break this up into tasks and roles and variables

[Tony Wong]

how do I break this play up into roles/tasks/variables etc....

---

- hosts: localhost

  tasks:

  - name: create s3 bucket

    s3_bucket:

      name: ansibletestbucket12345

      public_access:

          block_public_acls: true

          ignore_public_acls: true

          block_public_policy: true

          restrict_public_buckets: true

      state: present

      encryption: "aws:kms"

      encryption_key_id: "arn:aws:kms:us-west-1:462518063038:key/f164e76a-f6f8-4773-84dc-053a44b2678d"

      region: us-west-1

      versioning: yes

      tags:

         atomenv: prod

         atomos: s3 bucket

         atomrole: util

         atompid: 32

         atomdomain: xxxxx

[Brian Coca]

you are showing a playbook with a single task and no variables, there
is not much to break up here

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com.



--
----------
Brian Coca

[Tony Wong]

my variables are

ansibletestbucket12345

arn:aws:kms:us-west-1:462518063038:key/f164e76a-f6f8-4773-84dc-053a44b2678d

prod

s3 bucket

util

32

atomdomain

[Dick Visser]

Did you read the reply?

What do you want to achieve?
What is the intention?
Why do you say "break this play up into roles/tasks/variables etc."?

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com.



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[Tony Wong]

i want to reuse the role. i only want to modify the variables for future use

[Tony Wong]

ok so here is what i have

s3_bucket.yml

---

- hosts: localhost

  name: create s3 bucket

  become: yes

  roles:

    - s3_bucket

------------------------------------------------

roles

└── s3_bucket

    ├── README.md

    ├── defaults

    │   └── main.yml

    ├── handlers

    │   └── main.yml

    ├── meta

    │   └── main.yml

    ├── tasks

    │   └── main.yml

    ├── templates

    ├── tests

    │   ├── inventory

    │   └── test.yml

    └── vars

        └── main.yml

I only filled out tasks/main.yml and vars/main.yml

tasks/main.yml

---

- hosts: localhost

  tasks:

  - name: create s3 bucket

    s3_bucket:

      name: '{{ s3_bucket_name }}'

      public_access:

          block_public_acls: true

          ignore_public_acls: true

          block_public_policy: true

          restrict_public_buckets: true

          state: present

          encryption: "aws:kms"

          encryption_key_id: '{{ kms_arn_id }}'

          region: us-west-1

          versioning: yes

          tags:

           atomenv: '{{ s3_tag.atomenv }}'

           atomos: '{{ s3_tag_atomos }}'

           atomrole: '{{ s3_tag.atomrole }}'

           atompid: '{{ s3_tag.atompid }}'

           atomdomain: '{{ s3_tag.atomdomain }}'

vars/main.yml

---

# vars file for s3_bucket

s3_bucket_name: ansibletest12345

kms_arn.id: arn:aws:kms:us-west-1:462518063038:key/f164e76a-f6f8-4773-84dc-053a44b2678d

s3_tag.atomenv: prod

s3_tag.atomos: s3 bucket

s3_tag.atomrole: util

s3_tag.atompid: 32

s3_tag.atomdomain: active.tan

but then when i ran

ansible-playbook -vvvv s3_bucket.yml

ERROR! conflicting action statements: hosts, tasks

The error appears to be in '/Users/tonywong/virtualenv/ansible/roles/s3_bucket/tasks/main.yml': line 2, column 3, but may

be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---

- hosts: localhost

  ^ here

any idea?

[Jorge Rúa]

Splitting a single task into a role does not make much sense to me. 

But if you want to go ahead with it, just pass any variables you are currently using in your task, to the role. 

Something like this:

- include_role:

    name: role-s3bucket-creator

    apply:

      delegate_to: localhost

  vars:

     role_var_name1: "{{ foo }}"

     role_var_name2: "{{ bar }}"

Going forward I suggest you ellaborate a little bit more on your questions, so people can actually understand what are you trying to achieve.

