Ansible - 创建 Splunk 索引，同时跳过现有索引

Question

我目前正在尝试创建一个脚本来根据 2 个变量生成索引名称：一个基于我运行剧本时摄取的名称的前缀（entity_name / group_name 等），以及剧本中定义的后缀列表（我的数据源想要监控；IPS、WAF、防火墙等）。

我想写入 index.conf 文件并填写索引名称和文件路径。 我面临的问题是检查索引是否已经存在（例如，entity_name_waf 存在）并跳过索引，同时为当前不存在的索引添加行（例如，entity_name_ips 将被创建，因为它不存在） .

我的主要问题是将现有条目与我尝试添加的条目进行比较。 我曾尝试使用 match() function 检查变量是否存在，但它不允许我使用并导致“变量未定义”错误。

我期望的是：

索引.conf：

[AAA_1]
homePath = $SPLUNK_DB/AAA_1/db
coldPath = $SPLUNK_DB/AAA_1/colddb
thawedPath = $SPLUNK_DB/AAA_1/thaweddb
repFactor = auto
[AAA_2]
homePath = $SPLUNK_DB/AAA_2/db
coldPath = $SPLUNK_DB/AAA_2/colddb
thawedPath = $SPLUNK_DB/AAA_2/thaweddb
repFactor = auto
[AAA_3]
homePath = $SPLUNK_DB/AAA_3/db
coldPath = $SPLUNK_DB/AAA_3/colddb
thawedPath = $SPLUNK_DB/AAA_3/thaweddb
repFactor = auto

使用 AAA 作为输入运行剧本：

'debug: AAA_1 already exists. skipping.' 'debug: AAA_2 already exists. skipping.' 'debug: AAA_3 already exists. skipping.' 'debug: creating AAA_4...' 'debug: creating AAA_5...' . . .

结果 index.conf：

[AAA_1]
homePath = $SPLUNK_DB/AAA_1/db
coldPath = $SPLUNK_DB/AAA_1/colddb
thawedPath = $SPLUNK_DB/AAA_1/thaweddb
repFactor = auto
[AAA_2]
homePath = $SPLUNK_DB/AAA_2/db
coldPath = $SPLUNK_DB/AAA_2/colddb
thawedPath = $SPLUNK_DB/AAA_2/thaweddb
repFactor = auto
[AAA_3]
homePath = $SPLUNK_DB/AAA_3/db
coldPath = $SPLUNK_DB/AAA_3/colddb
thawedPath = $SPLUNK_DB/AAA_3/thawddb
repFactor = auto
[AAA_4]
homePath = $SPLUNK_DB/AAA_4/db
coldPath = $SPLUNK_DB/AAA_4/colddb
thawedPath = $SPLUNK_DB/AAA_4/thaweddb
repFactor = auto
[AAA_5]
homePath = $SPLUNK_DB/AAA_5/db
coldPath = $SPLUNK_DB/AAA_5/colddb
thawedPath = $SPLUNK_DB/AAA_5/thaweddb
repFactor = auto

编辑：

关于前缀变量，我在运行剧本时定义了它（这是术语吗？）。 例如， ansible-playbook test_playbook -e '{"prefix":"entity_name"}'

至于后缀，我在运行任何任务之前将其定义为列表。

suffix: 
   - suffix_1 
   - suffix_2 
   - suffix_3 

然后我读取 index.conf 文件并注册它shell: cat /home/splunk/index.conf register: index_file

这是我认为我遇到第一个问题的地方。 我需要将前缀和后缀组合成一个变量，并在剧本的 rest 中使用它，但如果我在一个任务中定义它，它在下一个任务中再次变为未定义。

- name: generate combined list
  index_name: "{{ prefix }}_{{ item }}"
  loop: "{{ suffix }}"

Answer 1

首先创建一个包含前缀和后缀的列表。 来自 Doug How to concatenate with a string each element of a list in ansible 的一个很好的例子：

    - name: generate combined list
      set_fact: 
        combined_prefix_suffix: "{{ [prefix] | product(suffix) | map('join') | list }}"

这给出：

    Combined_prefix_suffix: [
        "AAA_1",
        "AAA_2",
        "AAA_3"
    ]
}

使用 blockinfile 模块将块文本与标记一起插入到 append 个新块文本中，并避免覆盖。

    - name: Add block text 
      blockinfile:
        path: index.conf
        block: |
          [{{ item }}]
          homePath = $SPLUNK_DB/{{ item }}/db
          coldPath = $SPLUNK_DB/{{ item }}/colddb
          thawedPath = $SPLUNK_DB/{{ item }}/thaweddb
          repFactor = auto
        marker: "## {mark} added by ansible {{ item }}"
      register: output
      loop: "{{ combined_prefix_suffix }}"

使用以下 vars 给出：

  vars:
    suffix:
      - _1
      - _2
      - _3
      # - _4
      # - _5

## BEGIN added by ansible AAA_1
[AAA_1]
homePath = $SPLUNK_DB/AAA_1/db
coldPath = $SPLUNK_DB/AAA_1/colddb
thawedPath = $SPLUNK_DB/AAA_1/thaweddb
repFactor = auto
## END added by ansible AAA_1
## BEGIN added by ansible AAA_2
[AAA_2]
homePath = $SPLUNK_DB/AAA_2/db
coldPath = $SPLUNK_DB/AAA_2/colddb
thawedPath = $SPLUNK_DB/AAA_2/thaweddb
repFactor = auto
## END added by ansible AAA_2
## BEGIN added by ansible AAA_3
[AAA_3]
homePath = $SPLUNK_DB/AAA_3/db
coldPath = $SPLUNK_DB/AAA_3/colddb
thawedPath = $SPLUNK_DB/AAA_3/thaweddb
repFactor = auto
## END added by ansible AAA_3

使用下面的 var 给出：

  vars:
    suffix:
      - _1
      - _2
      - _3
      - _4
      - _5

## BEGIN added by ansible AAA_1
[AAA_1]
homePath = $SPLUNK_DB/AAA_1/db
coldPath = $SPLUNK_DB/AAA_1/colddb
thawedPath = $SPLUNK_DB/AAA_1/thaweddb
repFactor = auto
## END added by ansible AAA_1
## BEGIN added by ansible AAA_2
[AAA_2]
homePath = $SPLUNK_DB/AAA_2/db
coldPath = $SPLUNK_DB/AAA_2/colddb
thawedPath = $SPLUNK_DB/AAA_2/thaweddb
repFactor = auto
## END added by ansible AAA_2
## BEGIN added by ansible AAA_3
[AAA_3]
homePath = $SPLUNK_DB/AAA_3/db
coldPath = $SPLUNK_DB/AAA_3/colddb
thawedPath = $SPLUNK_DB/AAA_3/thaweddb
repFactor = auto
## END added by ansible AAA_3
## BEGIN added by ansible AAA_4
[AAA_4]
homePath = $SPLUNK_DB/AAA_4/db
coldPath = $SPLUNK_DB/AAA_4/colddb
thawedPath = $SPLUNK_DB/AAA_4/thaweddb
repFactor = auto
## END added by ansible AAA_4
## BEGIN added by ansible AAA_5
[AAA_5]
homePath = $SPLUNK_DB/AAA_5/db
coldPath = $SPLUNK_DB/AAA_5/colddb
thawedPath = $SPLUNK_DB/AAA_5/thaweddb
repFactor = auto
## END added by ansible AAA_5

用于测试的剧本示例：

- hosts: localhost
  vars:
    suffix:
      - _1
      - _2
      - _3
      # - _4
      # - _5
  tasks:
    - name: generate combined list
      set_fact: 
        combined_prefix_suffix: "{{ [prefix] | product(suffix) | map('join') | list }}"
    
    - debug: 
        msg: "{{ combined_prefix_suffix }}"
    
    - name: Add block text 
      blockinfile:
        path: WAF/index.conf
        block: |
          [{{ item }}]
          homePath = $SPLUNK_DB/{{ item }}/db
          coldPath = $SPLUNK_DB/{{ item }}/colddb
          thawedPath = $SPLUNK_DB/{{ item }}/thaweddb
          repFactor = auto
        marker: "## {mark} added by ansible {{ item }}"
        
      register: output
      loop: "{{ combined_prefix_suffix }}"

我希望这有帮助。