Getting rolling with Ansible on OSX 10.9.5

If you’re trying to leverage Ansible on OSX to control AWS instances with the ec2.py API extension (and who isn’t these days ūüėõ ) and you get something like this back:

ansible-playbook -i inventory/ec2.py playbook.yml
Traceback (most recent call last):
File “/usr/local/bin/ansible-playbook”, line 28, in
import ansible.playbook
File “/Library/Python/2.7/site-packages/ansible/playbook/__init__.py”, line 20, in
import ansible.runner
File “/Library/Python/2.7/site-packages/ansible/runner/__init__.py”, line 32, in
import jinja2
File “/Library/Python/2.7/site-packages/jinja2/__init__.py”, line 33, in
from jinja2.environment import Environment, Template
File “/Library/Python/2.7/site-packages/jinja2/environment.py”, line 13, in
from jinja2 import nodes
File “/Library/Python/2.7/site-packages/jinja2/nodes.py”, line 18, in
from jinja2.utils import Markup
File “/Library/Python/2.7/site-packages/jinja2/utils.py”, line 520, in
from markupsafe import Markup, escape, soft_unicode
ImportError: No module named markupsafe

‘And boom goes the dynamite’

A few things:

Install Xcode from the App Store. This is key, run Xcode. Running if for the first time finished the install process.

Second, install from pip like this: sudo CFLAGS=-Qunused-arguments CPPFLAGS=-Qunused-arguments pip install ansible

Even if you’ve installed it with other method, such as homebrew, run the above command.

Get the ec2.py and ec2.ini files from here: https://github.com/ansible/ansible/tree/devel/plugins/inventory (note, you can get docker, vmware, nova, etc here too)

I didn’t have issues with ansible and my DigitalOcean vms running on CentOS 6.5, controlling a bunch of CentOS 6.5 machines. And, didn’t have issues with ansible on my Mac Pro (10.9.3) controlling my CentOS DigitalOcean VMs, but when I tried to use the ec2.py API, things got ugly.

Honorable mention, do these things too because their needed or will save you headache.

put this in your ~/.bash_profile or ~/.bashrc

export AWS_ACCESS_KEY=your-aws-access-key-id
export AWS_SECRET_KEY=your-aws-secret-key

put this in your ~/.boto file (you need to make this file)
[Credentials]
export AWS_ACCESS_KEY=your-aws-access-key-id
export AWS_SECRET_KEY=your-aws-secret-key

sudo pip install boto
sudo pip install pycrypto (this will blowup if you haven’t run Xcode at least once. If you plan to use the vault feature with Ansible, then you’ll need to upgrade the pycrpto 10.9.5 ships with)

I personally have lost a lot of time on digging around looking for Ansible OSX related answers. Hopefully this helps someone.

Advertisements

sshuttle a faster way to stunnel

So this post is dedicated to VMware. Vmware, thank you for being so expensive that I’ve decided (against my morals and previous rants) to install Ubuntu MaaS on my lap stack because I refuse to pay your inflated cost for licensing. Have a nice day!

 

SO, in actuality, this post should be dedicated to Ubuntu, which makes me cringe and shiver because of this, and this and that. While researching MaaS and JuJu, both cloud tools offered from Canonical, ‘the company behind Ubuntu’ (every time I see that slogan I recall ‘my the odds ever be in your favor’ ugh). I’ll give Canonical this, those tools sets are pretty rad. But, this adventure to replace ESXi has lead me here. Sstunnel. Here’s the skinny: data over TCP instead of TCP over TCP. For you non Network wizkids (I’m no wizkid but know enough to be dangerous , TCP is a packet streaming service for lack of better explanation. Basically it incurs a lot of loss, and isn’t well suited for some task (ie mobile data connections) but all the other particulars about it are really awesome (stateful, resends, etc). Sshuttle¬†resolves this by building the tcp stream on the sending side, and just shipping the data over, and having the receiving side unpack the data into a TCP stream.

The doc in github does a better job explaining this. But, this may be a solution to not being able to have edge to edge routing in AWS for me with VPN tunnels instead.

 

More to come…

Just incase the Canonical sharks are lurking:

Disclaimer: In case you are either 1) a complete idiot; or 2) a lawyer; or 3) both, please be aware that this site is not affiliated with or approved by Canonical Limited. This site criticizes Canonical for sucking, ruining FOSS, and teaming with companies that want to see FOSS die. So, obviously, the site is not approved by Canonical. And our use of the trademarked term Ubuntu is plainly descriptive ‚ÄĒ it helps the public find this site and understand its message. VMware lawyers, just replace VMware for Canonical. And thanks for not being as evil overtly evil ¬†as Canonical.

OpenSSH pubkey gen

Found something pretty awesome today:

ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

From the ‘man ssh-keygen’

 -y      This option will read a private OpenSSH format file and print an
         OpenSSH public key to stdout.

This will let you output the public key from a private key in the ANS1 format that OpenSSH uses.

NTP on Windows Domain Controller

  1. First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:\>net stop w32time
  4. Configure the external time sources, type:¬†C:\> w32tm /config /syncfromflags:manual /manualpeerlist:‚ÄĚtime-c.nist.gov‚ÄĚ
  5. Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
  6. Start the w32time service: C:\>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing:C:\>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

Sourced from: http://defaultreasoning.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/

Dell 1950 EDAC issues

There are a few articles online about EDAC with CentOS 5.8 and higher, but none address the exact issue I was having. Hopefully this will help someone else out in the future.

I have a second Gen Dell 1950 in my studio I use for testing and general services for my office. I’m evaluating oVirt right now and ran into a particular issue. A Kernel module called EDAC is suppose to assist to detecting bad memory on systems. Nice feature, unfortunately, it seems that at least with CentOS 6 and older the Kernel module picks up the baseboard controller incorrectly as bad memory and my system hangs.
Easy fix, after installing CentOS, boot into recovery mode and add the following to this file:

/etc/modprobe.d/blacklist.conf

blacklist i5000_edac
blacklist edac_core
blacklist i3200_edac
blacklist radeaon

For me, this allowed CentOS 6.4 x86_64 to boot correctly.

Hope this helps someone.