【发布时间】:2020-06-07 01:09:58
【问题描述】:
我是 ansible 新手,无法理解循环。我有以下 ansible 剧本:
---
- name: Firewall Object Group Manager
hosts: all
gather_facts: yes
tasks:
- name: Manage ASA Object Groups
asa_og:
name: TEST_ANSIBLE_GROUP_1
state: replace
group_type:
host_ip:
- 127.0.0.1
- 127.0.0.2
ip_mask:
我的目标是能够管理多个 ASA 对象组。如果没有循环,我的游戏会像这样
---
- name: Firewall Object Group Manager
hosts: all
gather_facts: yes
tasks:
- name: Manage ASA Object Groups
asa_og:
name: TEST_ANSIBLE_GROUP_1
state: replace
group_type:
host_ip:
- 127.0.0.1
- 127.0.0.2
ip_mask:
- name: Manage ASA Object Groups
asa_og:
name: TEST_ANSIBLE_GROUP_2
state: replace
group_type:
host_ip:
- 127.0.0.3
- 127.0.0.4
ip_mask:
- name: Manage ASA Object Groups
asa_og:
name: TEST_ANSIBLE_GROUP_3
state: replace
group_type:
host_ip:
- 127.0.0.5
- 127.0.0.6
ip_mask:
...等等
我对 ansible 循环的理解是我应该能够调用一次任务并循环变量。经过几个小时的研究,我的游戏现在看起来是这样的:
---
- name: Firewall Object Group Manager
hosts: all
gather_facts: yes
vars:
Object_Groups:
- name: 'TEST_ANSIBLE_GROUP'
host_ip:
- 127.0.0.1
- 127.0.0.2
group_type: 'network-object'
- name: 'TEST_ANSIBLE_GROUP_2'
host_ip:
- 127.0.0.3
- 127.0.0.4
group_type: 'network-object'
- name: 'TEST_ANSIBLE_GROUP_3'
host_ip:
- 127.0.0.5
- 127.0.0.6
group_type: 'network-object'
tasks:
- name: Manage ASA Object Groups
asa_og:
name: "{{ item.0.name }}"
state: replace
group_type: "{{ item.0.group_type }}"
host_ip: "{{ item.0.host_ip }}"
ip_mask: "{{ item.0.ip_mask | default([]) }}"
loop:
- "{{ Object_Groups }}"
这是我运行游戏时的调试:
$ ANSIBLE_STDOUT_CALLBACK=debug ansible-playbook -i inventory.yml -k stackof.yml -v -l FW01
Using /etc/ansible/ansible.cfg as config file
SSH password:
PLAY [Firewall Object Group Manager] **********************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [FW01]
TASK [Manage ASA Object Groups] ***************************************************************************************************************************************
changed: [FW01] => (item=[{u'name': u'TEST_ANSIBLE_GROUP', u'group_type': u'network-object', u'host_ip': [u'127.0.0.1', u'127.0.0.2']}, {u'name': u'TEST_ANSIBLE_GROUP_2', u'group_type': u'network-object', u'host_ip': [u'127.0.0.3', u'127.0.0.4']}, {u'name': u'TEST_ANSIBLE_GROUP_3', u'group_type': u'network-object', u'host_ip': [u'127.0.0.5', u'127.0.0.6']}]) => {
"ansible_loop_var": "item",
"changed": true,
"commands": [
"object-group network TEST_ANSIBLE_GROUP",
"network-object host 127.0.0.2",
"network-object host 127.0.0.1",
"no network-object host 127.0.0.8",
"no network-object host 127.0.0.7",
"no network-object host 127.0.0.5"
],
"item": [
{
"group_type": "network-object",
"host_ip": [
"127.0.0.1",
"127.0.0.2"
],
"name": "TEST_ANSIBLE_GROUP"
},
{
"group_type": "network-object",
"host_ip": [
"127.0.0.3",
"127.0.0.4"
],
"name": "TEST_ANSIBLE_GROUP_2"
},
{
"group_type": "network-object",
"host_ip": [
"127.0.0.5",
"127.0.0.6"
],
"name": "TEST_ANSIBLE_GROUP_3"
}
]
}
PLAY RECAP ************************************************************************************************************************************************************
FW01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
看起来 Ansible 可以看到所有变量,但它没有使用我为下一个对象组定义的变量再次运行任务,然后再次为第三个对象组定义。我似乎无法弄清楚我做错了什么。
一旦我可以正确循环变量,我的意图是将变量放在一个vars/main.yml 文件中,这样我就可以在一个地方管理所有对象组变量。
作为参考,这里是我正在使用的 Ansible 模块的链接: https://docs.ansible.com/ansible/latest/modules/asa_og_module.html#asa-og-module
【问题讨论】: