I'm looking for a way to make ansible read a file from a certain location regardless of user (i.e. I would like to make the scripts usable for any user).
Unfortunately, ansible seems to like hard-coded paths: /home/user/foo/bar.yml works; ~/foo/bar.yml does not work.
I've tried to use these variants (none of which seem to work):
- import_playbook: ~/Documents/foo/bar.yml
- import_playbook: "{{ lookup('env','USER') }}/Documents/foo/bar.yml"
- import_playbook: "/home/{{ lookup('env','USER') }}/Documents/foo/bar.yml"
How can I achieve making ansible read the from a given directory regardless of user? I'd like these scripts to be executable for anyone.
Thanks.
EDIT: Ideally, I'd like to make the script executed by the current user, too: e.g. become_user: current (don't know if the latter command is possible to use).
Related
Within our pipeline's we would like to set a variable based on some user defined capabilities. For example, agent-1 may store all python versions under "C:/Python" whereas agent-2 may store all python versions under "C:/Documents/Python" and a script may need to know of all the contents stemming from this folder. So, to fix this, we set some user capabilities of where it's stored.
Agent 1: PYTHON_DIR = C:/Python
Agent 2: PYTHON_DIR = C:/Documents/Python
We would like to extract these from in our azure-pipelines.yml for use in future script steps.
We initially tried using the syntax:
variables:
PYTHON_EXE: $(PYTHON_DIR)\Python38\...\python.exe
but this simply echos out as
$(PYTHON_DIR)\Python38\...\python.exe even after an agent reboot.
How to take backup of file without changing its time-stamp with Ansible playbook? I tried backup=yes but the problem is like it changes the timestamp os the file.
Code:- dest={{item}} state=absent regexp='TLSv1' backup=yes with_items: ('{{certs_dir.stdout_lines}}')
I'm retracting my initial "It can't be done" response - it should be possible by using a series of plays, but it's not very pretty.
If you really need the backup file to keep the time-stamp, you might want to put in an official request on the developer mailing list.
Use the stat module on the initial file to retrieve the file timestamp
Register the backup file name in the return value backup_file from the file or copy module.
Use the command module to call the touch command to set the time of the backup_file to the original time. (The Ansible stat module does not adjust file timestamps.)
I'm attempting to ensure all but a few specific lines are removed from a file. I can get halfway there with the following task.
- name: ensure only the correct lines are present
lineinfile: dest=/path/to/file
regexp="pattern1|pattern2[0-9]*|pattern3[0-9]*"
state=present
backup=yes
Ultimately I want to ensure that pattern1, pattern2[0-9]*, and pattern3[0-9]* are the only lines that remain in this file. I've attempted to come up with a regex that negates this one and then specify state=absent but I've been unsuccessful so far.
If you want only specific lines in your file, why don't you just transfer that file with your desired lines to the remote server? You can use copy module to transfer that file as is or template module to dynamically substitute some variables inside or even assemble module to generate a file from some fragments(such as config).
I know puppet modules always have a files directory and I know where it's supposed to be and I have used the source => syntax effectively from my own, handwritten modules but now I need to learn how to deploy files using Hiera.
I'm starting with the saz-sudo module and I've read the docs but I can't see anything about where to put the sudoers file; the one I want to distribute.
I'm not sure whether I need to set up a site-wide files dir in /etc/puppetlabs/puppet and then make subdirs in there for every module or what. And does Hiera know to look in /etc/puppetlabs/puppet/files/sudo if I say, source => "puppet:///files/etc/sudoers" ? Do I need to add a pathname in /etc/hiera.yaml? Add a line - files ?
Thanks for any clues.
My cursory view of the puppet module, given their example of using hiera:
sudo::configs:
'web':
'source' : 'puppet:///files/etc/sudoers.d/web'
'admins':
'content' : "%admins ALL=(ALL) NOPASSWD: ALL"
'priority' : 10
'joe':
'priority' : 60
'source' : 'puppet:///files/etc/sudoers.d/users/joe'
Suggest it assumes you have a "files" puppet module. So under you puppet modules section:
mkdir -p files/files/etc/sudoers.d/
Drop your files in there.
Explanation:
The url 'puppet:///files/etc/sudoers.d/users/joe' is broken down thus:
puppet: protocol
///: Three slashes indicate the source of the file is in a module.
files: name of the module
etc/sudoers.d/users/joe: full path to the file within the module's "files" directory.
You don't.
The idea of a module (Hiera backed or not) is to lift the need to manage the whole sudoers file from you. Instead, you can manage each single entry in the sudoers file.
I recommend reviewing the documentation carefully. You should definitely not have a file { "/etc/sudoers": } resource in your manifest.
Hiera doesn't have to do anything with Files.
Hiera is like a Variables Database, and servers you based on the hierarchy you have.
the files inside puppet, are usually accessed in methods like source => but also these files are using some basic structure.
In most cases when you call an file or template.
A template can serve your needs to automatically build an sudoers based on that.
There are also modules that supports modifying sudoers too.
It is up to you what to do.
In this case, saz stores the location of the file in hiera, but the real location can be a file inside your puppet (like a module file or something similar).
Which is completely unrelated.
Read about puppet file server
If you have questions, just ask.
V
I've created a new whoami command which requires a fake username and have put it in the PATH by adding it to ~/.profile . It is created in a way that whoami is called before actual the actual whoami from Linux.
The main reason to do this is because I am remote accessing a Hadoop cluster and want the copied files to be under the fake username.
This works fine when I call whoami in the shell and even calling $PATH shows the path to my created whoami before everything else. But for some reason, when Hadoop is called, it doesn't pick the created `whoami'.
Can someone help me with how to fix this?
thanks
Most applications do not use whoami to determine a user's username or group. For instance, in bash you can use the command id to find more detailed information about yourself or id [username] (such as id root) to find out more detailed information about other users. Groups can be found with groups as well. Also, different programming languages, such as C, have their own methods of determining user identities such as the getuid() command.
If you really "need" to go as far as faking your user account, you'll need to go down to OS level and create hooks into the kernel/API that handles those methods.
Is it possible that you simply chown the files after they are copied instead?
UPDATE:
It appears that some releases of Hadoop do actually use whoami (my own implementation w/ clustering does not).
In this event, the best (a term loosely used) suggestion would be to move the legitimate whoami executable and create a whoami shell script that goes in it's place. The custom script should validate the current user and if it's "hadoop", return whatever faked username you want - otherwise return valid output. Igor's answer would work in this case.
I suppose that hadoop uses other PATH variable then you have in your shell.
You can tune its PATH and add the directory with fake whoami to its beginning.
When it is impossible,
you can write a small wrapper for whoami (I'm not sure that it is a good idea but you can do this if you want) that will run original whoami except when the script is executed by hadoop:
#!/bin/sh
WHOAMI=/bin/whoami.orig
if [ "$($WHOAMI)" = hadoop ]
then
echo fake
else
exec $WHOAMI "$#"
fi