Ansible - henk52/knowledgesharing GitHub Wiki
Provide information on how to use ansible.
- TODO look into "diff alers"
- Ali18 - Ansible quick start guide, Mohamed Alibi
- Ansible documentation
- Ansible inventory - for client host organization
- Ansible modules -
- Ansible playbooks -
- uses the Ansible ad hoc commands in a more organized way(Ali18, p55)
- Playbooks are coded in a YAML data serialization format(Ali18, p56).
- A playbook script runs multiple plays.
- Each play executes a number of tasks, which are composed of a number of modules on selected hosts from the Ansible inventory(Ali18, p56).
- Ansible ad hoc - when running the command directly, without a playbook(Ali18,64).
- roles
- docker run -it --rm --entrypoint sh ansible_host:0.1.0
- ansible --version
- ansible-config
- ansible-doc
- ansible-doc apt
- ansible-doc -l
- ansible-playbook - execute a playbook
- ansible-playbook --extra-vars "csgo_client_access_password=${csgo_client_access_password}" -v steam_client.yaml
- ansible-inventory -
- ansible-inventory -i inventory.yaml --list clusternodes
- community.docker
- where are the collected facts stored? (Ali18,p91)
- How to generate a docker image using Ansible
- Ansible relies on SSH to communicate with its clients(Ali18, p41).
- The only important tool that is required to be installed and running on the client machine is the OpenSSH-server(Ali18, p43).
- To have the target work you need
- SSH server
- python
- We recommend adding a new system user who has the sole purpose of being used by Ansible to control the host(Ali18, p43).
- We give this user superuser privileges and make their access passwordless to further enhance automation(Ali18, p43).
- This user can be the same on all the hosts of a certain inventory group to be configured at the inventory group level(Ali18, p43).
- The Windows clients require you to have some specific versions of the following
applications installed(Ali18,p44):
- PowerShell 3.0 or higher
- .NET 4.0
Configuration should be done on the master node to create an SSH key that is then copied to all the client hosts to enable passwordless remote access(Ali18, 46)
Where should this be installed, master or target
- sudo apt install -y expect
- retry_files_enabled = False
- host_key_checking = False
- pipelining = True
- improve Ansible's performance greatly. It requires having requiretty disabled in /etc/sudoers on all the managed hosts.
- scp_if_ssh = smart
- transfer_method = smart
- connect_timeout = 30
- connect_retry_timeout = 15
- ansible -i inventory.yaml clusternodes -m ping
- ansible --private-key private_ansible_cloud_init -i inventory.yaml clusternodes -m ping
clusternodes:
hosts:
192.168.122.207:
192.168.122.76:
controlplanes:
hosts:
192.168.122.207:
workers:
hosts:
192.168.122.76:cat upgrade_node_playbook.yaml
---
#https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
- name: playbook to upgrade a k8s node
hosts: clusternodes
tasks:
- name: use apt to update its cache
become: yes
apt:
update_cache: yes
upgrade: full
ansible-playbook -i inventory.yaml upgrade_node_playbook.yaml
PLAY [playbook to upgrade a k8s node] *****************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [192.168.122.76]
ok: [192.168.122.207]
TASK [use apt to update its cache] ********************************************************************************************************************************************************************************
changed: [192.168.122.207]
changed: [192.168.122.76]
PLAY RECAP ********************************************************************************************************************************************************************************************************
192.168.122.207 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.122.76 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
FROM alpine
RUN echo "III Update the OS package index and tools" &&\
apk update && apk upgrade
RUN echo "III install ansible" &&\
apk add ansible
RUN echo "III Initializing Ansible inventory with the localhost" &&\
mkdir -p /etc/ansible/library /etc/ansible/roles /etc/ansible/lib /etc/ansible/ &&\
echo "localhost" >> /etc/ansible/hosts
ENV ANSIBLE_GATHERING smart
ENV ANSIBLE_HOST_KEY_CHECKING false
ENV ANSIBLE_LIBRARY /etc/ansible/library
ENV ANSIBLE_RETRY_FILES_ENABLED false
ENV ANSIBLE_ROLES_PATH /etc/ansible/roles
ENV ANSIBLE_SSH_PIPELINING True
ENV HOME /home/ansible
ENV PATH /etc/ansible/bin:$PATH
ENV PYTHONPATH /etc/ansible/lib
RUN adduser -h $HOME ansible -D &&\
chown -R ansible:ansible $HOME
RUN echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&\
chmod 0440 /etc/sudoers
WORKDIR $HOME
USER ansible
ENTRYPOINT ["ansible"]The disabled configuration options are implemented either by using a hash sign, #, or a semicolon, ;. The semicolon, ;, is often used to introduce an enabled option.
