Ansible with_items 循环遍历组,定义为列表
[英]Ansible with_items loop over groups, defined as a list
问题描述
I am trying to modify my ufw firewall playbook, so it would accept list of host groups from inventory, that will be allowed to connect.
我正在尝试修改我的 ufw 防火墙剧本,因此它将接受清单中的主机组列表,这将被允许连接。 It works fine for one group, but that's just not flexible enough for my needs.它适用于一组,但这对我的需求不够灵活。 But when I try this, it just won't work (I didn't expect it to work, but I just don't know, how to do it):但是当我尝试这个时,它就不起作用(我没想到它会起作用,但我只是不知道,该怎么做):
- name: allow only specified groups of servers to connect to any port
ufw:
rule: allow
src: "{{ hostvars[item]['ansible_default_ipv4']['address']}}"
with_items:
- groups.{{ ufw_allow_groups }}
Variable is defined as a list:变量被定义为一个列表:
ufw_allow_groups:
- group_of_hosts1
- group_of_hosts2
Error message:错误信息:
FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: \"hostvars['groups.['group_of_hosts1', 'group_of_hosts']']\" is undefined
Any ideas on how to accomplish that?关于如何做到这一点的任何想法? Thanks for any input!感谢您的任何意见!
1 个解决方案
解决方案1
0 已采纳 2020-04-06 14:28:53
I think working with only one group is flexible enough.我认为只与一个小组合作就足够灵活了。 Simply make supergroups.简单地制作超群。
So, let's say you have three groups, two of which you want to be allowed to connect:因此,假设您有三个组,其中两个您希望被允许连接:
[group1]
host1_1
host1_2
[group2]
host2_1
host2_2
[group3]
host3_1
host3_2
Now, you only want group1 and group3 hosts to be able to connect.现在,您只希望 group1 和 group3 主机能够连接。 Add a supergroup:添加超组:
[ufw_allow_groups]
[ufw_allow_groups:children]
group1
group3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.