Regards,

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d273c8b2-58ce-4bc8-a7be-b359d073191cn%40googlegroups.com.

[Jorge Rúa]

Remove the leading - character on the - hosts line.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com.

[Tony Wong]

it is still not working. 

yaml checker says ok

[Stefan Hornburg (Racke)]

On 24/08/2021 14:24, Tony Wong wrote:
> it is still not working.
>

With a little effort a sensible mind would discover that hosts: doesn't belong into task files.

Just my two cents.

             Racke

> kms_arn.id <http://kms_arn.id>: arn:aws:kms:us-west-1:462518063038:key/f164e76a-f6f8-4773-84dc-053a44b2678d

> >> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com>.

> >>
> >>
> >>
> >> --
> >> ----------
> >> Brian Coca
> >>
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com>.

>
>
>
> --
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
>

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com?utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.

[Tony Wong]

ok

corrected it

---

- include_vars: vars/main.yml

- name: create s3 bucket

s3_bucket:

name: '{{ s3_bucket_name }}'

public_access:

block_public_acls: true

ignore_public_acls: true

block_public_policy: true

restrict_public_buckets: true

state: present

encryption: "aws:kms"

encryption_key_id: '{{ kms_arn_id }}'

region: us-west-1

versioning: yes

tags:

atomenv: '{{ s3_tag.atomenv }}'

atomos: '{{ s3_tag_atomos }}'

atomrole: '{{ s3_tag.atomrole }}'

atompid: '{{ s3_tag.atompid }}'

atomdomain: '{{ s3_tag.atomdomain }}'

but now getting this

fatal: [localhost]: FAILED! => {

    "ansible_facts": {},

    "changed": false,

    "failed_modules": {

        "ansible.legacy.setup": {

            "failed": true,

            "module_stderr": "sudo: a password is required\n",

            "module_stdout": "",

            "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",

            "rc": 1

        }

    },

    "msg": "The following modules failed to execute: ansible.legacy.setup\n"

}

PLAY RECAP ************************************************************************************************

localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

[Tony Wong]

any idea? why is sudo password needed? 

[Stefan Hornburg (Racke)]

On 24/08/2021 15:30, Tony Wong wrote:
>
> any idea? why is sudo password needed?

Because you asked for that (become: yes)

Regards
Racke

> > kms_arn.id <http://kms_arn.id> <http://kms_arn.id <http://kms_arn.id>>: arn:aws:kms:us-west-1:462518063038:key/f164e76a-f6f8-4773-84dc-053a44b2678d

> > >> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com> <https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/eb897354-e82b-4d8e-bdb0-a9fe32f048f0n%40googlegroups.com>>.

> > >>
> > >>
> > >>
> > >> --
> > >> ----------
> > >> Brian Coca
> > >>
> > > --
> > > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

> > > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com> <https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/cd76041a-6d57-493e-97a4-bd1760f8ad7dn%40googlegroups.com>>.

> >
> >
> >
> > --
> > Dick Visser
> > Trust & Identity Service Operations Manager
> > GÉANT
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> >

> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com> <https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com?utm_medium=email&utm_source=footer <https://groups.google.com/d/msgid/ansible-project/1dde8393-dd30-4fa0-a963-06608e679cafn%40googlegroups.com?utm_medium=email&utm_source=footer>>.

> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com> <https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com?utm_medium=email&utm_source=footer <https://groups.google.com/d/msgid/ansible-project/b3e6baa9-db30-4407-b52e-d94a08e44c3en%40googlegroups.com?utm_medium=email&utm_source=footer>>.

>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration.
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8a623692-2d05-45f2-85c0-674c835628dcn%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/8a623692-2d05-45f2-85c0-674c835628dcn%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Tony Wong]

i dont have that in my pb. 

[Tony Wong]

ok thanks a lot. finally got it working. 

[Tony Wong]

quick question. is there a way to quickly rollback ?

[Dick Visser]

quick answer: no

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f51c8f90-1806-4162-98c1-bfee6de308d4n%40googlegroups.com.