我收到了一条有关 Ansible 的奇怪消息。

在 RHEL 9 服务器上，我可以通过 shell 命令行加入我们的域

realm join example.xyz --user=svc-ansible --computer-ou="OU=Linux Servers, OU=Servers, OU=ACME, OU=Units, DC=example, DC=xyz"

完成后，我可以通过 成功更改用户，其中“johndoe”是在 AD 中定义的用户，属于文件中定义的 AD 组。因此配置似乎有效。su - [email protected]simple_allow_groups/etc/sssd/sssd.conf

此后，我预先运行realm leave example.xyz --remove -U 'svc-ansible'并realm list检查该服务器是否不再位于域中。

但是，当我通过 AWX 运行如下所示的 Ansible 剧本时

(...)

- name: Set staging_ou
  ansible.builtin.set_fact:
    staging_ou: "OU=Linux Servers, OU=Servers, OU=ACME, OU=Units, DC=example, DC=xyz"

- name: Realm join into domain
  ansible.builtin.expect:
    command: /bin/bash -c 'realm join {{ domain }} --user={{ ad_join_user }} --computer-ou="{{ staging_ou }}"'
    responses:
      Password.*: "{{ ad_join_password }}"
    timeout: 120

(...)

我收到以下错误：

任务 [playbook_ad_join：Realm 加入域] ************************************ 致命：[myrhel9server]：失败！ => {"changed": true, "cmd": "/bin/bash -c 'realm join example.xyz --user=svc-ansible --computer-ou="OU=Linux Servers, OU=Servers, OU=ACME, OU=Units, DC=example, DC=xyz"'", "delta": "0:00:00.152467", "end": "2024-11-13 11:45:09.577079", "msg": "非零返回码", "rc": 1, "start": "2024-11-13 11:45:09.424612", "stdout": "realm: 已加入此域\r\n请查看\r\n https://red.ht/support_rhel_ad \r\n以获取常见问题的帮助。", "stdout_lines": ["realm:已加入此域”、“请检查”、“https://red.ht/support_rhel_ad”、“以获取常见问题的帮助。”]}

Arealm list确认服务器确实位于 example.xyz 域中，并返回与我realm join ...通过 shell 运行命令时相同的输出。但是，我无法su再向 AD 用户发出请求：尝试这样做会返回错误

su：用户[email protected]不存在或用户条目不包含所有必填字段

错误消息中引用的链接没有帮助。

可能出了什么问题？

编辑 1：通过 shell 运行与通过 ansible 运行相同的命令，即

/bin/bash -c 'realm join example.xyz (...) '

对于运行来说没有任何改变realm join example.xyz (...)（参见文章顶部）。

剧本中的其他任务仅修改了几个配置文件：

/etc/krb5.conf
/etc/sssd/sssd.conf
/usr/local/bin/sss_ssh_authorizedkeys_ad
/etc/ssh/sshd_config 

并安装一些软件包。这些并不重要，因为配置已经收敛。我删除了重新启动realmd守护进程的一行，因为它可能是导致问题的原因，但什么都没有改变。

感谢您花时间观看，

我最近将 3 台服务器从 AlmaLinux 8 升级到 AlmaLinux 9（AlmaLinux 项目 ELevate）（两年前，这些服务器从 CentOS 7 升级到 AlmaLinux 8）。升级过程非常顺利，升级后我只需要重新安装 1 个软件包 Zabbix-Agent2。我可以访问这些服务器上运行的服务，网站可以完美访问，通过 SSH，我可以毫无问题地访问系统。甚至可以毫无问题地使用 ansibleuser 进行密钥对 ssh 身份验证。但是，当我使用 ansible 在这些服务器上运行一个剧本时，该剧本在过去始终有效，并且仍然可以在我们所有其他 Ubuntu 和 AlmaLinux 机器上运行，我在有问题的 3 台机器上收到以下错误：

[ /etc/ansible ]$ ansible-playbook playbooks/update-linux.yml -C -l ClamAV -vvv
ansible-playbook [core 2.14.14]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansibleuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ansibleuser/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.18 (main, Aug 23 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
BECOME password: 
[WARNING]: Error in vault password file loading (default): A vault password must be specified to decrypt data
Vault password: 
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with yaml plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: update-linux.yml *******************************************************************************************************************************
2 plays in playbooks/update-linux.yml

PLAY [landauer] ******************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************
task path: /etc/ansible/playbooks/update-linux.yml:2
<10.1.1.22> ESTABLISH SSH CONNECTION FOR USER: ansibleuser
<10.1.1.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' 10.1.1.22 '/bin/sh -c '"'"'echo ~ansibleuser && sleep 0'"'"''
<10.1.1.22> (0, b'/home/ansibleuser\n', b'')
<10.1.1.22> ESTABLISH SSH CONNECTION FOR USER: ansibleuser
<10.1.1.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' 10.1.1.22 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ansibleuser/.ansible/tmp `"&& mkdir "` echo /home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462 `" && echo ansible-tmp-1728362452.3175566-4768-111779545868462="` echo /home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462 `" ) && sleep 0'"'"''
<10.1.1.22> (0, b'ansible-tmp-1728362452.3175566-4768-111779545868462=/home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462\n', b'')
<ClamAV> Attempting python interpreter discovery
<10.1.1.22> ESTABLISH SSH CONNECTION FOR USER: ansibleuser
<10.1.1.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' 10.1.1.22 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'python3.11'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.10'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.9'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.8'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<10.1.1.22> (0, b'PLATFORM\nLinux\nFOUND\n/usr/bin/python3.9\n/usr/bin/python3\n/usr/libexec/platform-python\n/usr/bin/python\n/usr/bin/python\nENDFOUND\n', b'')
<10.1.1.22> ESTABLISH SSH CONNECTION FOR USER: ansibleuser
<10.1.1.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' 10.1.1.22 '/bin/sh -c '"'"'/usr/bin/python3.9 && sleep 0'"'"''
<10.1.1.22> (0, b'{"platform_dist_result": [], "osrelease_content": "NAME=\\"AlmaLinux\\"\\nVERSION=\\"9.4 (Seafoam Ocelot)\\"\\nID=\\"almalinux\\"\\nID_LIKE=\\"rhel centos fedora\\"\\nVERSION_ID=\\"9.4\\"\\nPLATFORM_ID=\\"platform:el9\\"\\nPRETTY_NAME=\\"AlmaLinux 9.4 (Seafoam Ocelot)\\"\\nANSI_COLOR=\\"0;34\\"\\nLOGO=\\"fedora-logo-icon\\"\\nCPE_NAME=\\"cpe:/o:almalinux:almalinux:9::baseos\\"\\nHOME_URL=\\"https://almalinux.org/\\"\\nDOCUMENTATION_URL=\\"https://wiki.almalinux.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.almalinux.org/\\"\\n\\nALMALINUX_MANTISBT_PROJECT=\\"AlmaLinux-9\\"\\nALMALINUX_MANTISBT_PROJECT_VERSION=\\"9.4\\"\\nREDHAT_SUPPORT_PRODUCT=\\"AlmaLinux\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"9.4\\"\\nSUPPORT_END=2032-06-01\\n"}\n', b'')
Using module file /usr/lib/python3.9/site-packages/ansible/modules/setup.py
<10.1.1.22> PUT /home/ansibleuser/.ansible/tmp/ansible-local-47643ehs1jje/tmprhb1042q TO /home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462/AnsiballZ_setup.py
<10.1.1.22> SSH: EXEC scp -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' /home/ansibleuser/.ansible/tmp/ansible-local-47643ehs1jje/tmprhb1042q '[10.1.1.22]:/home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462/AnsiballZ_setup.py'
<10.1.1.22> ESTABLISH SSH CONNECTION FOR USER: ansibleuser
<10.1.1.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansibleuser"' -o ConnectTimeout=5 -o 'ControlPath="/home/ansibleuser/.ansible/cp/267bb41463"' 10.1.1.22 '/bin/sh -c '"'"'rm -f -r /home/ansibleuser/.ansible/tmp/ansible-tmp-1728362452.3175566-4768-111779545868462/ > /dev/null 2>&1 && sleep 0'"'"''
<10.1.1.22> (0, b'', b'')
fatal: [ClamAV]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via scp: Connection closed\r\n",
    "unreachable": true
}

