-
-
Save dpflug/2e51ea23b71a282d4cc961966cec17a9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
% ansible-playbook ldap_ban.yml -vvv ~/projects/hashbang/keller-admin | |
ansible-playbook 2.6.4 | |
config file = /home/dpflug/projects/hashbang/keller-admin/ansible.cfg | |
configured module search path = ['/home/dpflug/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] | |
ansible python module location = /usr/lib/python3.7/site-packages/ansible | |
executable location = /usr/bin/ansible-playbook | |
python version = 3.7.0 (default, Jul 15 2018, 10:44:58) [GCC 8.1.1 20180531] | |
Using /home/dpflug/projects/hashbang/keller-admin/ansible.cfg as config file | |
Parsed /home/dpflug/projects/hashbang/keller-admin/hosts inventory source with ini plugin | |
[DEPRECATION WARNING]: 'include' for playbook includes. You should use 'import_playbook' instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting | |
deprecation_warnings=False in ansible.cfg. | |
PLAYBOOK: ldap_ban.yml ************************************************************************************************************************************************************************ | |
4 plays in ldap_ban.yml | |
[WARNING]: Found variable using reserved name: hosts | |
PLAY [Load data from vault] ******************************************************************************************************************************************************************* | |
META: ran handlers | |
TASK [include_vars] *************************************************************************************************************************************************************************** | |
task path: /home/dpflug/projects/hashbang/keller-admin/vault.yml:6 | |
ok: [ldap.hashbang.sh -> localhost] => (item=ldap) => { | |
"ansible_facts": { | |
"ldap": { | |
"admin": { | |
"dn": "cn=admin,dc=hashbang,dc=sh", | |
"password": "{{ vault_ldap.admin }}" | |
}, | |
"provisor": { | |
"dn": "cn=provisor,ou=Admin,dc=hashbang,dc=sh", | |
"password": "{{ vault_ldap.provisor }}" | |
} | |
}, | |
"vault_ldap": { | |
"admin": "!vGAJAqx>cl!Z?g*NC8#=ns93p[+mp", | |
"provisor": "v88nN09UyfAxY2pFp4wS7ujCbduUNHmtcjeTiVPr" | |
} | |
}, | |
"ansible_included_var_files": [ | |
"/home/dpflug/projects/hashbang/keller-admin/vault/ldap/main.yml", | |
"/home/dpflug/projects/hashbang/keller-admin/vault/ldap/vault.yml" | |
], | |
META: ran handlers | |
META: ran handlers | |
Comma-separated list of users to ban: kellertest | |
Delete home directories? (yes/no) [no]: | |
PLAY [Parse parameters] *********************************************************************************************************************************************************************** | |
META: ran handlers | |
TASK [Parse users list] *********************************************************************************************************************************************************************** | |
task path: /home/dpflug/projects/hashbang/keller-admin/ldap_ban.yml:19 | |
ok: [ldap.hashbang.sh] => { | |
"ansible_facts": { | |
"delete_homedirs": false, | |
"user_list": [ | |
"kellertest" | |
] | |
}, | |
"changed": false | |
} | |
ok: [da1.hashbang.sh] => { | |
"ansible_facts": { | |
"delete_homedirs": false, | |
"user_list": [ | |
"kellertest" | |
] | |
}, | |
"changed": false | |
} | |
ok: [ny1.hashbang.sh] => { | |
"ansible_facts": { | |
"delete_homedirs": false, | |
"user_list": [ | |
"kellertest" | |
] | |
}, | |
"changed": false | |
} | |
ok: [sf1.hashbang.sh] => { | |
"ansible_facts": { | |
"delete_homedirs": false, | |
"user_list": [ | |
"kellertest" | |
] | |
}, | |
"changed": false | |
} | |
ok: [to1.hashbang.sh] => { | |
"ansible_facts": { | |
"delete_homedirs": false, | |
"user_list": [ | |
"kellertest" | |
] | |
}, | |
"changed": false | |
} | |
META: ran handlers | |
META: ran handlers | |
PLAY [Disable the account in LDAP] ************************************************************************************************************************************************************ | |
META: ran handlers | |
TASK [ldap_attr] ****************************************************************************************************************************************************************************** | |
task path: /home/dpflug/projects/hashbang/keller-admin/ldap_ban.yml:28 | |
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: dpflug | |
<localhost> EXEC /bin/sh -c 'echo ~dpflug && sleep 0' | |
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208 `" && echo ansible-tmp-1536457505.1567879-259127304260208="` echo /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208 `" ) && sleep 0' | |
Using module file /usr/lib/python3.7/site-packages/ansible/modules/net_tools/ldap/ldap_attr.py | |
<localhost> PUT /home/dpflug/.ansible/tmp/ansible-local-15852ckxn1jn_/tmp335hw7xx TO /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py | |
