example: https://groovy-lang.gitlab.io/101-scripts/basico/config_script-en.html
I am attempting to define my user accounts as Hashes in Hiera, like this:
---
accounts::user:
jack:
ensure: present
bashrc_content: file('accounts/shell/bashrc')
bash_profile_content: file('accounts/shell/bash_profile')
It works fine if I define them in my *.pp files.
Please, find more details about hiera.yaml, manifest and users.yamal on Gist
Why doesn't this work?
P.S. This question continues to,
No, what you are trying to do is not possible.
I have a few options for you. In Hiera, you could have all of the data other than the call to the file() function:
---
accounts::user:
jack:
locked: false
comment: Jack Doe
ensure: present
groups:
- admins
- sudo
shell: '/bin/bash'
home_mode: '0700'
purge_sshkeys: false
managehome: true
managevim: false
sshkeys:
- ssh-rsa AAAA
password: '70'
And then in your manifest:
$defaults = {
'bashrc_content' => file('accounts/shell/bashrc'),
'bash_profile_content' => file('accounts/shell/bash_profile'),
}
$user_data = lookup('accounts::user', Hash[String,Hash], 'hash', {})
$user_data.each |$user,$props| {
accounts::user { $user: * => $props + $defaults }
}
Another option is to simply include your file content in the YAML data, i.e.
---
accounts::user:
jack:
locked: false
comment: Jack Doe
ensure: present
groups:
- admins
- sudo
shell: '/bin/bash'
home_mode: '0700'
purge_sshkeys: false
managehome: true
managevim: false
bashrc_content: |
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
if [ -f /etc/bashrc ]; then
. /etc/bashrc # --> Read /etc/bashrc, if present.
fi
...
bash_profile_content: ...
sshkeys:
- ssh-rsa AAAA
password: '70'
Then you won't need the file function or the files at all.
For more info:
On what you can interpolate in Hiera data.
The splat operator (*) and a useful blog on how to use it.
On multiline-strings in YAML.
I created Rundeck Key storage and stored password in it
Then created Job option
Then in inline script i specified folowing (keys/JIRA is Rundeck password storage)
curl -XN -u user:keys/JIRA
But password is not passed and authnetication fails, what am i doing wrong ?
The password value will be expanded when it is passed to the script. Below is an example:
- description: ''
executionEnabled: true
id: 1f7f5312-0887-4841-a7ef-1c30f712f927
loglevel: INFO
name: How to pass Rundeck key storage to script
nodeFilterEditable: false
options:
- name: JiraPass
secure: true
storagePath: keys/jira.password
valueExposed: true
scheduleEnabled: true
sequence:
commands:
- args: ${option.JiraPass}
script: |
#!/usr/bin/env bash
jira_password=$1
echo curl -XN -u "user:$1"
keepgoing: false
strategy: node-first
uuid: 1f7f5312-0887-4841-a7ef-1c30f712f927