在示例中，我使用了 ClamAV 服务器，但在另外 2 台服务器上也遇到了同样的问题。

我们设置中的其他 AlmaLinux 机器从头安装了 AlmaLinux9，并且剧本运行良好。

我还注意到，运行 DNF 时，它会给我 1 个警告： warning: Signature not supported. Hash algorithm SHA1 not available. 我已经在 redHat 上找到了一篇关于此问题的文章，其中解释说，使用命令：“update-crypto-policies --set FUTURE”，我可以将服务器设置为较新的 SHA256/512 加密策略。但随后，我失去了与该服务器的所有可能通信，除了 HTTP(s) 和物理控制台（通过 vCenter）。我认为这一定与此有关，或者我需要重新生成某些东西。但是有没有人已经找到解决方案/线程来帮助我解决这个问题？我还有 2 台服务器要做，它们对公司来说更为重要，所以不想让它们因为这个问题而受苦太久。

非常感谢您的帮助。

我使用一台 Fedora 39 机器来管理另一台 Fedora 39 机器，使用的是 Ansible 剧本。这工作正常。

我尝试使用 Ubuntu 22.04 运行相同的剧本，目标是同一台 Fedora 39 机器。它失败了。为什么会失败？

任务 [收集事实] ****************************************************************************************************************
严重错误：[alan-laptop]: 失败！=> {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"failed": true, "module_stderr": "共享连接到 alan-laptop 已关闭。
", "module_stdout": 
追踪栈 (最近的调用最后):
  文件 "/home/alan-sysop/.ansible/tmp/ansible-tmp-1716281784.2385828-132440-85599417152925/AnsiballZ_setup.py", 第 102 行, 在 <module>
    _ansiballz_main()
  文件 "/home/alan-sysop/.ansible/tmp/ansible-tmp-1716281784.2385828-132440-85599417152925/AnsiballZ_setup.py", 第 94 行, 在 _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  文件 "/home/alan-sysop/.ansible/tmp/ansible-tmp-1716281784.2385828-132440-85599417152925/AnsiballZ_setup.py", 第 37 行, 在 invoke_module
    from ansible.module_utils import basic
  文件 "/tmp/ansible_ansible.legacy.setup_payload_0vjz3har/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/basic.py", 第 176 行, 在 <module>
ModuleNotFoundError: 没有名为 'ansible.module_utils.six.moves' 的模块;
", "msg": "模块失败\n查看 stdout/stderr 获取确切的错误", "rc": 1}}, "msg": "以下模块未能执行: ansible.legacy.setup"}

我的 Ansible 包版本是 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1。

我正在运行一个命令，之后 stdout 被捕获到一个变量中。命令输出列出了由制表符分隔的值。所以我有类似的东西

var.stdout_lines: [
  "a1\tb1\tc1",
  "a2\tb2\tc2",
  "a3\tb3\tc3"
]

为了进一步处理，我想将这些行分成列表，例如

[
  [a1, b1, c1],
  [a2, b2, c2],
  [a3, b3, c3]
]

我怎样才能做到这一点？

我想使用 ansible 输出一些以制表符作为分隔符的文本

这是任务片段

- name: Create output file
  blockinfile:
    block: |
      Some text\tmore text
    path: '{{ playbook_dir }}/output.txt'
    create: true

电流输出

# BEGIN ANSIBLE MANAGED BLOCK
Some text\tmore text
# END ANSIBLE MANAGED BLOCK

期望的

# BEGIN ANSIBLE MANAGED BLOCK
Some text   more text
# END ANSIBLE MANAGED BLOCK

问题

我想使用 ansible 来配置一个虚拟盒子。这个盒子需要做很多事情，但它需要安装 R 以及一些未包含在基础 R 中的特定软件包。

我使用下面提供的 vagrant 文件创建一个新的虚拟机，然后使用 yum 安装 ansible、epel-release 和 git。然后，在该虚拟机上，我使用下面提供的“Alma Linux 8”和“Docker”剧本，然后使用我认为有问题的剧本。

然后我运行这个剧本来安装 R

---
- name: "Setup R on the local machine"
  hosts: localhost
  connection: local 
  tasks:

  # Update all installed packages

  - name: Update all packages to their latest version
    become: yes
    ansible.builtin.package:
      name: "*"
      state: latest

