Open phlegx opened 7 years ago
Yes, template_src is a lookup plugin which is specific to debops
and allows a user to override the file templates provided by the role. Unfortunately, using this lookup in a DebOps role makes it (currently) impossible to use the role with plain ansible
(@drybjed any plans on this?). Therefore the proper solution is to only use this role with the debops
command.
Because I'm also using this role with ansible
(-only) I maintain a branch where this plugin is removed:
https://github.com/ganto/ansible-fail2ban/tree/wo-debops-modules
Hmm ok thanks for the information! Yes it would be very helpful if this was solved in the original branch!
I'm also running this role with ansible
(-only) so I will have a look at your branch! Just one more question: How do I install your branch/repository over the original ? Is it possible with ansible-galaxy install git+https://@github.com/ganto/ansible-fail2ban.git
? Would this overwrite the original fail2ban role I have already installed?
@ganto I now installed your repo/branch with:
ansible-galaxy install git+https://@github.com/ganto/ansible-fail2ban.git
And I included it in my playbook like this:
- include_role:
name: ansible-fail2ban
tags:
- debops_fail2ban
But I still get the same error when I run it with ansible-playbook
PLAY [Setup machines] ************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [host.example.net]
TASK [ansible-fail2ban : Install required packages] ******************************************************************************************************************************************************
ok: [host.example.net] => (item=[u'fail2ban', u'whois'])
TASK [ansible-fail2ban : Divert original fail2ban configuration] *****************************************************************************************************************************************
changed: [host.example.net]
TASK [ansible-fail2ban : Copy upstream jail configuration] ***********************************************************************************************************************************************
changed: [host.example.net]
TASK [ansible-fail2ban : Disable default upstream jail] **************************************************************************************************************************************************
ok: [host.example.net]
TASK [ansible-fail2ban : Install custom fail2ban rule files] *********************************************************************************************************************************************
ok: [host.example.net]
TASK [ansible-fail2ban : Configure custom fail2ban actions] **********************************************************************************************************************************************
TASK [ansible-fail2ban : Remove custom fail2ban actions if requested] ************************************************************************************************************************************
TASK [ansible-fail2ban : Configure custom fail2ban filters] **********************************************************************************************************************************************
TASK [ansible-fail2ban : Remove custom fail2ban filters if requested] ************************************************************************************************************************************
TASK [ansible-fail2ban : Configure fail2ban] *************************************************************************************************************************************************************
fatal: [host.example.net]: FAILED! => {"failed": true, "msg": "lookup plugin (template_src) not found"}
RUNNING HANDLER [ansible-fail2ban : Restart fail2ban] ****************************************************************************************************************************************************
to retry, use: --limit @/home/user/workspace/server/ansible/playbooks/setup_machines.retry
PLAY RECAP ***********************************************************************************************************************************************************************************************
host.example.net : ok=6 changed=2 unreachable=0 failed=1
It's a bit tricky. The template_src
/task_src
/file_src
lookup plugins use debops
Python module to get the configuration, therefore you need to at least install the debops
Python module for them to work correctly.
I suppose that the Ansible lookup plugins themselves can be provided in the debops.ansible_plugins
role, which can then be included as a dependency in debops.fail2ban
, but you still need to install DebOps to use them (ie. pip install debops
). Should I do it this way?
@drybjed I have installed pip install debops
already actually but it does not work with that either. Getting the same error.
Actually I did:
$ sudo pip install debops
$ debops-update
$ sudo ansible-galaxy install debops.fail2ban
@phlegx If you want to use the @ganto's role version without the lookup plugins, you should make sure that the correct git
branch is checked out. Which one do you have at the moment?
To be honest, I'm not really fond of these lookup plugins myself. I would rather ensure that the functionality of the role, that allows for the kind of changes people would want to implement via custom templates, is possible in the role itself, so they are not needed. Using them in the current state outside of DebOps is cumbersome, as you probably noticed, so I would rather drop them entirely in the future.
OK I see yes, thanks! Yes I had the wrong branch from @ganto I need to use this one wo-debops-modules
:
ansible-galaxy install git+https://@github.com/ganto/ansible-fail2ban.git,wo-debops-modules
Now it works! Thanks again!
@ganto what happened to your clean version? This role looks great beside this thing.
Ah, I recently cleaned up my old Github repository clones. Sorry, I wasn't aware anymore that I had this "special" branch and I definitely wouldn't have thought that anyone is still using it.
I just restored it. Hope it helps...
But just as a warning: I'm not really using or maintaining it anymore. If you're using Ansible >=2.9 I guess it should be possible to use the role from the debops.roles03 Ansible collection now.
I quickly tested it. Something like this should work:
debops.debops
collection:
ansible-galaxy collection install debops.debops
debops.debops
for the ansible_plugins
, debops.roles03
for fail2ban
):
Thanks! I think I have some special usecase. I am mostly in a disconnected/restricted (or offline) network and try to minimize the needed collections and roles. Additionally installation is done with some other process so I only using the configuration parts.
Having this problem on Ubuntu 16.04
Ansible version:
Any ideas?