- inventory -
- roles_path -
- log_path -
- retry_files_enabled - It is better to keep this disabled unless you really need it.
- This is because it creates multiple files and clogs your playbook folder with old failed tasks(Ali18, p39).
- host_keychecking - Ansible holds a key for those machines to prevent security issues. Disabling this parameter will make Ansible ignore the error messages related to the known_hosts keys
- forks - max number of paralel tasks on a single target(Ali18, p40).
- nocolor -
- pipelining - (Ali18, p40)
- scp_if_ssh -
- transfer_method -
- connect_timeout - (Ali18, p41)
- connect_retry_timeout - (Ali18, p41)
- warn = bright purple
- error = red
- debug = dark gray
- ok = green
- changed = yellow
- skip = cyan
Ali18, 52 /etc/ansible/hosts
[servers] Node[0:4].lab.edu
- name: install csgo server
become: yes
become_user: steam
ansible.builtin.command:
creates: /data/steam/csgo_app/srcds_linux
argv:
- /usr/games/steamcmd
- +force_install_dir /data/steam/csgo_app
- +login anonymous
- +app_update 740 validate
- +quitif /data/steam/csgo_app/srcds_linux exists the command will not be executed.
- name: Create the csgo_app directory
become: yes
become_user: steam
ansible.builtin.file:
path: /data/steam/csgo_app
state: directory
mode: '0755' - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
ansible.builtin.cron:
name: "update game statistics"
job: "/usr/local/bin/extract_game_stats_from_elk.py" - name: Generate autoexec.cfg from Template
become: yes
become_user: steam
template:
src: files/autoexec.cfg.j2
dest: /data/steam/csgo_app/csgo/cfg/autoexec.cfgThe template file:
// This file is executed before the first map starts
// https://developer.valvesoftware.com/wiki/Counter-Strike:_Global_Offensive/Dedicated_Servers#Linux_Scripts
log on //This is set to turn on logging! Don't put this in your server.cfg
hostname "{{server_name}}"
{% if steam_server_token != 'EMPTY' %}
sv_setsteamaccount "{{steam_server_token}}"
{% endif %}
rcon_password "{{csgo_server_rcon_password}}"
sv_password "{{csgo_client_access_password}}" //Only set this if you intend to have a private server!
sv_cheats 0 //This should always be set, so you know it's not on
sv_lan {{one_for_local_zero_for_global}} //This should always be set, so you know it's not on - name: Switch docker image to /imagerepo/docker_data
become: yes
ansible.builtin.copy:
content: '{ "data-root": "/imagerepo/docker_data" }'
dest: /etc/docker/daemon.json - name: install git repo with the scripts for the csgo server
become: yes
become_user: steam
git:
repo: 'https://github.com/XXX/REPO.git'
dest: /data/steam/REPO
update: yes
version: add_azure- 'version' - can be a branch name or (I think a tag)
- name: Adding ansible user to group steam
become: yes
user:
name: ansible
groups: steam
append: yes - name: add steam user
become: yes
user:
name: "steam"
comment: "SteamCMD owner"
home: "/data/steam"
shell: "/usr/bin/bash" - name: install various tools
become: yes
apt:
update_cache: true
package: ['curl', 'htop', 'less', 'vim'] - name: Install docker-ce as container runtime
# https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html
block:
- name: Add docker-ce keyring
become: yes
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
keyring: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Add docker-ce repo
become: yes
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
- name: install docker-ce
become: yes
apt:
update_cache: true
package: ['docker-ce', 'docker-ce-cli', 'containerd.io']From these instructions:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.ioSee: Disabling Swap for Kubernetes in an Ansible Playbook
- name: disable swap
blok:
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
shell: |
swapoff -a
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1' - name: Install docker-ce as container runtime
# https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
block:
- name: install pkgs to allow apt to use a repository over HTTPS
become: yes
apt:
update_cache: true
package: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2']
- name: Add docker-ce keyring
become: yes
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
keyring: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Add docker-ce repo
become: yes
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
- name: install docker-ce
become: yes
apt:
update_cache: true
# TODO do I need anything other than 'containerd.io' ?
# package: ['docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin']
package: containerd.io
# - name: Adding ansible user to group docker
# become: yes
# user:
# name: ansible
# groups: docker
# append: yes
- name: generate /etc/containerd/config.toml
become: yes
block:
- name: generate the default content for /etc/containerd/config.toml
ansible.builtin.command: containerd config default
register: containerd_config_toml
- name: write the content for /etc/containerd/config.toml
ansible.builtin.copy:
content: "{{containerd_config_toml.stdout}}"
dest: /etc/containerd/config.toml
- name: Enable SystemdCgroup in /etc/containerd/config.toml
# https://kubernetes.io/docs/setup/production-environment/container-runtimes/
ansible.builtin.lineinfile:
path: /etc/containerd/config.toml
regexp: 'SystemdCgroup = false'
line: ' SystemdCgroup = true'
- name: apply changes to containerd, by restarting containerd
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
ansible.builtin.service:
name: containerd
state: restartedMissing SSH server?
