问题[ansible](coding)

通过为特定分支创建的 Ansible 任务，symlink我发现它在创建的 中添加了空格和引号symlink。

- name: "Symlink to git branch"
  file:
    src: "{{ repository }}/{{ application }}"
    dest: "/path/to/my/{{ symlink_name }}"
    state: link
  vars:
    symlink_name: >-
      {% if git_branch == 'development' %}
      my-development
      {% elif git_branch == 'master' %}
      newest
      {% elif git_branch == 'hotfix' %}
      my-hotfix
      {% endif %}

其结果是：

root# ls -lha
' my-development ' -> /path/to/my/symlink

它基于development分支。我尝试在不同的标志之前和之后添加symlink_name，但不幸的是没有成功。

我想用 ansible 运行一个 shell 命令，它的格式如下：

command <item_1> <item_2>

并循环处理多个项目，例如：

• <项目_1_v1> <项目_2_v1>
• <项目_1_v2> <项目_2_v2>

实现这一目标的最佳方法是什么？

真挚地

我正在使用嵌套字典，并且有多个具有相同键的字典文件。字典和任务本身正在运行，但我需要添加以下条件。如果子元素的状态 == 不存在，则不要运行任务

我的字典：

qualitygate:
  - qualitygate_name: QA-dev
    operators:
      - metric: coverage
        operator: CT
        error: 1
        state: present
  - qualitygate_name: Department-xyc
    operators:
      - metric: coverage
        operator: CT
        error: 10
        state: absent
      - metric: duplicated_lines
        operator: GT
        error: 5
        state: present

使用我的任务：

- ansible.builtin.uri:
    url: "{{ protocol }}://{{ server_fqdn }}/api/qualitygates/create_condition"
    user: "{{ token }}"
    method: POST
    body_format: form-urlencoded
    body:
        error: "{{ item.1.error }}"
        metric: "{{ item.1.metric }}"
        gateName: "{{ item.0.qualitygate_name }}"
        op: "{{ item.1.operator }}"
  loop: "{{ qualitygate | subelements('operators', 'skip_missing=True') }}"
  when: qualitygate[item]['state'] is match("present")

如何更改过滤器以仅匹配“present”值

请告知如何将一个任务的注册数据用作同一剧本中另一个任务的变量。

剧本：

---
- name: RouterOS test with API
  hosts: localhost
  vars:
    hostname: "some_host"
    username: "api"
    password: "some_password"
    gather_subset: all
  module_defaults:
    group/community.routeros.api:
      hostname: "{{ hostname }}"
      password: "{{ password }}"
      username: "{{ username }}"
      tls: true
      force_no_cert: false
      validate_certs: false
      validate_cert_hostname: false
  tasks:

  - name: Add wg tuns
    ignore_errors: true
    community.routeros.api:
      path: "interface wireguard"
      add: "name={{ item.name }} listen-port={{ item.port }} comment={{ item.comment }}"
    loop:
      - { name: 'wg1', port: '111', comment: 'com1' }
      - { name: 'wg2', port: '222', comment: 'com2' }
      - { name: 'wg3', port: '333', comment: 'com3' }

  - name: Get wg link-local addrs
    community.routeros.api:
      path: ipv6 address
      extended_query:
        attributes:
          - address
          - interface
        where:
          - attribute: "interface"
            is: "=="
            value: "{{ item.name }}"
    loop:
      - { name: 'wg1' }
      - { name: 'wg2' }
      - { name: 'wg3' }
    register: extended_queryout

  - name: Dump "Extended query example" output
    ansible.builtin.debug:
      msg: '{{ extended_queryout }}'

Playbook 正在创建 3 个（通过循环）Wireguard 接口，我需要使用这些接口的本地链接地址作为变量，如wg1.address、wg2.address、wg3.address。现在我只能看到使用以下命令生成的大量输出：

  - name: Dump "Extended query example" output
    ansible.builtin.debug:
      msg: '{{ extended_queryout }}'

