主页 / unix / 问题 / 707196
Accepted
OmiPenguin
Asked: 2022-06-23 23:16:14 +0800 CST

Ansible - 如何根据条件重新启动服务器?

  • 772

我编写了在 Linux 服务器上应用安全补丁的剧本,剩下的唯一部分就是编写任务以重新启动已修补的服务器。

以下是应用补丁的任务内容

- name: Deploying Security Packages                              
  shell: "yum update --security -y"                              
  register: progress                                             
  when: deploypackages == "y"                                    
                                                                 
- name: Installed Packages                                       
  debug:                                                         
    msg: "{{ progress.stdout_lines | regex_search('complete') }}"
  #when: progress.changed | regex_search('complete')

我正在寻找一个过滤器来在输出中查找已注册变量中的单词,如果是completedkernel然后重新启动服务器。

谢谢

尝试 1 - 失败

出于测试目的,我已更改kernelxz-libs,但达到when条件时失败。

---
- name: Deploying Security Packages
  #shell: "yum update --security -y"
  yum:
    name: '*'
    state: latest
    security: yes
  register: yum_update
  when: deploypackages == "y"

- name: Installed Packages
  debug:
    msg: " Packages installed Successfully "
  when:
    - yum_update.changed
    - yum_update.stdout | regex_search('xz-libs', ignorecase=True ) is not none

它给出了这个错误

TASK [deploying_security_updates : Deploying Security Packages] **********************
changed: [192.168.8.26]

    TASK [deploying_security_updates : Installed Packages] *******************************
    fatal: [192.168.8.26]: FAILED! => {"msg": "The conditional check 'yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none' failed. The error was: nothing to repeat\n\nThe error appears to be in '/home/sysadmin/ansible_files/play-security-update/roles/deploying_security_updates/tasks/main.yaml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Installed Packages\n  ^ here\n"}

调试

- name: Deploying Security Packages                                                
  yum:                                                                             
    name: '*'                                                                      
    state: latest                                                                  
    security: yes                                                                  
  register: yum_update                                                             
  when: deploypackages == "y"                                                      
                                                                                   
- name: Installed Packages                                                         
  debug:                                                                           
    #msg: " Packages installed Successfully "                                      
    msg: " {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}"    
  #when:                                                                           
  #  - yum_update.changed                                                          
  #  - yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none 



Do you want to deploy Packages: y

PLAY [To Apply Security Patches on Linux Servers] *******************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [192.168.8.26]

TASK [Condition Failed! Wrong User Input] ***************************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [check_for_updates : Looking for Package Updates] **************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [check_for_updates : Printing Available Updates] ***************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [deploying_security_updates : Deploying Security Packages] *****************************************************************************************************************************************************************************
changed: [192.168.8.26]

TASK [deploying_security_updates : Installed Packages] **************************************************************************************************************************************************************************************
fatal: [192.168.8.26]: FAILED! => {"msg": "Unexpected templating type error occurred on ( {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}): expected string or buffer"}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26               : ok=2    changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0