ansible -m ping 172.17.0.4
[WARNING]: Could not match supplied host pattern, ignoring: 172.17.0.4
[WARNING]: No hosts matched, nothing to do
Update /etc/ansible/hosts
[linux]
172.17.0.2
172.17.0.4
[linux:vars]
ansible_user=ansible
with_items:
- 'deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}} multiverse'
- 'deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}}-updates multiverse'
- 'deb deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}}-backports main restricted universe multiverse'
- 'deb deb http://security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse'the lines had double 'deb'
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Malformed entry 1 in list file /etc/apt/sources.list.d/archive_ubuntu_com_ubuntu.list (URI parse), E:The list of sources could not be read.
failed: [localhost] (item=deb deb http://archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse) => {"ansible_loop_var": "item", "changed": false, "item": "deb deb http://archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse", "module_stderr": "Traceback (most recent call last):\n
File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.1397161-7090-229357364063411/AnsiballZ_apt_repository.py\", line 102, in <module>\n _ansiballz_main()\n
File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.1397161-7090-229357364063411/AnsiballZ_apt_repository.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n
File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.1397161-7090-229357364063411/AnsiballZ_apt_repository.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.apt_repository', init_globals=None, run_name='__main__', alter_sys=True)\n
File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n
File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_ansible.builtin.apt_repository_payload_yqu0uj_5/ansible_ansible.builtin.apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 604, in <module>\n
File \"/tmp/ansible_ansible.builtin.apt_repository_payload_yqu0uj_5/ansible_ansible.builtin.apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 581, in main\n
File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 152, in __init__\n self.open(progress)\n
File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 214, in open\n self._cache = apt_pkg.Cache(progress)\napt_pkg.Error: E:Malformed entry 1 in list file /etc/apt/sources.list.d/archive_ubuntu_com_ubuntu.list (URI parse), E:The list of sources could not be read.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Malformed entry 1 in list file /etc/apt/sources.list.d/archive_ubuntu_com_ubuntu.list (URI parse), E:Malformed entry 1 in list file /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list (URI parse), E:The list of sources could not be read.
failed: [localhost] (item=deb deb http://security.ubuntu.com/ubuntu jammy-security multiverse) => {"ansible_loop_var": "item", "changed": false, "item": "deb deb http://security.ubuntu.com/ubuntu jammy-security multiverse", "module_stderr": "Traceback (most recent call last):\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.536196-7090-86321442020343/AnsiballZ_apt_repository.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.536196-7090-86321442020343/AnsiballZ_apt_repository.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1690528433.536196-7090-86321442020343/AnsiballZ_apt_repository.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.apt_repository', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_ansible.builtin.apt_repository_payload_zm4_hxo5/ansible_ansible.builtin.apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 604, in <module>\n File \"/tmp/ansible_ansible.builtin.apt_repository_payload_zm4_hxo5/ansible_ansible.builtin.apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 581, in main\n File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 152, in __init__\n self.open(progress)\n File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 214, in open\n self._cache = apt_pkg.Cache(progress)\napt_pkg.Error: E:Malformed entry 1 in list file /etc/apt/sources.list.d/archive_ubuntu_com_ubuntu.list (URI parse), E:Malformed entry 1 in list file /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list (URI parse), E:The list of sources could not be read.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
See: How can I accept the Lience agreement for steam prior to apt-get install?
TASK [install steamcmd] ***********************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"cache_update_time": 1690582996, "cache_updated": true, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'lib32gcc-s1' 'steamcmd'' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)
", "rc": 100, "stderr": "E: Sub-process /usr/bin/dpkg returned an error code (1)
", "stderr_lines": ["E: Sub-process /usr/bin/dpkg returned an error code (1)"], "stdout": "Reading package lists...
Building dependency tree...
Reading state information...
lib32gcc-s1 is already the newest version (12.1.0-2ubuntu1~22.04).
Suggested packages:
steam:i386
The following NEW packages will be installed:
steamcmd:i386
Preconfiguring packages ...
