我有一份如下的字典列表:
myvar:
- host: host1
version: 2
- host: host2
version: 5
- host: host3
version: 4
我正在尝试编写一个断言任务,当任何主机的版本 > 3 时该任务就会失败,并且我还希望失败消息包含所有此类主机。例如:
The following hosts have a version greater than 3: host2, host3
最后一部分是关键。我想显示所有未通过检查的主机,而不仅仅是第一个。谢谢。
通过为特定分支创建的 Ansible 任务,symlink我发现它在创建的 中添加了空格和引号symlink。
- name: "Symlink to git branch"
file:
src: "{{ repository }}/{{ application }}"
dest: "/path/to/my/{{ symlink_name }}"
state: link
vars:
symlink_name: >-
{% if git_branch == 'development' %}
my-development
{% elif git_branch == 'master' %}
newest
{% elif git_branch == 'hotfix' %}
my-hotfix
{% endif %}
其结果是:
root# ls -lha
' my-development ' -> /path/to/my/symlink
它基于development分支。我尝试在不同的标志之前和之后添加symlink_name,但不幸的是没有成功。
我想用 ansible 运行一个 shell 命令,它的格式如下:
command <item_1> <item_2>
并循环处理多个项目,例如:
实现这一目标的最佳方法是什么?
真挚地
我正在使用嵌套字典,并且有多个具有相同键的字典文件。字典和任务本身正在运行,但我需要添加以下条件。如果子元素的状态 == 不存在,则不要运行任务
我的字典:
qualitygate:
- qualitygate_name: QA-dev
operators:
- metric: coverage
operator: CT
error: 1
state: present
- qualitygate_name: Department-xyc
operators:
- metric: coverage
operator: CT
error: 10
state: absent
- metric: duplicated_lines
operator: GT
error: 5
state: present
使用我的任务:
- ansible.builtin.uri:
url: "{{ protocol }}://{{ server_fqdn }}/api/qualitygates/create_condition"
user: "{{ token }}"
method: POST
body_format: form-urlencoded
body:
error: "{{ item.1.error }}"
metric: "{{ item.1.metric }}"
gateName: "{{ item.0.qualitygate_name }}"
op: "{{ item.1.operator }}"
loop: "{{ qualitygate | subelements('operators', 'skip_missing=True') }}"
when: qualitygate[item]['state'] is match("present")
如何更改过滤器以仅匹配“present”值
请告知如何将一个任务的注册数据用作同一剧本中另一个任务的变量。
剧本:
---
- name: RouterOS test with API
hosts: localhost
vars:
hostname: "some_host"
username: "api"
password: "some_password"
gather_subset: all
module_defaults:
group/community.routeros.api:
hostname: "{{ hostname }}"
password: "{{ password }}"
username: "{{ username }}"
tls: true
force_no_cert: false
validate_certs: false
validate_cert_hostname: false
tasks:
- name: Add wg tuns
ignore_errors: true
community.routeros.api:
path: "interface wireguard"
add: "name={{ item.name }} listen-port={{ item.port }} comment={{ item.comment }}"
loop:
- { name: 'wg1', port: '111', comment: 'com1' }
- { name: 'wg2', port: '222', comment: 'com2' }
- { name: 'wg3', port: '333', comment: 'com3' }
- name: Get wg link-local addrs
community.routeros.api:
path: ipv6 address
extended_query:
attributes:
- address
- interface
where:
- attribute: "interface"
is: "=="
value: "{{ item.name }}"
loop:
- { name: 'wg1' }
- { name: 'wg2' }
- { name: 'wg3' }
register: extended_queryout
- name: Dump "Extended query example" output
ansible.builtin.debug:
msg: '{{ extended_queryout }}'
Playbook 正在创建 3 个(通过循环)Wireguard 接口,我需要使用这些接口的本地链接地址作为变量,如wg1.address、wg2.address、wg3.address。现在我只能看到使用以下命令生成的大量输出:
- name: Dump "Extended query example" output
ansible.builtin.debug:
msg: '{{ extended_queryout }}'
像这样:
TASK [Dump "Extended query example" output] ****************************************************************************************************************************************************************
ok: [localhost] => {
"msg": {
"changed": false,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"add": null,
"ca_path": null,
"cmd": null,
"encoding": "ASCII",
"extended_query": {
"attributes": [
"address",
"interface"
],
"where": [
{
"attribute": "interface",
"is": "==",
"or": null,
"value": "wg1"
}
]
},
"force_no_cert": false,
"hostname": "some_host",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "ipv6 address",
"port": null,
"query": null,
"remove": null,
"timeout": 10,
"tls": true,
"update": null,
"username": "api",
"validate_cert_hostname": false,
"validate_certs": false
}
},
"item": {
"name": "wg1"
},
"msg": [
{
"address": "fe80::caa4:e31c:dd63:7598/64",
"interface": "wg1"
}
]
},
{
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"add": null,
"ca_path": null,
"cmd": null,
"encoding": "ASCII",
"extended_query": {
"attributes": [
"address",
"interface"
],
"where": [
{
"attribute": "interface",
"is": "==",
"or": null,
"value": "wg2"
}
]
},
"force_no_cert": false,
"hostname": "some_host",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "ipv6 address",
"port": null,
"query": null,
"remove": null,
"timeout": 10,
"tls": true,
"update": null,
"username": "api",
"validate_cert_hostname": false,
"validate_certs": false
}
},
"item": {
"name": "wg2"
},
"msg": [
{
"address": "fe80::c0eb:fadb:2da0:50f5/64",
"interface": "wg2"
}
]
},
{
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"add": null,
"ca_path": null,
"cmd": null,
"encoding": "ASCII",
"extended_query": {
"attributes": [
"address",
"interface"
],
"where": [
{
"attribute": "interface",
"is": "==",
"or": null,
"value": "wg3"
}
]
},
"force_no_cert": false,
"hostname": "some_host",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "ipv6 address",
"port": null,
"query": null,
"remove": null,
"timeout": 10,
"tls": true,
"update": null,
"username": "api",
"validate_cert_hostname": false,
"validate_certs": false
}
},
"item": {
"name": "wg3"
},
"msg": [
{
"address": "fe80::28d1:7b9b:92:ed43/64",
"interface": "wg3"
}
]
}
],
"skipped": false
}
}
如何设置变量 wg1.address 值 fe80::caa4:e31c:dd63:7598/64、变量 wg2.address 值 fe80::c0eb:fadb:2da0:50f5/64 和 wg3.address 值 fe80::28d1:7b9b:92:ed43/64。
先感谢您。
期望看到变量 wg1.address 值 fe80::caa4:e31c:dd63:7598/64、变量 wg2.address 值 fe80::c0eb:fadb:2da0:50f5/64 和 wg3.address 值 fe80::28d1:7b9b:92:ed43/64。
我有一个默认的目标 Linux 节点umask=0077。当我运行剧本时
- name: Create folder for app
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: app_user
mode: 0755
with_items:
- "/opt/app/folder1/bin"
- "/etc/program/folder2"
参数“mode”仅适用于最后一个文件夹(bin和folder2)。根据 umask,所有父目录都具有严格权限。
如何设置父目录所需的权限(不是全部/opt或/etc仅针对链):
/opt,,,,/opt/app/opt/app/folder1/opt/app/folder1/bin/etc,,/etc/program/etc/program/folder2
我有2个包含私钥的jinja模板:
private.key(加密)private-copy.key(需包含private.key内容)private.key文件使用 ansible vault 加密,例如
ansible-vault encrypt --vault-password-file ~/.pass.txt private.key
所以它的内容如下所示:
$ANSIBLE_VAULT;1.1;AES256
123456789[...]
我正在尝试获取解密的内容private.key
-----BEGIN RSA PRIVATE KEY-----
ABCDEfgh[...]
-----END RSA PRIVATE KEY-----
里面private-copy.key(而不是它的加密值)。
我已经尝试过在里面包含 jinja 语句private-copy.key:
{% include "private.key" %}
但结果给我的是 的加密值private-copy.key而不是 的解密内容private.key。
我还知道我可以使用加密变量并将其放入 private-copy.key 中,而不是包含加密文件。为了简单起见,我想直接使用加密文件(在证书更新时,我们得到一个文件,我只是想直接使用它)。
我想运行包含更多清单的 Ansible 剧本,我知道可以通过在每个 inventory -i 命令之前指定来完成。但我在两个不同的清单中有一个同名的组,但组中的主机不同。是否可以在不修改清单的情况下将两个清单中的所有机器作为目标?