  # Install EPEL to get extra packages

  - name: Install EPEL
    become: yes
    ansible.builtin.package:
      name: epel-release
      state: latest

  # Enable the Code Ready Builder (CRB) repository

  - name: Install utilities to enable package repositories
    become: yes
    ansible.builtin.package:
      name: yum-utils
      state: latest

  - name: Enable the PowerTools repository
    become: yes
    shell: dnf config-manager --set-enabled powertools

  # Install R

  - name: Install R
    become: yes
    ansible.builtin.package:
      name: R
      state: latest

运行此剧本后，我可以运行命令

Rscript --slave --no-save --no-restore-history -e "print('Test')"
[1] "Test"

表明 R 至少在某种程度上发挥着作用。但是当我尝试使用它来安装软件包时，我收到此错误

Rscript --slave --no-save --no-restore-history -e "install.packages('tidyverse')"

将软件包安装到“/usr/lib64/R/library”（因为未指定“lib”） install.packages(“tidyverse”) 中出现警告：“lib =“/usr/lib64/R/library””不可写错误在 install.packages("tidyverse") 中：无法安装包执行停止

尝试修复

我尝试通过将这些行附加到上面 R 剧本的末尾来解决此问题

- name: Make directory writable
  become: yes
  file:
    path: /usr/lib64/R/library
    mode: '0777'

- name: Make directory writable
  become: yes
  file:
    path: /usr/share/doc/R/html
    mode: '0777'

手动使有问题的目录可读，但这不起作用。

参考文件

流浪文件

Vagrant.configure("2") do |config|

    config.vm.box = "almalinux/8"

    config.vm.provider "virtualbox" do |vb|
        vb.memory = "2048"
        vb.cpus = 2
    end
    
end

Ansible 手册

阿尔玛Linux 8

---
- name: "Setup AlmaLinux 8 on the local machine"
  hosts: localhost
  connection: local
  tasks:

  # Install the base operating systemctl

  - name: Update all packages to their latest versions
    become: yes
    ansible.builtin.package:
      name: '*'
      state: latest

  - name: Install virtual machine support
    become: yes
    ansible.builtin.package:
      name: open-vm-tools
      state: latest

  # Install EPEL to get extra packages

  - name: Install EPEL
    become: yes
    ansible.builtin.package:
      name: epel-release
      state: latest

码头工人

---
- name: "Setup Docker on the local machine"
  hosts: localhost
  connection: local 
  tasks:

  # Install Docker

  - name: Uninstall any older versions of Docker
    become: yes
    ansible.builtin.package:
      name:
        - docker
        - docker-client
        - docker-client-latest
        - docker-common
        - docker-latest
        - docker-latest-logrotate
        - docker-logrotate
        - docker-engine
      state: absent

  - name: Install yum-utils to install a new package repository
    become: yes
    ansible.builtin.package:
      name: yum-utils
      state: latest

  - name: Install the Docker Repository
    become: yes
    shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

  - name: Install Docker
    become: yes
    ansible.builtin.package:
      name:
        - docker-ce
        - docker-ce-cli
        - containerd.io
        - docker-buildx-plugin
        - docker-compose-plugin
      state: latest

  - name: Enable the docker service
    become: yes
    shell: systemctl enable docker

  - name: Enable the containerd service
    become: yes
    shell: systemctl enable containerd

  - name: Start the docker service
    become: yes
    shell: systemctl start docker

  - name: Start the containerd service
    become: yes
    shell: systemctl start containerd

  - name: Ensure docker group exists
    become: yes
    ansible.builtin.group:
      name: docker
      state: present

  - name: Add the vagrant user to the docker group
    become: yes
    ansible.builtin.user:
      name: vagrant
      groups: docker
      append: yes

我继承了一个类似剧本的文件，thing.yaml其中包含以下内容：

---
- include: one.yaml
- include: two.yaml

ansible-playbook我通常使用one.yamland启动 yaml 文件two.yaml，但thing.yaml被拒绝：

ERROR! 'include' is not a valid attribute for a Play

The error appears to be in '.../thing.yaml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- include: one.yaml
  ^ here