0 upgraded, 1 newly installed, 0 to remove and 10 not upgraded.
21 not fully installed or removed.
Need to get 0 B/1365 kB of archives.
After this operation, 4337 kB of additional disk space will be used.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 103318 files and directories currently installed.)
Preparing to unpack .../steamcmd_0~20180105-4_i386.deb ...
dpkg: error processing archive /var/cache/apt/archives/steamcmd_0~20180105-4_i386.deb (--unpack):
new steamcmd:i386 package pre-installation script subprocess returned error exit status 1
Installation terminated: Steam License Agreement was DECLINED.
Errors were encountered while processing:
/var/cache/apt/archives/steamcmd_0~20180105-4_i386.deb
needrestart is being skipped since dpkg has failed
", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "lib32gcc-s1 is already the newest version (12.1.0-2ubuntu1~22.04).", "Suggested packages:", " steam:i386", "The following NEW packages will be installed:", " steamcmd:i386", "Preconfiguring packages ...", "0 upgraded, 1 newly installed, 0 to remove and 10 not upgraded.", "21 not fully installed or removed.", "Need to get 0 B/1365 kB of archives.", "After this operation, 4337 kB of additional disk space will be used.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 103318 files and directories currently installed.)", "Preparing to unpack .../steamcmd_0~20180105-4_i386.deb ...", "dpkg: error processing archive /var/cache/apt/archives/steamcmd_0~20180105-4_i386.deb (--unpack):", " new steamcmd:i386 package pre-installation script subprocess returned error exit status 1", "Installation terminated: Steam License Agreement was DECLINED.", "Errors were encountered while processing:", " /var/cache/apt/archives/steamcmd_0~20180105-4_i386.deb", "needrestart is being skipped since dpkg has failed"]}
Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user
installing 'setfacl' in acl
- name: install setfacl
become: yes
apt:
update_cache: true
package: aclthe ansible_common_remote_group didn't work Understanding privilege escalation: become
fatal: [localhost]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (
rc: 1,
err: chown: changing ownership of '/var/tmp/ansible-tmp-1690612464.7547016-17771-11050397913644/': Operation not permitted
chown: changing ownership of '/var/tmp/ansible-tmp-1690612464.7547016-17771-11050397913644/AnsiballZ_command.py': Operation not permitted\n}).
For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
TASK [install csgo server] ********************************************************************************************************************************************************************
task path: /home/ansible/csgo_server/test/tst.yml:46
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<127.0.0.1> EXEC /bin/sh -c 'echo ~ansible && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551 `" && echo ansible-tmp-1690613477.0450864-20737-151265141166551="` echo /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/command.py
<127.0.0.1> PUT /home/ansible/.ansible/tmp/ansible-local-193013q8livbq/tmpbs44e6uq TO /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/AnsiballZ_command.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:steam:r-x /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/ /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/ /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chown steam /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/ /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1690613477.0450864-20737-151265141166551/AnsiballZ_command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"
}
TASK [install csgo server] ********************************************************************************************************************************************************************
task path: /home/ansible/csgo_server/test/tst.yml:52
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<127.0.0.1> EXEC /bin/sh -c 'echo ~ansible && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366 `" && echo ansible-tmp-1690637916.950679-25496-249232378260366="` echo /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/command.py
<127.0.0.1> PUT /home/ansible/.ansible/tmp/ansible-local-24031qxb1ykgs/tmph271s__6 TO /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/AnsiballZ_command.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:steam:r-x /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/ /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/ /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chown steam /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/ /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1690637916.950679-25496-249232378260366/AnsiballZ_command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"
}
Error! App '740' state is 0x202 after update job
sudo mkfs -t ext4 /dev/sdb1 sudo mkdir /data sudo mount /dev/vdb1 /data sudo mkdir /data/csgo sudo chown steam:steam /data/csgo
TASK [install csgo server] ********************************************************************************************************************************************************************
task path: /home/ansible/csgo_server/test/tst.yml:52
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<127.0.0.1> EXEC /bin/sh -c 'echo ~ansible && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015 `" && echo ansible-tmp-1690638174.7948623-27156-85176190673015="` echo /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/command.py