我无法尝试,因为机器现在不可用,我想知道是否有可能
我正在尝试在 Ansible 中创建一个数组,其中包含我的帐户中启用的所有支持 FSx for NetApp ONTAP(FSxN)的 AWS 区域。
我知道我可以使用以下命令获取我的帐户上启用的区域列表:
- name: Get all the opted in regions.
amazon.aws.aws_region_info:
register: region_info
- name: Just get region names
set_fact:
opted_in_regions: "{{ [item.region_name] + opted_in_regions }}"
loop: "{{ region_info.regions }}"
但有时,通常是当一个新地区上线时,有些地区不支持 FSxN。
我发现了解哪些地区支持特定服务的唯一方法是从下载价格指南https://api.regional-table.region-services.aws.a2z.com/index.json并查找将“Amazon FSx for NetApp ONTAP”作为“aws:serviceName”的地区。该文件的格式为:
{
"prices": [
{
"attributes": {
"aws:region": "ap-east-1",
"aws:serviceName": "Amazon Translate",
"aws:serviceUrl": "https://aws.amazon.com/translate/"
},
"id": "translate:ap-east-1"
},
{
"attributes": {
"aws:region": "ap-northeast-1",
"aws:serviceName": "Amazon Translate",
"aws:serviceUrl": "https://aws.amazon.com/translate/"
},
"id": "translate:ap-northeast-1"
},
因此,我所做的是使用文件内容创建变量:
- name: Get the capabilities of all regions.
set_fact:
regions_capabilities: "{{lookup('ansible.builtin.url', 'https://api.regional-table.region-services.aws.a2z.com/index.json', split_lines=false)}}"
然后下一个“任务”是循环遍历所有值并将字段中具有特定字符串的值添加到另一个数组中aws:serviceName。
- name: Get the intersection of opted in regions and regions that support FSxN.
when: item['attributes']['aws:serviceName'] == "Amazon FSx for NetApp ONTAP" and item['attributes']['aws:region'] in opted_in_regions
set_fact:
fsxnRegions: "{{ [item['attributes']['aws:region']] + fsxnRegions }}"
loop: "{{ regions_capabilities.prices }}"
虽然有效,但该语句会在输出中when:生成很多(数千)行。而且速度非常慢。skipping...
因此,问题是,是否有更好的方法来创建支持 FSxN 的区域数组?如果没有,我该如何隐藏该skipping消息,但仅限于此任务?
以下是完整的 Ansible 剧本:
# Title: generate report
---
- hosts: localhost
collections:
- amazon.aws
gather_facts: false
name: Playbook to generate a report on all the FSxNs
vars:
fsxnRegions: []
opted_in_regions: []
tasks:
- name: Get all the opted in regions.
amazon.aws.aws_region_info:
register: region_info
- name: Just get region names
set_fact:
opted_in_regions: "{{ [item.region_name] + opted_in_regions }}"
loop: "{{ region_info.regions }}"
- name: Get the capabilities of all regions.
set_fact:
regions_capabilities: "{{lookup('ansible.builtin.url', 'https://api.regional-table.region-services.aws.a2z.com/index.json', split_lines=false)}}"
- name: Get the intersection of opted in regions and regions that support FSxN.
when: item['attributes']['aws:serviceName'] == "Amazon FSx for NetApp ONTAP" and item['attributes']['aws:region'] in opted_in_regions
set_fact:
fsxnRegions: "{{ [item['attributes']['aws:region']] + fsxnRegions }}"
loop: "{{ regions_capabilities.prices }}"
- name: Output
debug:
msg: "fsxnRegions={{ fsxnRegions }}"
我在一台使用 Ansible 的主机上运行了一个脚本 (opnsense install)。我想等待 ssh 服务变得无法访问(表明 opnsense 已重新启动主机),然后再次可用(表明主机已恢复)。第二部分很容易,第一部分不起作用。这是我尝试过的一件事:
- name: Wait for ssh to stop listening
wait_for:
host: '{{ ansible_host }}'
port: '{{ port_ssh }}'
connect_timeout: 5
delay: 10
delegate_to: localhost
register: result
retries: 30
until: result is failed
等待 ssh 停止监听的干净方法是什么,或者在启动之前确保主机已关闭?我不想手动重新启动,因为 opnsense 安装脚本在完成后会执行此操作。