问题[ansible-playbook](server)

我正在尝试通过使用 Ansible 生成 /etc/exports 文件来动态配置系统中的多个 NFS 服务器。我希望能够使用 jinja2 模板来做到这一点。这是我根据导出列表无法确定的 jinja2 模板。

我在我的 nfs 角色中定义了以下变量：

site_nfs_servers: ['ansibletarget1', 'ansibletarget2']

exports:
  - server: "ansibletarget1"
    shares:
      - path: "/my/first/share/path"
        client: "*"
        options: "rw,sync"
      - path: "/my/second/share/path"
        client: "*"
        options: "rw,sync,root_squash"
  - server: "ansibletarget2"
    shares:
      - path: "/another/shared/path/different/server"
        client: "*"
        options: "ro,sync"

然后我有以下 ansible play 来生成模板：

- name: Generate the exports file.
  template:
    src: exports.j2
    dest: /etc/exports
    owner: root
    group: root
    mode: '0750'

我的模板目前看起来像这样：

{% for export in exports %}
{% if ansible_hostname in export.server %}
{% for share in shares %}
{{ share.path }} {{ share.client }} {{ share.options }}
{% endfor %}
{% endif %}
{% endfor %}

我认为我离正确的模板结构还差得很远。到底是如何遍历这个列表的？

我有以下任务，我无法为数组变量添加循环。 ShopID 被定义为 group_vars 内的一个数组。我的目标是一个一个地调用每个变量。

- name: Create directories with required permission
  file:
    path: "{{ item.dest }}"
    mode: "{{item.mode}}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    recurse: yes
    state: directory
  loop:
  - { dest: '/home/{{ ShopID }}', mode: '0755', owner: 'root', group: 'root' }
  - { dest: '/home/{{ ShopID }}/.ssh', mode: '0700', owner: "{{ ShopID }}", group: "{{ ShopID }}" }
  - { dest: '/home/{{ ShopID }}/to_xxx', mode: '0777', owner: "{{ ShopID }}", group: "{{ ShopID }}" }
  - { dest: '/home/{{ ShopID }}/to_xxx/known_customers', mode: '0777', owner: "{{ ShopID }}", group: "{{ ShopID }}" }

上述任务的输出是这样的 -

failed: [file.xyz.com] (item={'dest': '/home/[77712351, 77712352]/.ssh', 'mode': '0700', 'owner': [77712351, 77712352], 'group': [77712351, 77712352]}) => {"ansible_loop_var": "item", "changed": false, "gid": 0, "group": "root", "item": {"dest": "/home/[77712351, 77712352]/.ssh", "group": [77712351, 77712352], "mode": "0700", "owner": [77712351, 77712352]}, "mode": "0755", "msg": "chown failed: failed to look up user [77712351, 77712352]", "owner": "root", "path": "/home/[77712351, 77712352]/.ssh", "size": 4096, "state": "directory", "uid": 0}

我正在尝试使用以下 ansible 任务在我的 linux 机器上创建和更新目录权限，但它没有正确更改所有权：

例如：目录/home/xyz/xyz/{{ IDM }}和/home/{{ IDM }}所有权权限恢复为{{ IDM }}:{{ IDM }}

- name: create directory with loop
  file:
    path: "{{ item.dest }}"
    mode: "{{item.mode}}"
    owner: "{{ IDM }}"
    group: "{{ IDM }}"
    recurse: yes
    state: directory
  loop:
  - { dest: '/home/{{ IDM }}', mode: '0755', owner: root, group: root }
  - { dest: '/home/{{ IDM }}/.ssh', mode: '0700', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/to_xyz', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/to_xyz/known_customers', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/from_xyz', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/from_xyz/merchant_invoice', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/from_xyz/clearing', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/from_xyz/settlement_report', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/archive', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/archive/settlement_report', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/archive/clearing', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/{{ IDM }}/archive/dunning', mode: '0777', owner: "{{ IDM }}", group: "{{ IDM }}" }
  - { dest: '/home/xyz/xyz/{{ IDM }}', mode: '0755', owner: 'root', group: 'root' }

我正在尝试做这本剧本半天。我正在使用 stat 模块检查文件的 sha1sum，如果它不等于第二个文件，它应该替换正确的文件。但是在注册一些变量时，输出显示变量未定义我做错了什么？