像这样：

TASK [Dump "Extended query example" output] ****************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": {
        "changed": false,
        "msg": "All items completed",
        "results": [
            {
                "ansible_loop_var": "item",
                "changed": false,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "add": null,
                        "ca_path": null,
                        "cmd": null,
                        "encoding": "ASCII",
                        "extended_query": {
                            "attributes": [
                                "address",
                                "interface"
                            ],
                            "where": [
                                {
                                    "attribute": "interface",
                                    "is": "==",
                                    "or": null,
                                    "value": "wg1"
                                }
                            ]
                        },
                        "force_no_cert": false,
                        "hostname": "some_host",
                        "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                        "path": "ipv6 address",
                        "port": null,
                        "query": null,
                        "remove": null,
                        "timeout": 10,
                        "tls": true,
                        "update": null,
                        "username": "api",
                        "validate_cert_hostname": false,
                        "validate_certs": false
                    }
                },
                "item": {
                    "name": "wg1"
                },
                "msg": [
                    {
                        "address": "fe80::caa4:e31c:dd63:7598/64",
                        "interface": "wg1"
                    }
                ]
            },
            {
                "ansible_loop_var": "item",
                "changed": false,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "add": null,
                        "ca_path": null,
                        "cmd": null,
                        "encoding": "ASCII",
                        "extended_query": {
                            "attributes": [
                                "address",
                                "interface"
                            ],
                            "where": [
                                {
                                    "attribute": "interface",
                                    "is": "==",
                                    "or": null,
                                    "value": "wg2"
                                }
                            ]
                        },
                        "force_no_cert": false,
                        "hostname": "some_host",
                        "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                        "path": "ipv6 address",
                        "port": null,
                        "query": null,
                        "remove": null,
                        "timeout": 10,
                        "tls": true,
                        "update": null,
                        "username": "api",
                        "validate_cert_hostname": false,
                        "validate_certs": false
                    }
                },
                "item": {
                    "name": "wg2"
                },
                "msg": [
                    {
                        "address": "fe80::c0eb:fadb:2da0:50f5/64",
                        "interface": "wg2"
                    }
                ]
            },
            {
                "ansible_loop_var": "item",
                "changed": false,
                "failed": false,
                "invocation": {
                    "module_args": {
                        "add": null,
                        "ca_path": null,
                        "cmd": null,
                        "encoding": "ASCII",
                        "extended_query": {
                            "attributes": [
                                "address",
                                "interface"
                            ],
                            "where": [
                                {
                                    "attribute": "interface",
                                    "is": "==",
                                    "or": null,
                                    "value": "wg3"
                                }
                            ]
                        },
                        "force_no_cert": false,
                        "hostname": "some_host",
                        "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                        "path": "ipv6 address",
                        "port": null,
                        "query": null,
                        "remove": null,
                        "timeout": 10,
                        "tls": true,
                        "update": null,
                        "username": "api",
                        "validate_cert_hostname": false,
                        "validate_certs": false
                    }
                },
                "item": {
                    "name": "wg3"
                },
                "msg": [
                    {
                        "address": "fe80::28d1:7b9b:92:ed43/64",
                        "interface": "wg3"
                    }
                ]
            }
        ],
        "skipped": false
    }
}

如何设置变量 wg1.address 值 fe80::caa4:e31c:dd63:7598/64、变量 wg2.address 值 fe80::c0eb:fadb:2da0:50f5/64 和 wg3.address 值 fe80::28d1:7b9b:92:ed43/64。

先感谢您。

期望看到变量 wg1.address 值 fe80::caa4:e31c:dd63:7598/64、变量 wg2.address 值 fe80::c0eb:fadb:2da0:50f5/64 和 wg3.address 值 fe80::28d1:7b9b:92:ed43/64。

我有一个默认的目标 Linux 节点umask=0077。当我运行剧本时

- name: Create folder for app
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: app_user
    mode: 0755
  with_items:
    - "/opt/app/folder1/bin"
    - "/etc/program/folder2"

参数“mode”仅适用于最后一个文件夹（bin和folder2）。根据 umask，所有父目录都具有严格权限。

如何设置父目录所需的权限（不是全部/opt或/etc仅针对链）：

1. /opt，，，，/opt/app​/opt/app/folder1​/opt/app/folder1/bin
2. /etc，，/etc/program​/etc/program/folder2

我有2个包含私钥的jinja模板：

• private.key（加密）
• private-copy.key（需包含private.key内容）

private.key文件使用 ansible vault 加密，例如

ansible-vault encrypt --vault-password-file ~/.pass.txt private.key

所以它的内容如下所示：

$ANSIBLE_VAULT;1.1;AES256
123456789[...]