<127.0.0.1> PUT /home/ansible/.ansible/tmp/ansible-local-25693vk9_bq1a/tmp9w2ext65 TO /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015/AnsiballZ_command.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:steam:r-x /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015/ /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u steam /bin/sh -c '"'"'echo BECOME-SUCCESS-xftqmpkbsvnabsnqvmswgrljbvypfatw ; /usr/bin/python3 /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015/AnsiballZ_command.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1690638174.7948623-27156-85176190673015/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": true,
"cmd": [
"/usr/games/steamcmd",
"+force_install_dir ~/csgo-ds/",
"+login anonymous",
"+app_update 740 validate",
"+quit"
],
"delta": "0:00:26.616932",
"end": "2023-07-29 13:43:21.559971",
"invocation": {
"module_args": {
"_raw_params": null,
"_uses_shell": false,
"argv": [
"/usr/games/steamcmd",
"+force_install_dir ~/csgo-ds/",
"+login anonymous",
"+app_update 740 validate",
"+quit"
],
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 8,
"start": "2023-07-29 13:42:54.943039",
"stderr": "ln: failed to create symbolic link '/home/steam/.steam/root': No such file or directory\nln: failed to create symbolic link '/home/steam/.steam/steam': No such file or directory",
"stderr_lines": [
"ln: failed to create symbolic link '/home/steam/.steam/root': No such file or directory",
"ln: failed to create symbolic link '/home/steam/.steam/steam': No such file or directory"
],
"stdout": "Redirecting stderr to '/home/steam/Steam/logs/stderr.txt'\nLooks like steam didn't shutdown cleanly, scheduling immediate update check\nILocalize::AddFile() failed to load file \"public/steambootstrapper_english.txt\".\n[ 0%] Checking for available update...\n[----] Download Complete.\n[----] Applying update...\n[----] Extracting package...\n[----] Extracting package...\n[----] Extracting package...\n[----] Extracting package...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Cleaning up...\n[----] Update complete, launching...\nRedirecting stderr to '/home/steam/Steam/logs/stderr.txt'\n[ 0%] Checking for available updates...\n[----] Verifying installation...\n[ 0%] Downloading update...\n[ 0%] Checking for available updates...\n[----] Download complete.\n[----] Extracting package...\n[----] Extracting package...\n[----] Extracting package...\n[----] Extracting package...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Installing update...\n[----] Cleaning up...\n[----] Update complete, launching Steamcmd...\nRedirecting stderr to '/home/steam/Steam/logs/stderr.txt'\n[ 0%] Checking for available updates...\n[----] Verifying installation...\nSteam Console Client (c) Valve Corporation - version 1689642531\n-- type 'quit' to exit --\nLoading Steam API...dlmopen steamservice.so failed: steamservice.so: cannot open shared object file: No such file or directory\nOK\n\nConnecting anonymously to Steam Public...OK\nWaiting for client config...OK\nWaiting for user info...OK\n Update state (0x3) reconfiguring, progress: 0.00 (0 / 0)\n Update state (0x3) reconfiguring, progress: 0.00 (0 / 0)\nError! App '740' state is 0x202 after update job.",
"stdout_lines": [
"Redirecting stderr to '/home/steam/Steam/logs/stderr.txt'",
"Looks like steam didn't shutdown cleanly, scheduling immediate update check",
"ILocalize::AddFile() failed to load file \"public/steambootstrapper_english.txt\".",
"[ 0%] Checking for available update...",
"[----] Download Complete.",
"[----] Applying update...",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Cleaning up...",
"[----] Update complete, launching...",
"Redirecting stderr to '/home/steam/Steam/logs/stderr.txt'",
"[ 0%] Checking for available updates...",
"[----] Verifying installation...",
"[ 0%] Downloading update...",
"[ 0%] Checking for available updates...",
"[----] Download complete.",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Extracting package...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Installing update...",
"[----] Cleaning up...",
"[----] Update complete, launching Steamcmd...",
"Redirecting stderr to '/home/steam/Steam/logs/stderr.txt'",
"[ 0%] Checking for available updates...",
"[----] Verifying installation...",
"Steam Console Client (c) Valve Corporation - version 1689642531",
"-- type 'quit' to exit --",
"Loading Steam API...dlmopen steamservice.so failed: steamservice.so: cannot open shared object file: No such file or directory",
"OK",
"",
"Connecting anonymously to Steam Public...OK",
"Waiting for client config...OK",
"Waiting for user info...OK",
" Update state (0x3) reconfiguring, progress: 0.00 (0 / 0)",
" Update state (0x3) reconfiguring, progress: 0.00 (0 / 0)",
"Error! App '740' state is 0x202 after update job."
]
}
TODO is seems 'copy' is used for copying from the local to the remote machine. local is the machine running the playbook, remote is where the commands are being executed. so kind of like the 'COPY' command in Dockerfile?
TASK [copy admin.conf to .kube/config] *************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "an error occurred while trying to read the file '/etc/kubernetes/admin.conf': [Errno 13] Permission denied: b'/etc/kubernetes/admin.conf'"}