---
- hosts: all
  remote_user: root
  tasks:
    - name: get sum of file
      stat:
        path: /home/roundcube/config.php
        checksum_algorithm: sha1
        get_checksum: yes
      register: sum      
      
      stat:
        path: /home/archive/config.php
        checksum_algorithm: sha1
        get_checksum: yes
      register: sum2
      
    - name: result
      ansible.builtin.copy:
        src: /home/archive/config.php
        dest: /home/roundcube/config.php
      when: sum.stat.checksum != sum2.stat.checksum

我已在 Mac OS 上使用自制软件将我的 ansible 设置从 ansible 2.10 升级到 ansible 2.12（从 ansible 5）。从那时起，剧本就不再产生工作成果。

- name: Assemble consul cluster
  become: true
  hosts: consul_nodes
  roles:
    - role: consul
      vars:
        consul_version: "1.11.1"
        consul_install_upgrade: true
        consul_group_name: "consul_nodes"
        consul_addresses:
          dns: !unsafe '169.254.1.1 127.0.0.1 {{  GetPrivateIP }} {{ GetInterfaceIP  \"docker0\" }}' 
          http: !unsafe '169.254.1.1 {{  GetPrivateIP }} {{ GetInterfaceIP  \"docker0\" }}' 
          https: !unsafe '127.0.0.1 {{  GetPrivateIP }}' 
          grpc: "127.0.0.1"
        consul_client_address: "169.254.1.1" 
        consul_node_role: server
        consul_bootstrap_expect_value: 3
        consul_bootstrap_expect: true

playbook 包含不应模板化的不安全变量值，因为它们的值应传递到写入磁盘的 JSON 配置文件。

在升级到 ansible 2.12 之前它工作正常

ansible [core 2.12.1]
  config file = None
  configured module search path = ['/Users/martin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/martin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.1 (main, Dec  6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True

现在剧本正在创建的整个 JSON 无效。引号 (") 转义为 (")。

我怀疑这个问题与不安全的变量有关，就像工作中的 ansible 2.10 版一样，我在不使用!unsafe. 这可能只是一个巧合。

我尝试使用 Ansible blockinfile模块插入代码行（shell 脚本）。

name: Customized prompt
blockinfile:
path: /etc/profile.d/customized_prompt.sh
create: yes
block: |

#!/bin/bash

# customized prompt normal user and root

if (( "$(id -u)" == "1000" ))
then
    PS1="[\u@\H \w]$ "
elif (( "$(id -u)" == "0" ))
then
    PS1="[\u@\H \w]# "
fi

我有这个 Ansible 错误

[admin@srvansible /etc/ansible]$ ansible-playbook playbook_prompt.yml --ask-become-pass
BECOME password: 
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
could not find expected ':'

The error appears to be in '/etc/ansible/roles/utilities/tasks/main.yml': line 14, column 4, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

if (( "$(id -u)" == "1000" ))
then
^ here

我需要帮助：）

谢谢你

我开始部署一个ansible服务器，我试图通过一个剧本（add5userslist.yaml）在客户端主机中创建5个用户，循环使用另一个文件（userslist.yaml）的列表中的变量，但不是在职的。

而且...当我尝试将此剧本与该列表一起使用时，这是 ansible 检索到的内容：

似乎问题是实际上使用的列表 ansible 甚至没有将其视为列表，但是我在 ansible 中是新的并且不知道该文件应该包含什么。

剧本代码：

- hosts: GrupoPrincipal

  tasks:
    - include_vars:
        file: /etc/ansible/playbooks/userslist.yaml
        name: userslist
    - name: Add 5 users from a list
      ansible.builtin.user:
       name: "{{ item.name }}"
       password: "{{'abc123.' | password_hash('sha512')}}"
      loop: "{{ userslist }}"

userlist.yaml 代码只是这个，是唯一起作用的东西：

name: 'user1'
name: 'user2'
name: 'user3'
name: 'user4'
name: 'user5'

@Martin 帮助我解决了上述问题，但现在我尝试使用超过 1 种项目类型，但似乎可以正常工作，这就是我获得新代码的方式

- hosts: GrupoPrincipal

  tasks:
    - include_vars:
        file: /etc/ansible/playbooks/userslist.yaml
        name: userslist