我正在尝试获取解密的内容private.key

-----BEGIN RSA PRIVATE KEY-----
ABCDEfgh[...]
-----END RSA PRIVATE KEY-----

里面private-copy.key（而不是它的加密值）。

我已经尝试过在里面包含 jinja 语句private-copy.key：

{% include "private.key" %}

但结果给我的是 的加密值private-copy.key而不是 的解密内容private.key。

我还知道我可以使用加密变量并将其放入 private-copy.key 中，而不是包含加密文件。为了简单起见，我想直接使用加密文件（在证书更新时，我们得到一个文件，我只是想直接使用它）。

我想运行包含更多清单的 Ansible 剧本，我知道可以通过在每个 inventory -i 命令之前指定来完成。但我在两个不同的清单中有一个同名的组，但组中的主机不同。是否可以在不修改清单的情况下将两个清单中的所有机器作为目标？

我无法尝试，因为机器现在不可用，我想知道是否有可能

我正在尝试在 Ansible 中创建一个数组，其中包含我的帐户中启用的所有支持 FSx for NetApp ONTAP（FSxN）的 AWS 区域。

我知道我可以使用以下命令获取我的帐户上启用的区域列表：

    - name: Get all the opted in regions.
      amazon.aws.aws_region_info:
      register: region_info

    - name: Just get region names
      set_fact:
        opted_in_regions: "{{ [item.region_name] + opted_in_regions }}"
      loop: "{{ region_info.regions }}"

但有时，通常是当一个新地区上线时，有些地区不支持 FSxN。

我发现了解哪些地区支持特定服务的唯一方法是从下载价格指南https://api.regional-table.region-services.aws.a2z.com/index.json并查找将“Amazon FSx for NetApp ONTAP”作为“aws：serviceName”的地区。该文件的格式为：

{
  "prices": [
    {
      "attributes": {
        "aws:region": "ap-east-1",
        "aws:serviceName": "Amazon Translate",
        "aws:serviceUrl": "https://aws.amazon.com/translate/"
      },
      "id": "translate:ap-east-1"
    },
    {
      "attributes": {
        "aws:region": "ap-northeast-1",
        "aws:serviceName": "Amazon Translate",
        "aws:serviceUrl": "https://aws.amazon.com/translate/"
      },
      "id": "translate:ap-northeast-1"
    },

因此，我所做的是使用文件内容创建变量：

    - name: Get the capabilities of all regions.
      set_fact:
        regions_capabilities: "{{lookup('ansible.builtin.url', 'https://api.regional-table.region-services.aws.a2z.com/index.json', split_lines=false)}}"

然后下一个“任务”是循环遍历所有值并将字段中具有特定字符串的值添加到另一个数组中aws:serviceName。

    - name: Get the intersection of opted in regions and regions that support FSxN.
      when: item['attributes']['aws:serviceName'] == "Amazon FSx for NetApp ONTAP" and item['attributes']['aws:region'] in opted_in_regions
      set_fact:
        fsxnRegions: "{{ [item['attributes']['aws:region']] + fsxnRegions }}"
      loop: "{{ regions_capabilities.prices }}"

虽然有效，但该语句会在输出中when:生成很多（数千）行。而且速度非常慢。skipping...

因此，问题是，是否有更好的方法来创建支持 FSxN 的区域数组？如果没有，我该如何隐藏该skipping消息，但仅限于此任务？

以下是完整的 Ansible 剧本：

# Title: generate report
---
- hosts: localhost
  collections:
    - amazon.aws
  gather_facts: false
  name: Playbook to generate a report on all the FSxNs
  vars:
    fsxnRegions: []
    opted_in_regions: []

  tasks:
    - name: Get all the opted in regions.
      amazon.aws.aws_region_info:
      register: region_info

    - name: Just get region names
      set_fact:
        opted_in_regions: "{{ [item.region_name] + opted_in_regions }}"
      loop: "{{ region_info.regions }}"