哪个命令行会吃掉包含这样的文件？

我有以下词典：

question:
  first_run:
    app:
      - answer: null
        name: first_name
        question: What is your First name?
      - answer: null
        name: last_name
        question: What is your Last name?
    core:
      - question: question1
      - question: question2

answer:
  first_name: John
  last_name: Smith

我使用以下任务手动更新question.first_run.app下的答案值，效果很好

- name: Update question variable
  set_fact:
    question:
      first_run:
        app:
          - name: first_name
            question: "What is your First name?"
            answer: "{{ answer.first_name }}"
          - name: last_name
            question: "What is your Last name?"
            answer: "{{ answer.last_name }}"

我还测试了以下任务（对于这种情况，这将是更可取的方法）

- name: "TEST-1"
  set_fact:
    question: "{{ question | combine({'first_run': {'app': question.first_run.app | map('combine', {'answer': update }) | list }}, recursive=True) }}"
  loop: "{{ question.first_run.app }}"
  vars:
    update: "{{ answer[item.name] if item.name in answer.keys() else item.answer }}"

- name: "TEST-2"
  set_fact:
    question: "{{ question | combine({'first_run': {'app': question.first_run.app | map('combine', {'answer': (answer[item.name])})}}, recursive=True) }}"
  loop: "{{ question.first_run.app }}"
  vars:c
    update: "{{ answer | dict2items | selectattr('key', 'in', [item.name]) | map(attribute='value') | first }}"
#    update: "{{ answer[item.name] }}"    # THis also works

但是 TEST-1 和 TEST-2 的输出总是这样的：

question:
  first_run:
    app:
      - answer: Smith
        name: first_name
        question: What is your First name?
      - answer: Smith
        name: last_name
        question: What is your Last name?
    core:
      - question: question1
      - question: question2

我测试的最后一个任务是：
它可以工作，但所需的结果保存在新的 var app_list 下

- name: "TEST-3"
  set_fact:
    question: "{{ question | combine({'first_run': {'app': app_list}}, recursive=True) }}"
  vars:
    app_list: []
  loop: "{{ question.first_run.app }}"
  set_fact:
    app_list: "{{ app_list + [item | combine({'answer': answer[item.name]})] }}"

问题：

我需要更新任务“更新问题变量”，这样我就不必手动放置数组question.first_run.app中的所有这些键

我如何使用循环将question.first_run.app.name与answer.key匹配，以便输出看起来像这样？最好调整 TEST-1 或 TEST-2 或 TEST-3

question:
  first_run:
    app:
      - answer: John
        name: first_name
        question: What is your First name?
      - answer: Smith
        name: last_name
        question: What is your Last name?
    core:
      - question: question1
      - question: question2

有这个ansible playbook。需要在没有事实的情况下更改它的角色。如何使用 in role/default/main.yml 为变量重写此代码

谢谢

---

- name: test my group
  hosts: my-group


  tasks:
  - name: test1 fact set
    set_fact:
         var1: 2
         var2: 3
    when: hostname is test1 

  - name: test2 fact set
    set_fact:
         var1: 3
         var2: 3
    when: hostname is test2

  - debug: var="var1 + var2"


       

       

当我尝试为该区域设置多个服务时，我看到了这个问题。
只设置了第一个，另一个总是出现以下错误：

TASK [Set services] *******************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=ssh)
failed: [localhost] (item= samba) => {"ansible_loop_var": "item", "changed": false, "item": " samba", "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_SERVICE: Zone 'work': ' samba' not among existing services Permanent operation, Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)"}

如果我切换服务并将 samba 作为第一个而不是为 ssh 生成相同的错误

主要剧本：

- name: Configure Firewalld
  hosts: localhost
  gather_facts: no

  vars:
    firewall:
    - zone: work
      service: ssh, samba
    - zone: public
      service: samba

  tasks:
  - name: Set services
    include_tasks: ./service.yml
    loop: "{{firewall | selectattr('service', 'defined') | list}}"
    loop_control:
      loop_var: service

服务剧本：

- set_fact:
    zone: "{{service.zone}}"


- name: "Servcie name"
  debug:
    var: item 
  with_items: "{{service.service | split(',')}}"


- name: Set services 
  ansible.posix.firewalld:
    zone: "{{zone}}"
    service: "{{item}}"
    state: enabled
    permanent: yes
  with_items: "{{service.service | split(',')}}"
  register: result

任何建议如何解决这个问题？