调试输出

ok: [192.168.8.26] => {
    "msg": {
        "changed": true,
        "changes": {
            "installed": [],
            "updated": [
                [
                    "xz",
                    "5.2.2-2.el7_9.x86_64 from rhel-remote"
                ],
                [
                    "xz-libs",
                    "5.2.2-2.el7_9.x86_64 from rhel-remote"
                ]
            ]
        },
        "failed": false,
        "msg": "",
        "rc": 0,
        "results": [
            "Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n              : manager\nThis system is not registered with an entitlement server. You can use subscription-manager to register.\n --> device-mapper-persistent-data-0.7.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 from rhel-remote removed (updateinfo)\n --> libgnomekbd-3.26.0-3.el7.x86_64 from rhel-remote removed (updateinfo)\n --> cryptsetup-python-2.0.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gstreamer-plugin-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> libstoragemgmt-1.6.2-4.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gtk3-module-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> 7:device-mapper-event-1.02.149-8.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> setroubleshoot-plugins-3.0.67-3.el7.noarch from @anaconda/7.6 removed (updateinfo)\n --> libdrm-2.4.91-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> mesa-dri-drivers-18.3.4-12.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> subscription-manager-plugin-container-1.24.51-1.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> firewalld-0.6.3-13.el7_9.noarch from rhel-remote removed (updateinfo)\n --> gdb-7.6.1-114.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> grubby-8.28-26.el7.x86_64 from rhel-remote removed (updateinfo)\n --> hostname-3.13-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 32:bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64 from rhel-remote removed (updateinfo)\n --> abrt-dbus-2.1.11-52.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> unzip-6.0-21.el7.x86_64 from @rhel-remote removed (updateinfo)\n
 Package xz-libs.x86_64 0:5.2.2-2.el7_9 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch           Version               Repository           Size\n================================================================================\nUpdating:\n xz              x86_64         5.2.2-2.el7_9         rhel-remote         229 k\n xz-libs         x86_64         5.2.2-2.el7_9         rhel-remote         103 k\n\nTransaction Summary\n================================================================================\nUpgrade  2 Packages\n\nTotal download size: 332 k\nDownloading packages:\nNo Presto metadata available for rhel-remote\n--------------------------------------------------------------------------------\nTotal                                              1.3 MB/s | 332 kB  00:00     \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Updating   : xz-libs-5.2.2-2.el7_9.x86_64                                 1/4 \n  Updating   : xz-5.2.2-2.el7_9.x86_64                                      2/4 \n  Cleanup    : xz-5.2.2-1.el7.x86_64                                        3/4 \n  Cleanup    : xz-libs-5.2.2-1.el7.x86_64                                   4/4 \n  Verifying  : xz-libs-5.2.2-2.el7_9.x86_64                                 1/4 \n  Verifying  : xz-5.2.2-2.el7_9.x86_64                                      2/4 \n  Verifying  : xz-libs-5.2.2-1.el7.x86_64                                   3/4 \n  Verifying  : xz-5.2.2-1.el7.x86_64                                        4/4 \n\nUpdated:\n  xz.x86_64 0:5.2.2-2.el7_9            xz-libs.x86_64 0:5.2.2-2.el7_9           \n\nComplete!\n"
        ]
    }
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26               : ok=3    changed=1    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0
text-processing ansible

2 个回答

  1. Best Answer

    要检查任务是否完成并且输出中提到了内核一词,您将获得以下任务:

    - name: "Deploying Security Packages"
  ansible.builtin.yum:
    name: '*'
    security: yes
    state: latest
  register: yum_update

- name: "Just debug for now"
  ansible.builtin.debug:
    msg: "This should be a reboot"
  when:
    - yum_update.changed
    - (yum_update.results[0] | regex_search('kernel')) is not none

    -带有 when的两个表示逻辑AND,因此更新应该被更改并因此完成,否则它将失败,并且在 stdout 的输出中应该有单词匹配内核。如果该词不存在,则检查将none根据文档输出 a 。

    • 1

  2. 请注意,不仅在安装新内核之后可能需要重新启动,而且在更新微码、glibc、SSL 库等之后也可能需要重新启动。因此,更多的事件将需要重新启动并且也需要检查。

    在 RHEL 中,有一些基于本地 OS 包管理器的实用程序可用,例如yum-utils,其中包含一个needs-restarting脚本,用于查询在应用更新后是否需要这样做。

    示例(基于 RHEL 7)

    解决依赖关系后

    - name: Install basic admin tools
  yum:
    name: yum-utils
    state: latest

    检查很简单

    - name: Check if reboot_required
  shell:
    cmd: "needs-restarting -r"
  changed_when: false
  failed_when: reboot_required.rc != 0 and reboot_required.rc != 1
  check_mode: false
  register: reboot_required

- name: Report reboot_required
  debug:
    msg: "{{  reboot_required.rc | bool }} "
  changed_when: reboot_required.rc == 1
  check_mode: false

    并导致输出

    TASK [Report reboot_required] **************************************************
ok: [test1.example.com] => {
    "msg": "True "
}
ok: [test2.example.com] => {
    "msg": "False "
}

    用于检查是否需要重新启动的软件包也可用于其他发行版。

    类似问答

    此外,根据基础架构和环境,例如,可以通过 cronjobs 将重启完全自动化到系统中

    # Reboot cron job
# /etc/cron.d/

# mm hh dom mon dow user command
  59  0   *   *   * root needs-restarting -r || /usr/sbin/shutdown --no-wall -r +1
    • 1

相关问题