    - name: Add 5 users from a list and put them in groups
      ansible.builtin.user:
       name: "{{ item.names }}"
       groups: "{{ item.groups }}"
       password: "{{'abc123.' | password_hash('sha512')}}"
      loop:
      - { names: '{{ userslist.names }}', groups: '{{ userslist.groups }}' }

和新列表 yaml：

names:
  - user1
  - user2
  - user3
  - user4
  - user5
groups:
  - users
  - users
  - users
  - users
  - users

我想通过 shell 模块在 Ansible playbook 中运行 mysqldump。试图找到一种方法在 ansible playbook 或 Ubuntu 中隐藏我的 MySQL 根密码。

我目前有一个由 ansible-vault 加密的文件来存储我的 mysql root 密码，然后我可以将密码作为剧本中的变量调用。但我希望 crontab 每天都运行我的 ansible-playbook。因此无法手动输入保险库密码。我发现 ansible-vault 可以创建一个 Vault Password File 来存储 vault 密码，然后我们在运行 ansible-playbook 时不必手动输入密码。但是 Vault 密码文件中的内容仍然是纯文本.......

如何在 Ansible playbook 和我的 Ubuntu 系统中完全隐藏我的密码？

我对 Ansible 很陌生，感谢任何帮助！

如何使用 ad-hoc 命令过滤nocache块或块？free我试过ansible centos1 -m setup -a 'filter=ansible_memory_mb.nocache'了，但没有过滤掉。

ansible centos1 -m setup -a 'filter=ansible_memory_mb'
centos1 | SUCCESS => {
    "ansible_facts": {
        "ansible_memory_mb": {
            "nocache": {
                "free": 11808,
                "used": 926
            },
            "real": {
                "free": 10686,
                "total": 12734,
                "used": 2048
            },
            "swap": {
                "cached": 0,
                "free": 4096,
                "total": 4096,
                "used": 0
            }
        },
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false
}

所以我正在运行一个 ansible 角色，它在 defaults/role 文件夹中有一个文件 main.yml 。该文件的内容是这样的：

---
api_secrets:
  'API_PROFILE': "{{ api_profile }}"
  'SERVER_ADDRESS': "{{ server_address }}"
  'MGMT_SERVER_ADDRESS': "{{ management_server_address }}"

现在我想在 MGMT_SERVER_ADDRESS 之后包含 api_secrets 块，如下所示：

{% if '"port" in mgmt_ports' %}
'MGMT_SERVER_PORT': "{{ management_server_port1 }}"
'MGMT_SERVER_USER': "{{ user1 }}"
{% else %}
'MGMT_SERVER_PORT': "{{ management_server_port2 }}"
'MGMT_SERVER_USER': "{{ user2 }}"
{% endif %}

从这里开始，在服务器上创建一个文件，其中包含上述内容，当然用它们的实际值替换变量。

无论我如何尝试，它总是会导致不同的错误。我尝试使用“{% if ... endif %}”，也使用 ''

错误是这样的：

ERROR! Syntax Error while loading YAML.
  found character that cannot start any token

The error appears to be in '/opt/ansible/roles/api/defaults/main.yml': line 55, column 2, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

{% if '"port" in mgmt_ports' %}
 ^ here

我也试过这样：

   "{% if (port in mgmt_ports) %}
   'MGMT_SERVER_PORT': "{{ management_server_port1 }}"
   {% else %}
   'MGMT_SERVER_PORT': "{{ management_server_port2 }}"
   {% endif %}"

在这种情况下，错误是：

ERROR! Syntax Error while loading YAML.
  could not find expected ':'

The error appears to be in '/opt/ansible/roles/api/defaults/main.yml': line 56, column 24, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  "{% if (port in mgmt_ports) %}
  'MGMT_SERVER_PORT': "{{ management_server_port1 }}"
                       ^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:

    with_items:
      - {{ foo }}

Should be written as:

    with_items:
      - "{{ foo }}"

这样做的正确方法是什么？

我知道使用 jinja2 模板会更容易，但是剧本是这样创建的，我必须坚持这种方法。