Is this a bug or a security feature? I am not sure...

[Steven Truong]

Hi all,

Here is the situation that I am not sure how to deal with it.

  shell: echo {{ ec2_tag_Name | regex_replace('(^[a-z]+-[a-z0-9]+).*', '\\1') }}

And certainly, I have other shell command where I echo something and use register to capture the output such as the following:

- name: get public ipv4 address

  shell: curl http://169.254.169.254/latest/meta-data/public-ipv4

  register: public_ipv4

So when I ran these in ansible_pull then these tasks worked just fine.  When I ran against the public_hostname of the EC2 instance with 

ansible-playbook myplaybookyml   -i /usr/local/src/public_hostname  

where public_hostname in AWS has the public DNS entry of the instance and I believe this entry will resolve to private IP address in AWS. This will NOT work.

ansible-playbook myplaybook.yml -i host.localhost  

where host.localhost has 'localhost" as the only entry and this will NOT work either.

ansible-playbook myplaybook.yml -i ec.py --limit $public_ip 

The public IP address is just the actual IP address of the instance.  This will work.

For those 2 cases when things failed to work I did not get error message but and OK with something like the following:

ok: [a.b.c.c] => {"msg": "check mode not supported for shell", "skipped": true}

So shell module seemed to give me these message and fail to execute the shell command at all in the case I use localhost or the public DNS name in AWS that resolves to the private IP address.

I ran these locally on the instance.

Please share your thoughts on what could have been the case here.  Bug or security feature???

Thank you very much,

Steven

[Michael DeHaan]

"ok: [a.b.c.c] => {"msg": "check mode not supported for shell", "skipped": true}"

shell commands don't run in check mode because usually they have side effects, and check mode is there to be a dry run.

As such, this is neither a bug *NOR* a security feature, it's just making sure check mode doesn't *do* anything.

If I'm missing the question, perhaps you can summarize what I missed above.

Thanks!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4faa6ac0-75fa-4db2-bfaa-2b00963f0194%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[daved...@gmail.com]

Somehow you are in check mode... I'd find out why.

If you truly are checking things, you can do this:

http://docs.ansible.com/playbooks_checkmode.html#running-a-task-in-check-mode

-d