主页 / server / 问题 / 930967
Accepted
Server Fault
Asked: 2018-09-15 11:33:48 +0800 CST

通过 Ansible 和 with_subelements 创建用户

  • 772

我正在尝试编写一个 Ansible 剧本,它允许我在已定义的服务器列表中定义一个组列表以应用于用户列表。

['mike']除了正在创建的用户是文字列表值(例如in )之外,它似乎正在接近工作/etc/passwd

我如何告诉 Ansible 使用的which_users

---
- hosts: all
  gather_facts: false
  vars:
    local_group_info:

      - name : developer group
        which_users  :
          - mike
          - george
        which_groups :
          - adm
          - www-data
        on_hosts  :
          - test.sv1.org
          - punchy.sv1.org

      - name: admin group
        which_users:
          - kelly
        which_groups:
          - sudo
        on_hosts  :
          - test.sv1.org

  tasks:
    - name: Add users to local groups if current host matches
      when: inventory_hostname in item.0.on_hosts or 'all' in item.0.on_hosts
      debug:
        msg: "user {{ item.0.which_users }} should be in group {{ item.1 }}"
      with_subelements:
        - "{{ local_group_info }}"
        - which_groups

输出:

PLAY [all] **************************************************************************************************************************

TASK [Add users to local groups if current host matches] ****************************************************************************
ok: [test.sv1.org] => (item=[{u'which_users': [u'mike', u'george'], u'name': u'developer group', u'on_hosts': [u'test.sv1.org', u'punchy.sv1.org']}, u'adm']) => {
    "msg": "user [u'mike', u'george'] should be in group adm"
}
ok: [test.sv1.org] => (item=[{u'which_users': [u'mike', u'george'], u'name': u'developer group', u'on_hosts': [u'test.sv1.org', u'punchy.sv1.org']}, u'www-data']) => {
    "msg": "user [u'mike', u'george'] should be in group www-data"
}
ok: [test.sv1.org] => (item=[{u'which_users': [u'kelly'], u'name': u'admin group', u'on_hosts': [u'test.sv1.org']}, u'sudo']) => {
    "msg": "user [u'kelly'] should be in group sudo"
}

PLAY RECAP **************************************************************************************************************************
test.sv1.org       : ok=1    changed=0    unreachable=0    failed=0
ansible

2 个回答

  1. Best Answer

    这不会像这样工作,因为您有三个项目要在两个级别中循环(第一级中的用户类列表,第二级中的 unix 组列表和用户列表)。这是 Ansible 容易变得有点复杂的部分

    您可以将其分为两部分:

    • 在组中创建用户列表的角色
    • 遍历用户类和 unix 组列表的任务。

    像这样的东西:

    1. roles/testrole/tasks/main.yml

      - name: Creating list of users in named groups
  tags: ['testing']
  debug:
      msg: "User {{ item2 }} should be in group {{ current_group }}"
  loop_control:
      loop_var: item2
  with_items:
    - "{{ current_userlist }}"

    2. your_playbook.yml

      - name:          Mimimal playbook
  hosts:         all
  tags: ['testing']

  tasks:
  - include_role:
    name:    testrole
    tags: ['testing']
    vars:
      - current_group: "{{ item.1 }}"
      - current_userlist: "{{ item.0.userlist }}"
    with_subelements:
      - "{{ userclass }}"
      - grouplist

    以及以下变量定义:

    userclass:
    - name: Testgroup 1
      userlist:
          - homer
          - bart
      grouplist:
          - adm
    - name: Testgroup 2
      userlist:
          - lisa
          - maggie
          - marge
      grouplist:
          - exec
          - board

    这导致以下结果:

    PLAY [Mimimal playbook] ***********************************************************************************************************************************************************

TASK [include_role : testrole] ****************************************************************************************************************************************************

TASK [testrole : Creating list of users in named groups] **************************************************************************************************************************
ok: [ansible.example.com] => (item=homer) => {
    "msg": "User homer should be in group adm"
}
ok: [ansible.example.com] => (item=bart) => {
    "msg": "User bart should be in group adm"
}

TASK [testrole : Creating list of users in named groups] **************************************************************************************************************************
ok: [ansible.example.com] => (item=lisa) => {
    "msg": "User lisa should be in group exec"
}
ok: [ansible.example.com] => (item=maggie) => {
    "msg": "User maggie should be in group exec"
}
ok: [ansible.example.com] => (item=marge) => {
    "msg": "User marge should be in group exec"
}

TASK [testrole : Creating list of users in named groups] **************************************************************************************************************************
ok: [ansible.example.com] => (item=lisa) => {
    "msg": "User lisa should be in group board"
}
ok: [ansible.example.com] => (item=maggie) => {
    "msg": "User maggie should be in group board"
}
ok: [ansible.example.com] => (item=marge) => {
    "msg": "User marge should be in group board"
}

PLAY RECAP ************************************************************************************************************************************************************************
ansible.example.com         : ok=3    changed=0    unreachable=0    failed=0

    将存在其他变体。您可以只遍历游戏中的用户类,然后重写角色以用于with_nested用户和 unix 组。

    • 0

  2. 您可以创建一个映射(首先过滤local_group_info您在 中指定的主机的列表,然后为每个过滤的元素when连接 和 的笛卡尔积)并对其进行迭代:which_userswhich_groups

    - name: Create user to group mapping
  set_fact:
    user_group_mapping: "{{ user_group_mapping | default([]) + item.which_users | product(item.which_groups) | list }}"
  loop: "{{ local_group_info | json_query(query) }}"
  vars:
    query: "@[?contains(on_hosts, `{{ inventory_hostname }}`) || contains(on_hosts, `all`)].{which_users: which_users, which_groups: which_groups}"

- name: Add users to local groups if current host matches
  debug:
    msg: "user {{ item.0 }} should be in group {{ item.1 }}"
  loop: "{{ user_group_mapping }}"

    根据您的目标(您是要继续还是因数据不完整而失败),您可能会或可能不会将default({})过滤器添加到item.which_usersand item.which_groups

    • 0

相关问题