Skip to content

Instantly share code, notes, and snippets.

@dpflug

dpflug/ansible-vvv.err Secret

Last active September 9, 2018 01:46
Show Gist options
  • Save dpflug/2e51ea23b71a282d4cc961966cec17a9 to your computer and use it in GitHub Desktop.
Save dpflug/2e51ea23b71a282d4cc961966cec17a9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ansible-vvv.err
% ansible-playbook ldap_ban.yml -vvv ~/projects/hashbang/keller-admin
ansible-playbook 2.6.4
config file = /home/dpflug/projects/hashbang/keller-admin/ansible.cfg
configured module search path = ['/home/dpflug/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.7.0 (default, Jul 15 2018, 10:44:58) [GCC 8.1.1 20180531]
Using /home/dpflug/projects/hashbang/keller-admin/ansible.cfg as config file
Parsed /home/dpflug/projects/hashbang/keller-admin/hosts inventory source with ini plugin
[DEPRECATION WARNING]: 'include' for playbook includes. You should use 'import_playbook' instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
PLAYBOOK: ldap_ban.yml ************************************************************************************************************************************************************************
4 plays in ldap_ban.yml
[WARNING]: Found variable using reserved name: hosts
PLAY [Load data from vault] *******************************************************************************************************************************************************************
META: ran handlers
TASK [include_vars] ***************************************************************************************************************************************************************************
task path: /home/dpflug/projects/hashbang/keller-admin/vault.yml:6
ok: [ldap.hashbang.sh -> localhost] => (item=ldap) => {
"ansible_facts": {
"ldap": {
"admin": {
"dn": "cn=admin,dc=hashbang,dc=sh",
"password": "{{ vault_ldap.admin }}"
},
"provisor": {
"dn": "cn=provisor,ou=Admin,dc=hashbang,dc=sh",
"password": "{{ vault_ldap.provisor }}"
}
},
"vault_ldap": {
"admin": "!vGAJAqx>cl!Z?g*NC8#=ns93p[+mp",
"provisor": "v88nN09UyfAxY2pFp4wS7ujCbduUNHmtcjeTiVPr"
}
},
"ansible_included_var_files": [
"/home/dpflug/projects/hashbang/keller-admin/vault/ldap/main.yml",
"/home/dpflug/projects/hashbang/keller-admin/vault/ldap/vault.yml"
],
META: ran handlers
META: ran handlers
Comma-separated list of users to ban: kellertest
Delete home directories? (yes/no) [no]:
PLAY [Parse parameters] ***********************************************************************************************************************************************************************
META: ran handlers
TASK [Parse users list] ***********************************************************************************************************************************************************************
task path: /home/dpflug/projects/hashbang/keller-admin/ldap_ban.yml:19
ok: [ldap.hashbang.sh] => {
"ansible_facts": {
"delete_homedirs": false,
"user_list": [
"kellertest"
]
},
"changed": false
}
ok: [da1.hashbang.sh] => {
"ansible_facts": {
"delete_homedirs": false,
"user_list": [
"kellertest"
]
},
"changed": false
}
ok: [ny1.hashbang.sh] => {
"ansible_facts": {
"delete_homedirs": false,
"user_list": [
"kellertest"
]
},
"changed": false
}
ok: [sf1.hashbang.sh] => {
"ansible_facts": {
"delete_homedirs": false,
"user_list": [
"kellertest"
]
},
"changed": false
}
ok: [to1.hashbang.sh] => {
"ansible_facts": {
"delete_homedirs": false,
"user_list": [
"kellertest"
]
},
"changed": false
}
META: ran handlers
META: ran handlers
PLAY [Disable the account in LDAP] ************************************************************************************************************************************************************
META: ran handlers
TASK [ldap_attr] ******************************************************************************************************************************************************************************
task path: /home/dpflug/projects/hashbang/keller-admin/ldap_ban.yml:28
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: dpflug
<localhost> EXEC /bin/sh -c 'echo ~dpflug && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208 `" && echo ansible-tmp-1536457505.1567879-259127304260208="` echo /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208 `" ) && sleep 0'
Using module file /usr/lib/python3.7/site-packages/ansible/modules/net_tools/ldap/ldap_attr.py
<localhost> PUT /home/dpflug/.ansible/tmp/ansible-local-15852ckxn1jn_/tmp335hw7xx TO /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ldap_attr.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/dpflug/.ansible/tmp/ansible-tmp-1536457505.1567879-259127304260208/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_c34xo0m7/ansible_module_ldap_attr.py", line 278, in main
ldap.connection.modify_s(ldap.dn, modlist)
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 629, in modify_s
return self.modify_ext_s(dn,modlist,None,None)
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 601, in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 598, in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File "/usr/lib/python3.7/site-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')
failed: [ldap.hashbang.sh -> localhost] (item=kellertest) => {
"changed": false,
"details": "('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')",
"invocation": {
"module_args": {
"bind_dn": "cn=admin,dc=hashbang,dc=sh",
"bind_pw": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"dn": "uid=kellertest,ou=People,dc=hashbang,dc=sh",
"name": "loginShell",
"params": null,
"server_uri": "ldaps://ldap.hashbang.sh",
"start_tls": false,
"state": "exact",
"validate_certs": true,
"values": "/usr/sbin/nologin"
}
},
"item": "kellertest",
"msg": "Attribute action failed."
}
to retry, use: --limit @/home/dpflug/projects/hashbang/keller-admin/ldap_ban.retry
PLAY RECAP ************************************************************************************************************************************************************************************
da1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
ldap.hashbang.sh : ok=2 changed=0 unreachable=0 failed=1
ny1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
sf1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
to1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
Raw
ansible.err
% ansible-playbook ldap_ban.yml ~/projects/hashbang/keller-admin
[DEPRECATION WARNING]: 'include' for playbook includes. You should use 'import_playbook' instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Found variable using reserved name: hosts
PLAY [Load data from vault] *******************************************************************************************************************************************************************
TASK [include_vars] ***************************************************************************************************************************************************************************
ok: [ldap.hashbang.sh -> localhost] => (item=ldap)
Comma-separated list of users to ban: kellertest
Delete home directories? (yes/no) [no]:
PLAY [Parse parameters] ***********************************************************************************************************************************************************************
TASK [Parse users list] ***********************************************************************************************************************************************************************
ok: [ldap.hashbang.sh]
ok: [da1.hashbang.sh]
ok: [ny1.hashbang.sh]
ok: [sf1.hashbang.sh]
ok: [to1.hashbang.sh]
PLAY [Disable the account in LDAP] ************************************************************************************************************************************************************
TASK [ldap_attr] ******************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')
failed: [ldap.hashbang.sh -> localhost] (item=kellertest) => {"changed": false, "details": "('Tuple_to_LDAPMod(): expected a byte string in the list', '/usr/sbin/nologin')", "item": "kellertest", "msg": "Attribute action failed."}
to retry, use: --limit @/home/dpflug/projects/hashbang/keller-admin/ldap_ban.retry
PLAY RECAP ************************************************************************************************************************************************************************************
da1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
ldap.hashbang.sh : ok=2 changed=0 unreachable=0 failed=1
ny1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
sf1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
to1.hashbang.sh : ok=1 changed=0 unreachable=0 failed=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment