如何在 ansible 任务中创建条件列表
[英]how to create conditional list in ansible task
问题描述
如果可能的话,我想将下面的两个任务组合成一个任务。 只有在定义item.0.sans时,有没有办法在subject_alt_name (第二个任务)下添加最后两个列表项,而不是使用when条件? 这两个任务在其他方面是相同的。
我确实为这些行尝试了一些额外的过滤器来默认/省略它们,但后来我得到了无法解析列表的错误。 我还探索了内联模板的可能性,但我不知道在这种情况下是否支持。 模板解决方案对我来说似乎很理想......我认为该技术在许多其他场景中可能很有用。
完整的剧本很短,所以如果它对额外的上下文有帮助,我可以发布。
- name: generate endpoint CSR - no custom sans
when: item.0.sans is undefined
community.crypto.openssl_csr:
common_name: "{{item.0.name}}.{{item.1}}"
path: "{{endpoint_artifact_dir}}/{{item.1}}//CSRs/{{item.0.name}}.{{item.1}}.pem"
privatekey_path: "{{endpoint_artifact_dir}}/{{item.1}}/keys/{{item.0.name}}.{{item.1}}.pem"
subject_alt_name:
- "DNS:{{item.0.name}}.{{item.1}}"
- "DNS:{{item.0.name}}"
- "IP:127.0.0.1"
with_nested:
- "{{endpoints}}"
- "{{domains}}"
- name: generate endpoint CSR - with custom sans
when: item.0.sans is defined
community.crypto.openssl_csr:
common_name: "{{item.0.name}}.{{item.1}}"
path: "{{endpoint_artifact_dir}}/{{item.1}}/CSRs/{{item.0.name}}.{{item.1}}.pem"
privatekey_path: "{{endpoint_artifact_dir}}/{{item.1}}/keys/{{item.0.name}}.{{item.1}}.pem"
subject_alt_name:
- "DNS:{{item.0.name}}.{{item.1}}"
- "DNS:{{item.0.name}}"
- "IP:127.0.0.1"
- "{{ item.0.sans | join(',') | replace(',', '.' + item.1 + ', ') + '.' + item.1 }}"
- "{{ item.0.sans | join(',') }}"
with_nested:
- "{{endpoints}}"
- "{{domains}}"
1 个解决方案
解决方案1
0 2022-01-15 16:21:39
使用三元过滤器。 例如,给定数据
endpoints1:
- {name: srv1, sans: [alt1, alt2]}
- {name: srv2, sans: [alt1, alt2]}
endpoints2:
- {name: srv1}
- {name: srv2}
domains:
- exampleA.com
- exampleB.com
下面的任务
- debug:
msg: |-
subject_alt_name:
{{ _san|to_nice_yaml|indent(2) }}
with_nested:
- "{{ endpoints1 }}"
- "{{ domains }}"
vars:
_san1:
- "DNS:{{ item.0.name }}.{{ item.1 }}"
- "DNS:{{ item.0.name }}"
- "IP:127.0.0.1"
_sans: "{{ item.0.sans|default([]) }}"
_san2:
- "{{ _sans|join(',')|replace(',', '.' + item.1 + ', ') + '.' + item.1 }}"
- "{{ _sans|join(', ') }}"
_san: "{{ (_sans|length > 0)|ternary( _san1 + _san2, _san1) }}"
给
msg: |-
subject_alt_name:
- DNS:srv1.exampleA.com
- DNS:srv1
- IP:127.0.0.1
- alt1.exampleA.com, alt2.exampleA.com
- alt1, alt2
msg: |-
subject_alt_name:
- DNS:srv1.exampleB.com
- DNS:srv1
- IP:127.0.0.1
- alt1.exampleB.com, alt2.exampleB.com
- alt1, alt2
msg: |-
subject_alt_name:
- DNS:srv2.exampleA.com
- DNS:srv2
- IP:127.0.0.1
- alt1.exampleA.com, alt2.exampleA.com
- alt1, alt2
msg: |-
subject_alt_name:
- DNS:srv2.exampleB.com
- DNS:srv2
- IP:127.0.0.1
- alt1.exampleB.com, alt2.exampleB.com
- alt1, alt2
与列表端点2相同的任务
with_nested:
- "{{ endpoints2 }}"
- "{{ domains }}"
将省略属性sans
msg: |-
subject_alt_name:
- DNS:srv1.exampleA.com
- DNS:srv1
- IP:127.0.0.1
msg: |-
subject_alt_name:
- DNS:srv1.exampleB.com
- DNS:srv1
- IP:127.0.0.1
msg: |-
subject_alt_name:
- DNS:srv2.exampleA.com
- DNS:srv2
- IP:127.0.0.1
msg: |-
subject_alt_name:
- DNS:srv2.exampleB.com
- DNS:srv2
- IP:127.0.0.1
笔记
- 或者,使用product和map创建主机,例如
_san2: - "{{ _sans|product([item.1])|map('join', '.')|join(', ') }}" - "{{ _sans|join(', ') }}"- 会是
- debug: msg: |- subject_alt_name: {{ _san|to_nice_yaml|indent(2) }} loop: "{{ endpoints }}" vars: _san1: - "A: {{ item.name }}" - "B: {{ item.name }}" _san2: - "C: {{ item.sans|default('') }}" _san: "{{ (item.sans|default('')|length > 0)| ternary( _san1 + _san2, _san1) }}"给
msg: |- subject_alt_name: - 'A: srv1' - 'B: srv1' - 'C: alt1' msg: |- subject_alt_name: - 'A: srv2' - 'B: srv2'
如何基于网络(子网)成员资格在Ansible中创建条件副本
[英]How to create conditional copy in Ansible based on network (subnet) membership
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.