    - name: Get the capabilities of all regions.
      set_fact:
        regions_capabilities: "{{lookup('ansible.builtin.url', 'https://api.regional-table.region-services.aws.a2z.com/index.json', split_lines=false)}}"

    - name: Get the intersection of opted in regions and regions that support FSxN.
      when: item['attributes']['aws:serviceName'] == "Amazon FSx for NetApp ONTAP" and item['attributes']['aws:region'] in opted_in_regions
      set_fact:
        fsxnRegions: "{{ [item['attributes']['aws:region']] + fsxnRegions }}"
      loop: "{{ regions_capabilities.prices }}"

    - name: Output
      debug:
        msg: "fsxnRegions={{ fsxnRegions }}"

我在一台使用 Ansible 的主机上运行了一个脚本 (opnsense install)。我想等待 ssh 服务变得无法访问（表明 opnsense 已重新启动主机），然后再次可用（表明主机已恢复）。第二部分很容易，第一部分不起作用。这是我尝试过的一件事：

- name: Wait for ssh to stop listening
  wait_for:
    host: '{{ ansible_host }}'
    port: '{{ port_ssh }}'
    connect_timeout: 5
    delay: 10
  delegate_to: localhost
  register: result
  retries: 30
  until: result is failed

等待 ssh 停止监听的干净方法是什么，或者在启动之前确保主机已关闭？我不想手动重新启动，因为 opnsense 安装脚本在完成后会执行此操作。

我正在尝试获取具有最多可用空间的 VMware 数据存储，然后使用它的 URL 在 Kubernetes 集群中创建存储类。

我正在使用模块获取信息vmware_datastore_info，如下所示：

--- 
- name: Gather info from ESXi datacenter
  hosts: localhost 
  gather_facts: false 
 
  tasks: 
  - name: Gather info from ESXi datastore 
    vmware_datastore_info: 
      hostname: '{{ vcenter_server }}' 
      username: '{{ username }}' 
      password: '{{ password }}' 
      datacenter_name: '{{ datacenter_name }}' 
      validate_certs: false 
    delegate_to: localhost 
    register: info 

  - debug: var=info.datastores

示例info.datastores结果

{
    "msg": [
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154511257600,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_078",
            "provisioned": 1596981248,
            "type": "VMFS",
            "uncommitted": 0,
            "url": "ds:///vmfs/volumes/64e55997-3946cc08-ce62-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154341388288,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_075",
            "provisioned": 11265900544,
            "type": "VMFS",
            "uncommitted": 9499049984,
            "url": "ds:///vmfs/volumes/64e5595d-02d66360-bf73-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154511257600,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_077",
            "provisioned": 1596981248,
            "type": "VMFS",
            "uncommitted": 0,
            "url": "ds:///vmfs/volumes/64e55986-d2d1286a-5c00-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154079244288,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_067",
            "provisioned": 2943352832,
            "type": "VMFS",
            "uncommitted": 914358272,
            "url": "ds:///vmfs/volumes/60743b62-a519d76c-1d48-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154511257600,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_074",
            "provisioned": 1596981248,
            "type": "VMFS",
            "uncommitted": 0,
            "url": "ds:///vmfs/volumes/64e5594a-07107de8-1823-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 5154511257600,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_072",
            "provisioned": 1596981248,
            "type": "VMFS",
            "uncommitted": 0,
            "url": "ds:///vmfs/volumes/64e5591a-1ed49f04-2a09-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "DDA_SPIT_013_002",
            "freeSpace": 4399479914496,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_071",
            "provisioned": 1383218544640,
            "type": "VMFS",
            "uncommitted": 626590220288,
            "url": "ds:///vmfs/volumes/64e558fc-6a916ba4-82d3-9440c96b1102/"
        },
        {
            "accessible": true,
            "capacity": 5156108238848,
            "datastore_cluster": "CZCHO_SPIT_013_002",
            "freeSpace": 3060709457920,
            "maintenanceMode": "normal",
            "multipleHostAccess": true,
            "name": "LIT013_070",
            "provisioned": 2428559687680,
            "type": "VMFS",
            "uncommitted": 333160906752,
            "url": "ds:///vmfs/volumes/6346c446-6219e6bc-f0a7-9440c96b1102/"
        }
    ]
}

我怎样才能datastores.url从这个结果中只得到一个？