<localhost> EXEC /bin/sh -c 'chmod u+x /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py && sleep 0' | |
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py && sleep 0' | |
<localhost> EXEC /bin/sh -c 'rm -f -r /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ > /dev/null 2>&1 && sleep 0' | |
The full traceback is: | |
Traceback (most recent call last): | |
File "/tmp/ansible_c34xo0m7/ansible_module_ldap_attr.py", line 278, in main | |
ldap.connection.modify_s(ldap.dn, modlist) | |
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 629, in modify_s | |
return self.modify_ext_s(dn,modlist,None,None) | |
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 601, in modify_ext_s | |
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls) | |
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 598, in modify_ext | |
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) | |
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 313, in _ldap_call | |
result = func(*args,**kwargs) | |
TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin') | |
failed: [ldap.hashbang.sh -> localhost] (item=kellertest) => { | |
"changed": false, | |
"details": "('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')", | |
"invocation": { | |
"module_args": { | |
"bind_dn": "cn=admin,dc=hashbang,dc=sh", | |
"bind_pw": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", | |
"dn": "uid=kellertest,ou=People,dc=hashbang,dc=sh", | |
"name": "loginShell", | |
"params": null, | |
"server_uri": "ldaps://ldap.hashbang.sh", | |
"start_tls": false, | |
"state": "exact", | |
"validate_certs": true, | |
"values": "/usr/sbin/nologin" | |
} | |
}, | |
"item": "kellertest", | |
"msg": "Attribute action failed." | |
} | |
to retry, use: --limit @/home/dpflug/projects/hashbang/keller-admin/ldap_ban.retry | |
PLAY RECAP ************************************************************************************************************************************************************************************ | |
da1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
ldap.hashbang.sh : ok=2 changed=0 unreachable=0 failed=1 | |
ny1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
sf1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
to1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
% ansible-playbook ldap_ban.yml ~/projects/hashbang/keller-admin | |
[DEPRECATION WARNING]: 'include' for playbook includes. You should use 'import_playbook' instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting | |
deprecation_warnings=False in ansible.cfg. | |
[WARNING]: Found variable using reserved name: hosts | |
PLAY [Load data from vault] ******************************************************************************************************************************************************************* | |
TASK [include_vars] *************************************************************************************************************************************************************************** | |
ok: [ldap.hashbang.sh -> localhost] => (item=ldap) | |
Comma-separated list of users to ban: kellertest | |
Delete home directories? (yes/no) [no]: | |
PLAY [Parse parameters] *********************************************************************************************************************************************************************** | |
TASK [Parse users list] *********************************************************************************************************************************************************************** | |
ok: [ldap.hashbang.sh] | |
ok: [da1.hashbang.sh] | |
ok: [ny1.hashbang.sh] | |
ok: [sf1.hashbang.sh] | |
ok: [to1.hashbang.sh] | |
PLAY [Disable the account in LDAP] ************************************************************************************************************************************************************ | |
TASK [ldap_attr] ****************************************************************************************************************************************************************************** | |
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin') | |
failed: [ldap.hashbang.sh -> localhost] (item=kellertest) => {"changed": false, "details": "('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')", "item": "kellertest", "msg": "Attribute action failed."} | |
to retry, use: --limit @/home/dpflug/projects/hashbang/keller-admin/ldap_ban.retry | |
PLAY RECAP ************************************************************************************************************************************************************************************ | |
da1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
ldap.hashbang.sh : ok=2 changed=0 unreachable=0 failed=1 | |
ny1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
sf1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 | |
to1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment