Goal: Given a Debian server without python installed (and a few other missing ansible prerequisites), use ansible to get them installed so I can then use the normal ansible modules (almost all of which require python) to provision the server.
According to the ansible documentation for the "script" module, "This module does not require python on the remote system, much like the raw module.". However, based on my tests, it seems like the script module does in fact attempt to run python on the remote system, at least if the sudo
option is true. I believe I can get this to work with the script module as long as I don't enable ansible's sudo
option, but then I need my remote user to have sudo permission without a password prompt or my script is just going to hang waiting for interactive entry of the sudo password.
So my question is: A) What's the deal with the "script" module. Does it require python on the remote system or not?
and B) Is there a better way to achieve my larger goal which is fully automated deployment without any manual steps before ansible itself can be used?
Here's my output of ansible-playbook -vvv
which shows clear it is running /usr/bin/python
on the remote system, and there is no file there because python is not yet installed.
TASK: [install ansible prerequisites]
***************************************** <10.9.8.31> ESTABLISH
CONNECTION FOR USER: plyons <10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s',
'-o', 'ControlPath=/Users/plyons/.ansible/cp/ansible-
ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10',
'10.9.8.31', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157 && chmod a+rx $HOME/.ansible/tmp
/ansible-tmp-1396233547.35-182235573044157 && echo
$HOME/.ansible/tmp/ansible-tmp-1396233547.35-182235573044157'"]
<10.9.8.31> PUT
/var/folders/n4/8skjkv9s5hbc4t5r0tr0xrk80000gn/T/tmpT1Vh6e TO
/home/plyons/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157/stat <10.9.8.31> EXEC ['ssh',
'-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o',
'ControlPersist=60s', '-o', 'ControlPath=/Users/plyons/.ansible/cp
/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10',
'10.9.8.31', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via
ansible, key=hyplatqjmvybpfqtukjegkibbuyrnoqj] password: " -u root
/bin/sh -c \'"\'"\'echo SUDO-SUCCESS-
hyplatqjmvybpfqtukjegkibbuyrnoqj; /usr/bin/python
/home/plyons/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157/stat\'"\'"\'\'']
Here's my playbook task:
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
And that ansible_prereqs.sh script:
#!/bin/sh
#install ansible prereqs manually or all apt-based ansible commands will fail
# http://euphonious-intuition.com/2013/01/bootstrapping-a-cluster-with-ansible-debian-6-and-oracle-java-7/
apt-get update
apt-get install -y python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
OK, further testing leads me to understand that @DomaNitro is correct in that it's not the script
module itself per-say that requires python, but the creates
option in particular, because that uses a stat
python script.
However, things still seem to work fine because in the initial check for the creates
marker file, ansible will do: /usr/bin/python /home/plyons/.ansible/tmp/ansible-tmp-1396271950.37-134911276396535/stat
, which will fail because /usr/bin/python
is not present, but that's fine because we want the script to run anyway.
Once my ansible_prereqs.sh
script runs, ansible's stat
module will start working because /usr/bin/python
is now installed, so subsequent reruns will see the marker file exists and bypass the script.
So I don't need to implement the creates
logic in my shell script code. Here's my final working playbook:
---
-
hosts: all
gather_facts: no
sudo: yes
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
And here's the script it runs ansible_prereqs.sh
:
#!/bin/bash
set -e
apt-get -qq update
apt-get -qq --yes install python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
Here's some ansible-playbook -vvv
output with explanatory comments added.
<10.9.8.31> ESTABLISH CONNECTION FOR USER: plyons
#Not sure exactly what this does, but presumably some basic
#bootstrap sanity checking
<10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', "/bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174 && chmod
a+rx $HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174 &&
echo $HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174'"]
#OK the "creates" option causes ansible to upload the "stat"
#python program
<10.9.8.31> PUT
/var/folders/n4/8skjkv9s5hbc4t5r0tr0xrk80000gn/T/tmp5CVz6i TO
/home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/stat
#Then ansible attempts to run it with /usr/bin/python
#This fails but ansible seems to proceed anyway, which is OK
<10.9.8.31> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o',
'ControlPersist=60s', '-o', 'ControlPath=/Users/plyons/.ansible/cp
/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.9.8.31',
'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible,
key=llljvkxiztigvqonzohgzwwekusxtprk] password: " -u root /bin/sh -c
\'"\'"\'echo SUDO-SUCCESS-llljvkxiztigvqonzohgzwwekusxtprk;
/usr/bin/python /home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/stat\'"\'"\'\'']
#Now ansible uploads my script
<10.9.8.31> PUT
/Users/plyons/projects/redacted/deploy/ansible_prereqs.sh
TO /home/plyons/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174/ansible_prereqs.sh
#Then it marks it executable
<10.9.8.31> EXEC ['ssh', '-C',
'-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s',
'-o', 'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r',
'-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.9.8.31',
u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible,
key=cgmwlvtjoxuighdqujwmmpvioiumveac] password: " -u root /bin/sh -c
\'"\'"\'echo SUDO-SUCCESS-cgmwlvtjoxuighdqujwmmpvioiumveac; chmod +rx
/home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/ansible_prereqs.sh\'"\'"\'\'']
#Then it runs it
<10.9.8.31> EXEC ['ssh', '-C', '-tt', '-q', '-o',
'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', u'/bin/sh -c \'sudo -k && sudo -H -S
-p "[sudo via ansible, key=cqqswbszbeabpclraxsxwzzatbolgmgf] password:
" -u root $SHELL -c \'"\'"\'echo SUDO-SUCCESS-
cqqswbszbeabpclraxsxwzzatbolgmgf; /home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/ansible_prereqs.sh \'"\'"\'\'']
#Then it deletes it
<10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', "/bin/sh -c 'rm -rf
/home/plyons/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174/
>/dev/null 2>&1'"]
raw and scripts dont require python. I think the creates require python. To verify you can run
ansible -m script -a "ansible_prereqs.sh" 10.9.8.31 -vvvv
what you can do is shift the creates function to your script
#!/bin/sh
#install ansible prereqs manually or all apt-based ansible commands will fail
# http://euphonious-intuition.com/2013/01/bootstrapping-a-cluster-with-ansible-debian-6-and-oracle-java-7/
if [ ! -f /root/.ansible_prereqs_installed ]; then
apt-get update
apt-get install -y python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
echo "CHANGE"
fi
And you can have your playbook something like this
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
register: ans_preq
changed_when: "'CHANGE' in ans_preq.stdout"
Hope that helps
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With