bugcy013

---
# This has been tested with ansible 1.3 with these commands:
#   ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=false"
#   ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=true"
#   ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts"
# NB: The type of the variable is crucial!

- name: Ansible Conditionals Examples
  hosts: $hosts
  vars_files:

bugcy013

#!/bin/bash

# Expect stdin to be a pipe from a resources.xml file.

xmlstarlet sel -t -m //node -v @hostname -o , -v @tags -n | grep --color -E "${1:-.*}" | cut -d , -f 1 | sed "/^$/d" | sort | uniq

bugcy013

#!/bin/sh

# setup ~/.pgpass to allow passwordless connection to postgres
# keep last 30 executions for each job
KEEP=30


cd /var/lib/rundeck/logs/rundeck

JOBS=`find . -maxdepth 3 -path "*/job/*" -type d`

bugcy013

#!/usr/bin/env python
"""
Copyright 2011 Domen Kozar. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:

   1. Redistributions of source code must retain the above copyright notice, this list of
      conditions and the following disclaimer.

bugcy013

description: 'Given user in group "ops" and for adhoc commands and jobs matching "web/.*", then allow action [read,run] on nodes tagged 'www'.
context:
  project: 'guitars-production'
for:
  resource:
    - allow: read
  job:
    - match:
        group: 'web'
        name: '.*'

bugcy013

description: 'Given user in group "releng" and for job matches "release/.*", then allow action [read,run].'
context:
  project: '(guitars-stage|guitars-production)'
for:
  resource:
    - allow: read
  job:
    - match:
        group: 'release'
        name: '.*'

bugcy013

description: 'Acess for dev in guitars-production.'
context:
  project: 'guitars-production'
for:
  resource:
    - allow: read
  job:
    - equals:
        group: 'web'
        name: 'Status'

bugcy013

(Note: I wrote this up quickly and without a lot of research, so there are probably inaccuracies. However, I wanted to put this out there in case it helps someone else hitting this issue. Github gists like this unfortunately don't have comment notifications, so if you want me to send me a comment, use my email matt@nanobeep.com and not the comments.)

Problem: Can't use sudo command-limiting in Ansible

The ability to limit sudo users to only be able to execute certain commands doesn't work with Ansible (without a workaround).

This isn't a problem if you're running Ansible as a super-user like root, but if you are allowing others to run Ansible on your systems in order to do things like application deploys, then you need a way to limit their access to the system for basic security.

For example, a line in /etc/sudoers like this:

bugcy013

'''
@desc Parse Google Drive spreadsheet data via python
@author Misha M.-Kupriyanov https://plus.google.com/104512463398531242371/
@link https://gist.github.com/3969255
'''
# Spreadsheet https://docs.google.com/spreadsheet/pub?key=0Akgh73WhU1qHdFg4UmRhaThfUFNBaFR3N3BMVW9uZmc&output=html


import logging
import urllib2

bugcy013

import numpy as np
import pandas as pd  
from functools import partial

def summary(df, fn=np.sum, axis=0, name='Total',  
            table_class_prefix='dataframe-summary'):
    """Append a summary row or column to DataFrame.

    Input:
    ------